Integer-overflow in CJBig2_TRDProc::decode_Huffman |
|||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6697777370497024 Fuzzer: libFuzzer_pdf_codec_jbig2_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CJBig2_TRDProc::decode_Huffman CJBig2_SDDProc::decode_Huffman CJBig2_Context::parseSymbolDict Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=437955:438050 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6697777370497024 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 6 2017
Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/8d5d00b7270c198f9bfafcbd764ba0eff70fd5b1 (Fix JBig2 decoding logic). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Nov 6 2017
+npm who has been fixing integer overflows in this file.
,
Nov 6 2017
Ok, more safe ints it is.
,
Nov 7 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/a9fee44bc9f6fb09cdd2585a5649ecf2ad03ecdd commit a9fee44bc9f6fb09cdd2585a5649ecf2ad03ecdd Author: Nicolas Pena <npm@chromium.org> Date: Tue Nov 07 14:08:29 2017 More FX_SAFE_INT32 in CJBig2_TRDProc Bug: chromium:781780 Change-Id: Ie92d8b570c37e9b3364d1ff4502f444a275ee6c2 Reviewed-on: https://pdfium-review.googlesource.com/17910 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> [modify] https://crrev.com/a9fee44bc9f6fb09cdd2585a5649ecf2ad03ecdd/core/fxcodec/jbig2/JBig2_TrdProc.cpp
,
Nov 7 2017
,
Nov 7 2017
,
Nov 7 2017
,
Nov 7 2017
,
Nov 8 2017
ClusterFuzz has detected this issue as fixed in range 514485:514505. Detailed report: https://clusterfuzz.com/testcase?key=6697777370497024 Fuzzer: libFuzzer_pdf_codec_jbig2_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CJBig2_TRDProc::decode_Huffman CJBig2_SDDProc::decode_Huffman CJBig2_Context::parseSymbolDict Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=437955:438050 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=514485:514505 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6697777370497024 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 8 2017
ClusterFuzz testcase 6697777370497024 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by ClusterFuzz
, Nov 6 2017Labels: Test-Predator-AutoComponents