Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in CPDF_TextPage::IsHyphen |
||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4811040650166272 Fuzzer: libFuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x60c00000327c Crash State: CPDF_TextPage::IsHyphen CPDF_TextPage::ProcessInsertObject CPDF_TextPage::ProcessTextObject Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=514646:514696 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4811040650166272 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 8 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 8 2017
,
Nov 8 2017
,
Nov 8 2017
,
Nov 8 2017
,
Nov 8 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/9a93484a61fe0e9b8a4a4c664f596857eb78f819 commit 9a93484a61fe0e9b8a4a4c664f596857eb78f819 Author: Ryan Harrison <rharrison@chromium.org> Date: Wed Nov 08 16:02:00 2017 Make sure that iterator stays in bounds during IsHypen BUG= chromium:782596 ,chromium:781804 Change-Id: I020be3cf813221bb8314f045d83014a25cb9a950 Reviewed-on: https://pdfium-review.googlesource.com/18070 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> [modify] https://crrev.com/9a93484a61fe0e9b8a4a4c664f596857eb78f819/core/fpdftext/cpdf_textpage.cpp
,
Nov 8 2017
,
Nov 8 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/12754da944751917d6f98192554e6d0a67f629be commit 12754da944751917d6f98192554e6d0a67f629be Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Wed Nov 08 19:30:03 2017 Roll src/third_party/pdfium/ c064d54cd..7055dffad (4 commits) https://pdfium.googlesource.com/pdfium.git/+log/c064d54cd169..7055dffad92b $ git log c064d54cd..7055dffad --date=short --no-merges --format='%ad %ae %s' 2017-11-08 npm Prevent cyclic offset on CJBig2_Context 2017-11-08 dsinclair Fix XFA_SCRIPTATTRIBUTEINFO attribute type 2017-11-08 hnakashima Fix FPDF_SaveAsCopy for linearized PDFs. 2017-11-08 rharrison Make sure that iterator stays in bounds during IsHypen Created with: roll-dep src/third_party/pdfium BUG= 782596 ,781804 The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. TBR=dsinclair@chromium.org Change-Id: Ibc30f4901a01c7f19482b99fc163d42757bbe8c7 Reviewed-on: https://chromium-review.googlesource.com/758811 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#514905} [modify] https://crrev.com/12754da944751917d6f98192554e6d0a67f629be/DEPS
,
Nov 9 2017
ClusterFuzz has detected this issue as fixed in range 514879:514923. Detailed report: https://clusterfuzz.com/testcase?key=4811040650166272 Fuzzer: libFuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x60c00000327c Crash State: CPDF_TextPage::IsHyphen CPDF_TextPage::ProcessInsertObject CPDF_TextPage::ProcessTextObject Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=514646:514696 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=514879:514923 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4811040650166272 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 9 2017
ClusterFuzz testcase 4811040650166272 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 9 2017
,
Nov 10 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/ff2a52cab523bc9de526f97bc060300e55f4506b commit ff2a52cab523bc9de526f97bc060300e55f4506b Author: Ryan Harrison <rharrison@chromium.org> Date: Fri Nov 10 19:04:33 2017 [Merge M63] Make sure that iterator stays in bounds during IsHypen TBR=dsinclair@chromium.org BUG= chromium:782596 ,chromium:781804 Change-Id: I020be3cf813221bb8314f045d83014a25cb9a950 Reviewed-on: https://pdfium-review.googlesource.com/18070 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-on: https://pdfium-review.googlesource.com/18350 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org> [modify] https://crrev.com/ff2a52cab523bc9de526f97bc060300e55f4506b/core/fpdftext/cpdf_textpage.cpp
,
Feb 15 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 27 2018
,
Mar 31 2018
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Nov 8 2017