Stack-overflow in CFX_XMLElement::~CFX_XMLElement |
||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5896257636925440 Fuzzer: libFuzzer_pdf_xml_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffe31ff8fe8 Crash State: CFX_XMLElement::~CFX_XMLElement CFX_XMLNode::DeleteChildren Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=508791:508824 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5896257636925440 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jan 4 2018
Predator and CL could not provide any possible suspects. Using Code Search for the file, "cfx_xmlnode.cpp" assigning to the concern owner who might be related. Suspect CL: https://pdfium.googlesource.com/pdfium.git/+/a94566f3833b885019bbea76d3261a3050b5ed04 dsinclair@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Jan 4 2018
Issue 798882 has been merged into this issue.
,
Jan 5 2018
,
Jan 6 2018
ClusterFuzz testcase 4607279835119616 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jan 10 2018
,
Jan 13 2018
ClusterFuzz testcase 5896257636925440 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
Jan 17 2018
Not sure why cluserfuzz closed and then said it was still repro-ing ... This is XFA and is not enabled on any branch of Chrome.
,
Jan 18 2018
,
Jan 18 2018
This no longer reproduces for me @ HEAD. Given there is significant work going on with the related widget/node code, it is reasonable that this was fixed as part of another CL. I set a redo task on this to confirm it is fixed.
,
Jan 24 2018
This actually repros @ HEAD. The reproduction tool was pulling the wrong test case file.
,
Mar 12 2018
I continue to not be able to repro, but apparently we are seeing the issue on CF. Sending over to Dan to look at, since the suspect CLs are his.
,
Apr 6 2018
ClusterFuzz has detected this issue as fixed in range 548157:548177. Detailed report: https://clusterfuzz.com/testcase?key=5896257636925440 Fuzzer: libFuzzer_pdf_xml_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffe31ff8fe8 Crash State: CFX_XMLElement::~CFX_XMLElement CFX_XMLNode::DeleteChildren Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=508791:508824 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=548157:548177 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5896257636925440 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 3 2018
|
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ClusterFuzz
, Jan 3 2018Labels: Test-Predator-Auto-Components