Indirect-leak in CXFA_Node::CreateXMLMappingNode |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4968420517609472 Fuzzer: libFuzzer_pdfium_xfa_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Indirect-leak Crash Address: Crash State: CXFA_Node::CreateXMLMappingNode MaybeCreateDataNode UpdateBindingRelations Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=459132:459191 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4968420517609472 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Feb 1 2018
Automatically adding ccs based on suspected regression changelists: Add XFA pdfium fuzzer by dsinclair@chromium.org - https://chromium.googlesource.com/chromium/src/+/034ca9381180401b9b25eac088babf7fdae847d8 Cleanup some xfa/fxfa code. by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/80c487809858b74783a00e05cc8164edf4b1307c If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Feb 1 2018
,
Feb 1 2018
,
Feb 6 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/6556be05e041e97b29eae8166c60eb83af7f5bd2 commit 6556be05e041e97b29eae8166c60eb83af7f5bd2 Author: Dan Sinclair <dsinclair@chromium.org> Date: Tue Feb 06 18:31:48 2018 Make the CXFA_Node parent pointer Unowned This CL converts the CXFA_Node parent pointer to be an Unowned pointer instead of a raw pointer. Bug: chromium:807863 Change-Id: I266c9216cfe8153e234bf66b88fbac6c8d96ebb4 Reviewed-on: https://pdfium-review.googlesource.com/25650 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> [modify] https://crrev.com/6556be05e041e97b29eae8166c60eb83af7f5bd2/xfa/fxfa/parser/cxfa_node.cpp [modify] https://crrev.com/6556be05e041e97b29eae8166c60eb83af7f5bd2/xfa/fxfa/parser/cxfa_node.h
,
Feb 7 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/c0c32b0a3af11624a1f3eaeb9d940d525b54cd4d commit c0c32b0a3af11624a1f3eaeb9d940d525b54cd4d Author: Dan Sinclair <dsinclair@chromium.org> Date: Wed Feb 07 17:10:22 2018 Remove unused return values from CXFA_Node This CL removes the unused return values from InsertChild and RemoveChild methods in CXFA_Node. Bug: chromium:807863 Change-Id: Iac468afc5c48f51e7df3ea12d11b128a0ac124ea Reviewed-on: https://pdfium-review.googlesource.com/25670 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org> [modify] https://crrev.com/c0c32b0a3af11624a1f3eaeb9d940d525b54cd4d/xfa/fxfa/parser/cxfa_attachnodelist.cpp [modify] https://crrev.com/c0c32b0a3af11624a1f3eaeb9d940d525b54cd4d/xfa/fxfa/parser/cxfa_attachnodelist.h [modify] https://crrev.com/c0c32b0a3af11624a1f3eaeb9d940d525b54cd4d/xfa/fxfa/parser/cxfa_node.h [modify] https://crrev.com/c0c32b0a3af11624a1f3eaeb9d940d525b54cd4d/xfa/fxfa/parser/cxfa_arraynodelist.h [modify] https://crrev.com/c0c32b0a3af11624a1f3eaeb9d940d525b54cd4d/xfa/fxfa/parser/cxfa_arraynodelist.cpp [modify] https://crrev.com/c0c32b0a3af11624a1f3eaeb9d940d525b54cd4d/xfa/fxfa/parser/cxfa_list.h [modify] https://crrev.com/c0c32b0a3af11624a1f3eaeb9d940d525b54cd4d/xfa/fxfa/parser/cxfa_node.cpp
,
Feb 14 2018
This should be fixed with https://pdfium-review.googlesource.com/c/pdfium/+/26790
,
Feb 14 2018
,
Feb 14 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/7c04794d145d9d5c679dcd33d0ebcef662dcc909 commit 7c04794d145d9d5c679dcd33d0ebcef662dcc909 Author: Dan Sinclair <dsinclair@chromium.org> Date: Wed Feb 14 16:22:29 2018 Set node to owning element When the document creates anew data root element it assigns it into the CXFA_Node but fails to set that node as owing the XML node. The XML node is never inserted into another XML tree so it ends up being leaked. This CL sets the CXFA_Node to own the XML data tree node so it will be cleaned up properly. Bug: chromium:807863 Change-Id: I72a1b8f7b1f1a50bf7139d8bd0ecc8e504ccfc91 Reviewed-on: https://pdfium-review.googlesource.com/26790 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> [modify] https://crrev.com/7c04794d145d9d5c679dcd33d0ebcef662dcc909/xfa/fxfa/parser/xfa_document_datamerger_imp.cpp
,
Feb 15 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Feb 1 2018Labels: Test-Predator-Auto-Components