Indirect-leak in MakeUnique<CPDF_Page, |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6652661206876160 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Indirect-leak Crash Address: Crash State: MakeUnique<CPDF_Page, FPDFPage_New chrome_pdf::PDFiumEngine::AppendBlankPages Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=484368:484436 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6652661206876160 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Feb 1 2018
Automatically adding ccs based on suspected regression changelists: Converting CFX_ByteTextBuf to ostringstream in fpdfedittext.cpp. by hnakashima@chromium.org - https://pdfium.googlesource.com/pdfium/+/0ba3c6da16d4e90f0ad1fc9f326bf863860c0470 Allow EmbedderTest to test saving by npm@chromium.org - https://pdfium.googlesource.com/pdfium/+/3ff54008a163eea3158a7c107595daf79ccc7d44 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Feb 1 2018
Oh wow, pdfium_engine.cc does: FPDFPage_New(doc_, i, width_in_points, height_in_points); and then does not close the page (not even assigned to a variable). How is this an indirect leak instead of a direct leak?
,
Feb 1 2018
The doc has a reference to the page.
,
Feb 1 2018
No, it doesn't. The document owns the CPDF_Dictionary for the new page, but the CPDF_Page object is released in FPDFPage_New and must be closed using FPDF_ClosePage.
,
Feb 1 2018
Unable to reproduce this cleanly (I get a bunch of leaks but not the leak for this bug), so I'll just send out a CL that addresses the CPDF_Page leak and hope for the best.
,
Feb 1 2018
Wow, nice find by LSAN. This leak probably has existed for 7 years now. So not really P1.
,
Feb 2 2018
Original internal CL review for this code. FYI. https://goto.google.com/oknin
,
Feb 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f5c01eb7606597ac0a468e822eb6507dc514e8c6 commit f5c01eb7606597ac0a468e822eb6507dc514e8c6 Author: Nicolas Pena <npm@chromium.org> Date: Fri Feb 02 15:34:25 2018 Close a page after creating it FPDFPage_New creates a FPDF_PAGE object and adds a page to the FPDF_DOCUMENT. However, the FPDF_PAGE object needs to be deleted by calling FPDF_ClosePage. Bug: 807953 Change-Id: Ib0d7ca46979f855c38a03cf114c20505d825e620 Reviewed-on: https://chromium-review.googlesource.com/897930 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> Cr-Commit-Position: refs/heads/master@{#534057} [modify] https://crrev.com/f5c01eb7606597ac0a468e822eb6507dc514e8c6/pdf/pdfium/pdfium_engine.cc
,
Feb 2 2018
,
Feb 3 2018
ClusterFuzz has detected this issue as fixed in range 534055:534057. Detailed report: https://clusterfuzz.com/testcase?key=6652661206876160 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Indirect-leak Crash Address: Crash State: MakeUnique<CPDF_Page, FPDFPage_New chrome_pdf::PDFiumEngine::AppendBlankPages Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=484368:484436 Fixed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=534055:534057 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6652661206876160 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 3 2018
ClusterFuzz testcase 6652661206876160 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Feb 1 2018Labels: Test-Predator-Auto-Components