New issue
Advanced search Search tips

Issue 808335 link

Starred by 1 user
Status: WontFix
Owner:
hnakashima@chromium.org
Closed: May 2018
Cc:
thestig@chromium.org
rharrison@chromium.org
ivancic@google.com
dsinclair@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Security



Sign in to add a comment

Crash in CFX_DIBitmap::~CFX_DIBitmap

Project Member Reported by ClusterFuzz, Feb 2 2018 
Detailed report: https://clusterfuzz.com/testcase?key=4823682938306560

Fuzzer: tokenfuzz_pdf_curated
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7efd7c6232fc
Crash State:
  CFX_DIBitmap::~CFX_DIBitmap
  FPDFBitmap_Destroy
  chrome_pdf::PDFiumEngine::PluginSizeUpdated
  
Sanitizer: thread (TSAN)

Recommended Security Severity: Low

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=533163:533165

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4823682938306560

Additional requirements: Requires Gestures

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Feb 2 2018

Components: Internals>Plugins>PDF
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by sheriffbot@chromium.org, Feb 2 2018

Labels: Pri-2

Comment 3 by hnakashima@chromium.org, Feb 2 2018

Owner: hnakashima@chromium.org
Status: Unconfirmed (was: Untriaged)

Comment 4 by hnakashima@chromium.org, Feb 2 2018

Status: Assigned (was: Unconfirmed)
This crash can be reproduced, but it's flaky and I've been getting it only ~25% of tries using the clusterfuzz tool.

Comment 5 by infe...@chromium.org, Feb 14 2018

Cc: thestig@chromium.org dsinclair@chromium.org rharrison@chromium.org
Labels: -Security_Severity-Low Security_Severity-Medium
Medium severity makes more sense here. Adding some more pdfium folks here.

Comment 6 by dsinclair@chromium.org, Feb 14 2018

Labels: -Security_Severity-Medium -Security_Impact-Head Security_Severity-Low Security_Impact-None
This is the Unowned ptr, low severity crash. It only happens on the SAN builds, and lets us know if there are lifetime issues.

Comment 7 by tsepez@chromium.org, Feb 14 2018 

See also https://pdfium-review.googlesource.com/c/pdfium/+/21770 , but all kidding aside, Dan you have my blessing to cobble up a CL that changes the name to ProbeForSecuritySeverityLowLifetimeIssue if you'd like.

Comment 8 by dsinclair@chromium.org, Feb 14 2018 

To be fair, this one is a bit weird in that it doesn't say ProbeForSeverityLowLifetimeIssue. You have to follow the clusterfuzz link to the unowned_ptr and see it's in that chunk of code.
Project Member

Comment 9 by ClusterFuzz, May 24 2018

Status: WontFix (was: Assigned)
ClusterFuzz testcase 4823682938306560 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 10 by sheriffbot@chromium.org, Aug 30

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment