ASSERT: m_pExpression |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5072556546326528 Fuzzer: libFuzzer_pdf_formcalc_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: m_pExpression CXFA_FMIfExpression::CXFA_FMIfExpression pdfium::internal::MakeUniqueResult<CXFA_FMIfExpression>::Scalar pdfium::MakeUniq Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=538350:538359 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5072556546326528 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Mar 7 2018
Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/aa2aff78e082f14e4bc418f68b27817f90e3f07a ([formcalc] Cleanup if expression parsing.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Mar 7 2018
,
Mar 7 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/749b609d11e855edf0aefdacbe4f81bb73d8d0d0 commit 749b609d11e855edf0aefdacbe4f81bb73d8d0d0 Author: Dan Sinclair <dsinclair@chromium.org> Date: Wed Mar 07 18:48:37 2018 [formcalc] Handle bad elseif conditionals This Cl adds checking for the conditionals of if and elseif expressions. If the conditional fails to parse we should return nullptr. This already happens by accident in the if() case, but with elseif() conditions we'll fail the ASSERT in the CXFA_FMIfExpression constructor and crash. This CL explicitly checks for the expressions and early exists if they failed to parse. Bug: chromium:819509 Change-Id: I9a90182c7709c8c4c0d3ae17d6be67cb668c0c6a Reviewed-on: https://pdfium-review.googlesource.com/28131 Commit-Queue: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org> [modify] https://crrev.com/749b609d11e855edf0aefdacbe4f81bb73d8d0d0/xfa/fxfa/fm2js/cxfa_fmparser_unittest.cpp [modify] https://crrev.com/749b609d11e855edf0aefdacbe4f81bb73d8d0d0/xfa/fxfa/fm2js/cxfa_fmparser.cpp
,
Mar 7 2018
,
Mar 7 2018
,
Mar 8 2018
ClusterFuzz testcase 4517596842688512 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Mar 8 2018
ClusterFuzz has detected this issue as fixed in range 541534:541552. Detailed report: https://clusterfuzz.com/testcase?key=5072556546326528 Fuzzer: libFuzzer_pdf_formcalc_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: m_pExpression CXFA_FMIfExpression::CXFA_FMIfExpression pdfium::internal::MakeUniqueResult<CXFA_FMIfExpression>::Scalar pdfium::MakeUniq Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=538350:538359 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=541534:541552 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5072556546326528 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 8 2018
Issue 819995 has been merged into this issue.
,
Mar 8 2018
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Mar 7 2018Labels: Test-Predator-Auto-Components