Stack-overflow in CXFA_FMDotAccessorExpression::~CXFA_FMDotAccessorExpression |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6184893483319296 Fuzzer: libFuzzer_pdf_formcalc_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffdf7a9ffe0 Crash State: CXFA_FMDotAccessorExpression::~CXFA_FMDotAccessorExpression Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=537681:537682 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6184893483319296 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Mar 10 2018
Automatically adding ccs based on suspected regression changelists: Merge FormCalc to JavaScript methods by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/6a5b1c96e23bd684d9fec2c59e0d4bc5d883650c Cleanup JS generation in formcalc. by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/d276a52cd5061e0d4ee4aa79b8e89bbeb0a89da3 Cleanup FormCalc inheritance by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/43e0be7b93c24d6a37aa3a0dca1f8c89dc78b165 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Mar 12 2018
,
Mar 12 2018
,
Mar 27 2018
,
Mar 27 2018
,
Mar 28 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/8eac5ad73918818569859cd0453a1d5a44a1f81b commit 8eac5ad73918818569859cd0453a1d5a44a1f81b Author: Dan Sinclair <dsinclair@chromium.org> Date: Wed Mar 28 13:20:09 2018 Smaller post expression set This CL decreases the kMaxPostExpressions to 256. This is the number of accessors you can attach to a single statement (e.g. foo.#A.#A.#A). Having a very large number can cause stack overflows. The accessor does not seem like it would expect hundreds of entries on a single element. Bug: chromium:820688 Change-Id: I19966b43c96f5d1d02a79af127a0c96609420811 Reviewed-on: https://pdfium-review.googlesource.com/29330 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> [modify] https://crrev.com/8eac5ad73918818569859cd0453a1d5a44a1f81b/xfa/fxfa/fm2js/cxfa_fmparser.cpp
,
Mar 28 2018
,
Mar 28 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/21c6f02e4bfbc18082964e418ed3a09a17498d5f commit 21c6f02e4bfbc18082964e418ed3a09a17498d5f Author: pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Wed Mar 28 16:26:39 2018 Roll src/third_party/pdfium/ e6ce3428f..8eac5ad73 (1 commit) https://pdfium.googlesource.com/pdfium.git/+log/e6ce3428fce8..8eac5ad73918 $ git log e6ce3428f..8eac5ad73 --date=short --no-merges --format='%ad %ae %s' 2018-03-28 dsinclair Smaller post expression set Created with: roll-dep src/third_party/pdfium BUG= chromium:820688 The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. TBR=dsinclair@chromium.org Change-Id: I2f8d83625435f395ac3a704d545657cc1a7eca87 Reviewed-on: https://chromium-review.googlesource.com/983872 Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#546516} [modify] https://crrev.com/21c6f02e4bfbc18082964e418ed3a09a17498d5f/DEPS
,
Mar 29 2018
ClusterFuzz has detected this issue as fixed in range 546504:546523. Detailed report: https://clusterfuzz.com/testcase?key=6184893483319296 Fuzzer: libFuzzer_pdf_formcalc_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffdf7a9ffe0 Crash State: CXFA_FMDotAccessorExpression::~CXFA_FMDotAccessorExpression Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=537681:537682 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=546504:546523 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6184893483319296 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 29 2018
ClusterFuzz testcase 6184893483319296 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Mar 10 2018Labels: Test-Predator-Auto-Components