Null-dereference READ in CFGAS_FontMgr::GetFontByCodePage |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4587451323252736 Fuzzer: libFuzzer_pdfium_xfa_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000088 Crash State: CFGAS_FontMgr::GetFontByCodePage CXFA_FWLTheme::CXFA_FWLTheme pdfium::internal::MakeUniqueResult<CXFA_FWLTheme>::Scalar pdfium::MakeUnique<CXF Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=459132:459191 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4587451323252736 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Apr 22 2018
Automatically adding ccs based on suspected regression changelists: Cleanup DocType defines by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/cdba747a53082a7f36534dffa6a3ad01628e53c3 Remove unused XFA_VALIDATE code by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/1bbedec89cc59df3e305dc25082d9699237d70ab Cleanup some xfa/fxfa code. by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/80c487809858b74783a00e05cc8164edf4b1307c If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Apr 24 2018
,
Apr 25 2018
,
Apr 25 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/eb3ec8f29846a5df67269a53ca94d1d740c84513 commit eb3ec8f29846a5df67269a53ca94d1d740c84513 Author: Ryan Harrison <rharrison@chromium.org> Date: Wed Apr 25 18:49:21 2018 Allow failing to build CFXA_FWLTheme if unable to load fonts The current implementation of this class potentially does a lot of work in the constructor. Specifically when getting a calendar font it might cause the whole font loading pipeline to run. This can fail if it is unable to load fonts. Breaking out the font loading part, so that the factory method can return nullptr if it fails. Additionally adding a guard for the case the font manager fails to load, which is the root cause of the crash in the bug. BUG= chromium:835608 Change-Id: I05b987aaad6f0814907066904331610a7fbb7f70 Reviewed-on: https://pdfium-review.googlesource.com/31330 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> [modify] https://crrev.com/eb3ec8f29846a5df67269a53ca94d1d740c84513/xfa/fxfa/cxfa_ffapp.cpp [modify] https://crrev.com/eb3ec8f29846a5df67269a53ca94d1d740c84513/xfa/fxfa/cxfa_fwltheme.cpp [modify] https://crrev.com/eb3ec8f29846a5df67269a53ca94d1d740c84513/xfa/fxfa/cxfa_fwltheme.h
,
Apr 25 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d3394e242567301076002e9f38c4b19f89b912d2 commit d3394e242567301076002e9f38c4b19f89b912d2 Author: pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Wed Apr 25 21:28:45 2018 Roll src/third_party/pdfium/ d9da586dd..7132ee359 (9 commits) https://pdfium.googlesource.com/pdfium.git/+log/d9da586dd3db..7132ee35925f $ git log d9da586dd..7132ee359 --date=short --no-merges --format='%ad %ae %s' 2018-04-25 thestig Clean up CCodec_FlateScanlineDecoder. 2018-04-25 tsepez Introduce ScopedFPDF types in public/cpp/fpdf_scopers.h 2018-04-25 rharrison Allow failing to build CFXA_FWLTheme if unable to load fonts 2018-04-25 thestig Remove unused PNGEncode() code. 2018-04-25 thestig Roll third_party/googletest/src/ a325ad2db..4bd8c4638 (125 commits) 2018-04-25 thestig Use WindowsPrintMode in more places in place of ints. 2018-04-25 hnakashima Fix behavior of Delete key in XFA edit. 2018-04-25 tsepez Fix slight type inconsistencies discovered with strict FPDF API types. 2018-04-25 thestig Remove CDWriteExt. Created with: roll-dep src/third_party/pdfium BUG= chromium:835608 , chromium:820104 The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. TBR=dsinclair@chromium.org Change-Id: Ib3baadc56b41581755208c483b861b5587ef7953 Reviewed-on: https://chromium-review.googlesource.com/1028661 Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#553756} [modify] https://crrev.com/d3394e242567301076002e9f38c4b19f89b912d2/DEPS
,
Apr 25 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/36a8c861ea7a77ceb018ea4a494ae497d39437e5 commit 36a8c861ea7a77ceb018ea4a494ae497d39437e5 Author: Ryan Harrison <rharrison@chromium.org> Date: Wed Apr 25 21:52:04 2018 Use local for return value in factory method Follow requested in review after submit. BUG= chromium:835608 Change-Id: I958a35f1cdaadbdb21e7c86b8c5b297ef01a2503 Reviewed-on: https://pdfium-review.googlesource.com/31316 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org> [modify] https://crrev.com/36a8c861ea7a77ceb018ea4a494ae497d39437e5/xfa/fxfa/cxfa_ffapp.cpp
,
Apr 26 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a480e6e3ceb63b791e0f377fb6a84f78bff285f1 commit a480e6e3ceb63b791e0f377fb6a84f78bff285f1 Author: pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Thu Apr 26 05:19:57 2018 Roll src/third_party/pdfium/ 7132ee359..9b8b217e6 (7 commits) https://pdfium.googlesource.com/pdfium.git/+log/7132ee35925f..9b8b217e6f8f $ git log 7132ee359..9b8b217e6 --date=short --no-merges --format='%ad %ae %s' 2018-04-25 tsepez Replace reinterpret_cast with static_cast where possible 2018-04-25 hnakashima Make XFA Caret become immediately visible when moved. 2018-04-25 rharrison Use local for return value in factory method 2018-04-25 rharrison Don't store CE (comment extension) block data when decoding GIF 2018-04-25 thestig Use a bool in FindBit() in the fax codec. 2018-04-25 thestig Add PostScript PASSTHROUGH options to FPDF_SetPrintMode(). 2018-04-25 thestig Use PredictorType in more places. Created with: roll-dep src/third_party/pdfium BUG= chromium:835608 , chromium:833168 The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. TBR=dsinclair@chromium.org Change-Id: Ib59b785d5d3425a110c42e7af4b7eb1533232813 Reviewed-on: https://chromium-review.googlesource.com/1029189 Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#553925} [modify] https://crrev.com/a480e6e3ceb63b791e0f377fb6a84f78bff285f1/DEPS
,
Apr 26 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Apr 22 2018Labels: Test-Predator-Auto-Components