New issue
Advanced search Search tips

Issue 844085 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jun 2018
Cc:
attek...@gmail.com
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Security



Sign in to add a comment

Use-of-uninitialized-value in gdk_pixbuf_new

Project Member Reported by ClusterFuzz, May 17 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5567140774805504

Fuzzer: attekett_surku_fuzzer
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  gdk_pixbuf_new
  _init
  png_push_read_chunk
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Low

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=399234:399406

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5567140774805504

Additional requirements: Requires Gestures

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, May 18 2018

Labels: Pri-2

Comment 2 by vakh@chromium.org, Jun 22 2018

Status: WontFix (was: Untriaged)
Nothing from Chrome on the stack trace. Closing.

==4857==WARNING: MemorySanitizer: use-of-uninitialized-value
 #0 0x7fc00354ed8b in gdk_pixbuf_new /tmp/tmprFDKqR/gdk-pixbuf-2.32.2/gdk-pixbuf/gdk-pixbuf.c:448:2
 #1 0x7fbfde94144d in _init
#2 0x7fbfff82b20c in png_push_have_info /tmp/tmpnvMYlo/libpng-1.2.54/pngpread.c:1187:7
 #3 0x7fbfff82b20c in png_push_read_chunk /tmp/tmpnvMYlo/libpng-1.2.54/pngpread.c:309
#4 0x7fbfff8283df in png_process_some_data /tmp/tmpnvMYlo/libpng-1.2.54/pngpread.c:64:10
#5 0x7fbfff8283df in png_process_data /tmp/tmpnvMYlo/libpng-1.2.54/pngpread.c:41
 #6 0x7fbfde940b98 in _init
#7 0x7fc00357257b in gdk_pixbuf_loader_load_module /tmp/tmprFDKqR/gdk-pixbuf-2.32.2/gdk-pixbuf/gdk-pixbuf-loader.c:443:16
#8 0x7fc003570c81 in gdk_pixbuf_loader_close /tmp/tmprFDKqR/gdk-pixbuf-2.32.2/gdk-pixbuf/gdk-pixbuf-loader.c:808:25
#9 0x7fc003565bd3 in load_from_stream /tmp/tmprFDKqR/gdk-pixbuf-2.32.2/gdk-pixbuf/gdk-pixbuf-io.c:1472:14
 #10 0x7fc00356660d in gdk_pixbuf_new_from_stream /tmp/tmprFDKqR/gdk-pixbuf-2.32.2/gdk-pixbuf/gdk-pixbuf-io.c:1658:18
#11 0x7fc0043aa2e1 in icon_info_ensure_scale_and_pixbuf /tmp/tmp7bT6Nn/gtk+3.0-3.18.9/gtk/gtkicontheme.c:3914:29
#12 0x7fc0043a2e4b in gtk_icon_info_load_icon /tmp/tmp7bT6Nn/gtk+3.0-3.18.9/gtk/gtkicontheme.c:4010:8
#13 0x7fc0043b15ea in gtk_icon_info_load_symbolic_for_context /tmp/tmp7bT6Nn/gtk+3.0-3.18.9/gtk/gtkicontheme.c:4716:12
#14 0x7fc0042d67d4 in get_surface_from_gicon /tmp/tmp7bT6Nn/gtk+3.0-3.18.9/gtk/gtkfilesystem.c:728:12
#15 0x7fc0042d76e5 in _gtk_file_info_render_icon_internal /tmp/tmp7bT6Nn/gtk+3.0-3.18.9/gtk/gtkfilesystem.c:870:12
#16 0x7fc0042b2692 in file_system_model_set /tmp/tmp7bT6Nn/gtk+3.0-3.18.9/gtk/gtkfilechooserwidget.c:4942:42
#17 0x7fc0042dcc04 in _gtk_file_system_model_get_value /tmp/tmp7bT6Nn/gtk+3.0-3.18.9/gtk/gtkfilesystemmodel.c:1730:12
Project Member

Comment 3 by sheriffbot@chromium.org, Jun 23 2018

Labels: -reward-topanel reward-ineligible
Project Member

Comment 4 by ClusterFuzz, Jun 29 2018

Labels: Needs-Feedback
ClusterFuzz testcase 5567140774805504 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
Project Member

Comment 5 by sheriffbot@chromium.org, Sep 29

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment