Integer-overflow in CPDF_Type3Cache::RenderGlyph |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4770311866941440 Fuzzer: libFuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CPDF_Type3Cache::RenderGlyph CPDF_Type3Cache::LoadGlyph CPDF_RenderStatus::ProcessType3Text Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=479170:479259 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4770311866941440 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
May 23 2018
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
May 23 2018
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
May 23 2018
Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/957480c17682008ae2a14723868fcdcab89b6577 (Allow zero length streams when parsing.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
May 23 2018
,
May 30 2018
,
Jul 5
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/e3c4b205572eff5f12900f87d612f14a460e4997 commit e3c4b205572eff5f12900f87d612f14a460e4997 Author: Nicolas Pena <npm@chromium.org> Date: Thu Jul 05 19:14:29 2018 Fix integer overflow in CPDF_Type3Cache Bug: chromium:845800 Change-Id: Ib878dd991e435a76b63b662ef3d9d33c2cc61a19 Reviewed-on: https://pdfium-review.googlesource.com/37191 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org> [modify] https://crrev.com/e3c4b205572eff5f12900f87d612f14a460e4997/core/fpdfapi/render/cpdf_type3cache.cpp
,
Jul 5
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0324642586d9af6a48429e9d1fae3a56f75916b3 commit 0324642586d9af6a48429e9d1fae3a56f75916b3 Author: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Thu Jul 05 21:23:05 2018 Roll src/third_party/pdfium 6c4ca9f597ae..e3c4b205572e (3 commits) https://pdfium.googlesource.com/pdfium.git/+log/6c4ca9f597ae..e3c4b205572e git log 6c4ca9f597ae..e3c4b205572e --date=short --no-merges --format='%ad %ae %s' 2018-07-05 npm@chromium.org Fix integer overflow in CPDF_Type3Cache 2018-07-05 hnakashima@chromium.org Create content mark APIs to get values by key. 2018-07-05 hnakashima@chromium.org Rename CPDF_ContentMark::m_Ref to ::m_pMarkData. Created with: gclient setdep -r src/third_party/pdfium@e3c4b205572e The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. BUG= chromium:845800 TBR=dsinclair@chromium.org Change-Id: I58e7ba1990ee89a5395dee932b0797ee62f80807 Reviewed-on: https://chromium-review.googlesource.com/1127321 Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#572856} [modify] https://crrev.com/0324642586d9af6a48429e9d1fae3a56f75916b3/DEPS
,
Jul 7
ClusterFuzz testcase 4770311866941440 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by brajkumar@chromium.org
, May 23 2018