ASSERT: nBits > 0 |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4831669165752320 Fuzzer: libFuzzer_pdf_hint_table_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: nBits > 0 CFX_BitStream::GetBits CPDF_HintTables::ReadSharedObjHintTable Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=561408:561410 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4831669165752320 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
May 24 2018
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
May 24 2018
Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/105ea1c0f896a4a2718f1356cae0dce8c01859cc (Avoid repeated calculations in CFX_BitStream::GetBits().). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
May 24 2018
Issue 846351 has been merged into this issue.
,
May 24 2018
,
May 24 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/97db69faaeb4f8481f9d8824bff644509949cb0d commit 97db69faaeb4f8481f9d8824bff644509949cb0d Author: Lei Zhang <thestig@chromium.org> Date: Thu May 24 20:10:22 2018 CPDF_HintTables should not try to read 0 bits. CFX_BitStream::GetBits() got refactored recently, with an assert to not read 0 bits. A fuzzer then discovered code that is trying to do that. BUG= chromium:846394 Change-Id: Ib18b47200c82aab369109b5911540db724172690 Reviewed-on: https://pdfium-review.googlesource.com/32934 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> [modify] https://crrev.com/97db69faaeb4f8481f9d8824bff644509949cb0d/core/fpdfapi/parser/cpdf_hint_tables.cpp
,
May 24 2018
,
May 24 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/46b34b4cd20c0d25b3d69637d915608bcbad2892 commit 46b34b4cd20c0d25b3d69637d915608bcbad2892 Author: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Thu May 24 21:30:48 2018 Roll src/third_party/pdfium/ 5bf772bad..97db69faa (1 commit) https://pdfium.googlesource.com/pdfium.git/+log/5bf772bade61..97db69faaeb4 $ git log 5bf772bad..97db69faa --date=short --no-merges --format='%ad %ae %s' 2018-05-24 thestig CPDF_HintTables should not try to read 0 bits. Created with: roll-dep src/third_party/pdfium BUG= chromium:846394 The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. TBR=dsinclair@chromium.org Change-Id: Idef67cc9c19f519f36d8617c19c144253737f305 Reviewed-on: https://chromium-review.googlesource.com/1072493 Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#561638} [modify] https://crrev.com/46b34b4cd20c0d25b3d69637d915608bcbad2892/DEPS
,
May 25 2018
ClusterFuzz has detected this issue as fixed in range 561629:561646. Detailed report: https://clusterfuzz.com/testcase?key=4831669165752320 Fuzzer: libFuzzer_pdf_hint_table_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: nBits > 0 CFX_BitStream::GetBits CPDF_HintTables::ReadSharedObjHintTable Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=561408:561410 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=561629:561646 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4831669165752320 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 25 2018
ClusterFuzz testcase 4831669165752320 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, May 24 2018Labels: ClusterFuzz-Auto-CC