Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in FXSYS_round |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5038143980699648 Fuzzer: libFuzzer_pdfium_xfa_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: FXSYS_round CFX_Break::SetCharSpace CXFA_TextLayout::InitBreak Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=555504:555546 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5038143980699648 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jun 25 2018
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Jun 25 2018
,
Jun 25 2018
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 25 2018
XFA, not enabled in any branch of chrome.
,
Jun 25 2018
,
Jun 25 2018
Bisect says https://pdfium-review.googlesource.com/31313
,
Jun 25 2018
But it's an easy fix.
,
Jun 26 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/75ee53784b5e51583c6c994d6eeadb7d3ce4a1b9 commit 75ee53784b5e51583c6c994d6eeadb7d3ce4a1b9 Author: Lei Zhang <thestig@chromium.org> Date: Tue Jun 26 14:57:28 2018 Fix uninit value in CFX_CSSComputedStyle::InheritedData. BUG= chromium:856054 Change-Id: Ieacb7be324f290c91623ed1bd97744150fbfa6e7 Reviewed-on: https://pdfium-review.googlesource.com/36090 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> [modify] https://crrev.com/75ee53784b5e51583c6c994d6eeadb7d3ce4a1b9/core/fxcrt/css/cfx_css.h [modify] https://crrev.com/75ee53784b5e51583c6c994d6eeadb7d3ce4a1b9/core/fxcrt/css/cfx_csscomputedstyle.cpp
,
Jun 26 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d9e43024d5003b59e5617adac119298db8771e90 commit d9e43024d5003b59e5617adac119298db8771e90 Author: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Tue Jun 26 17:01:14 2018 Roll src/third_party/pdfium 76fb29d5ebae..75ee53784b5e (1 commits) https://pdfium.googlesource.com/pdfium.git/+log/76fb29d5ebae..75ee53784b5e git log 76fb29d5ebae..75ee53784b5e --date=short --no-merges --format='%ad %ae %s' 2018-06-26 thestig@chromium.org Fix uninit value in CFX_CSSComputedStyle::InheritedData. Created with: gclient setdep -r src/third_party/pdfium@75ee53784b5e The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. BUG= chromium:856054 TBR=dsinclair@chromium.org Change-Id: I79cdcb14b89ae3c436ab17d47e31d85e78c6be16 Reviewed-on: https://chromium-review.googlesource.com/1115059 Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#570431} [modify] https://crrev.com/d9e43024d5003b59e5617adac119298db8771e90/DEPS
,
Jun 26 2018
,
Jun 27 2018
,
Jun 30 2018
ClusterFuzz has detected this issue as fixed in range 570425:570437. Detailed report: https://clusterfuzz.com/testcase?key=5038143980699648 Fuzzer: libFuzzer_pdfium_xfa_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: FXSYS_round CFX_Break::SetCharSpace CXFA_TextLayout::InitBreak Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=555504:555546 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=570425:570437 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5038143980699648 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 30 2018
ClusterFuzz testcase 5038143980699648 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 3
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Jun 25 2018Labels: Test-Predator-Auto-Components