Null-dereference READ in CPDF_Image::CPDF_Image |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6001415168983040 Fuzzer: ifratric_acrojs Job Type: linux_ubsan_vptr_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: CPDF_Image::CPDF_Image CPDF_DocPageData::GetImage CPDF_Document::LoadImageFromPageData Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=571205:571206 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6001415168983040 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jun 29 2018
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
Jun 29 2018
Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/9bad23500e4aa1f167ae03b469c06b2f317e873a (Replace DCHECKs with ASSERTs.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jun 29 2018
Also due to https://pdfium.googlesource.com/pdfium/+/35ab1bd0328a244cc2f6dcde2822c8117738b01d
,
Jun 29 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/20c3677acc37c959034d6111c0cab2e681b13717 commit 20c3677acc37c959034d6111c0cab2e681b13717 Author: Lei Zhang <thestig@chromium.org> Date: Fri Jun 29 06:55:50 2018 Revert "Simplify CPDF_PageOrganizer::UpdateReference method." This reverts commit 35ab1bd0328a244cc2f6dcde2822c8117738b01d. Reason for revert: Causing crashes and bad flattening. BUG= chromium:858921 , chromium:858952 Original change's description: > Simplify CPDF_PageOrganizer::UpdateReference method. > > Change-Id: I52fe66472bdc2a61d7074f77627a3ee1d5646255 > Reviewed-on: https://pdfium-review.googlesource.com/35611 > Reviewed-by: dsinclair <dsinclair@chromium.org> > Commit-Queue: Art Snake <art-snake@yandex-team.ru> TBR=dsinclair@chromium.org,art-snake@yandex-team.ru Change-Id: I9a3635140867793e7109c15b64d66ec1d1a8b1f9 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://pdfium-review.googlesource.com/36550 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> [modify] https://crrev.com/20c3677acc37c959034d6111c0cab2e681b13717/fpdfsdk/fpdf_ppo.cpp
,
Jun 29 2018
,
Jun 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/263717da77837a30a6094b289d2aaaf5e3845f00 commit 263717da77837a30a6094b289d2aaaf5e3845f00 Author: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Fri Jun 29 09:14:24 2018 Roll src/third_party/pdfium 5fbb98122c59..20c3677acc37 (1 commits) https://pdfium.googlesource.com/pdfium.git/+log/5fbb98122c59..20c3677acc37 git log 5fbb98122c59..20c3677acc37 --date=short --no-merges --format='%ad %ae %s' 2018-06-29 thestig@chromium.org Revert "Simplify CPDF_PageOrganizer::UpdateReference method." Created with: gclient setdep -r src/third_party/pdfium@20c3677acc37 The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. BUG= chromium:858921 , chromium:858952 TBR=dsinclair@chromium.org Change-Id: Idb479ee7ece0b0393389cbc86fe1a187b091207e Reviewed-on: https://chromium-review.googlesource.com/1119710 Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#571433} [modify] https://crrev.com/263717da77837a30a6094b289d2aaaf5e3845f00/DEPS
,
Jun 29 2018
,
Jun 30 2018
ClusterFuzz has detected this issue as fixed in range 571432:571433. Detailed report: https://clusterfuzz.com/testcase?key=6001415168983040 Fuzzer: ifratric_acrojs Job Type: linux_ubsan_vptr_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: CPDF_Image::CPDF_Image CPDF_DocPageData::GetImage CPDF_Document::LoadImageFromPageData Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=571205:571206 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=571432:571433 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6001415168983040 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 30 2018
ClusterFuzz testcase 6001415168983040 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Jun 29 2018