Abrt in RunLengthDecode |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5712029011410944 Fuzzer: ifratric_pdf_generic Job Type: mac_asan_chrome Platform Id: mac Crash Type: Abrt Crash Address: 0x7fff98e15f06 Crash State: RunLengthDecode CPDF_StreamParser::ReadInlineStream CPDF_StreamContentParser::Handle_BeginImage Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=587305:587317 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5712029011410944 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 2
Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/1934a24ffdd8cd27b67fda6dc81cd4420d024db0 (Use pdfium::span<> in fpdf_parser_decode.h helper functions.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Sep 4
,
Sep 5
ClusterFuzz has detected this issue as fixed in range 588692:588711. Detailed report: https://clusterfuzz.com/testcase?key=5712029011410944 Fuzzer: ifratric_pdf_generic Job Type: mac_asan_chrome Platform Id: mac Crash Type: Abrt Crash Address: 0x7fff98e15f06 Crash State: RunLengthDecode CPDF_StreamParser::ReadInlineStream CPDF_StreamContentParser::Handle_BeginImage Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=587305:587317 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=588692:588711 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5712029011410944 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 5
ClusterFuzz testcase 5712029011410944 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 5
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/69ee978e3646c36317f0b38ca39f1fa5be6a3477 commit 69ee978e3646c36317f0b38ca39f1fa5be6a3477 Author: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Tue Sep 04 23:51:47 2018 Roll src/third_party/pdfium a38996be8593..424621e3129f (6 commits) https://pdfium.googlesource.com/pdfium.git/+log/a38996be8593..424621e3129f git log a38996be8593..424621e3129f --date=short --no-merges --format='%ad %ae %s' 2018-09-04 thestig@chromium.org Revert "Update libpng from 1.6.22 -> 1.6.34" 2018-09-04 tsepez@chromium.org Consolidate some common code in ccoded_progressivedecoder. 2018-09-04 tsepez@chromium.org Fix some more span/memcpy interactions. 2018-09-04 tsepez@chromium.org Avoid CHECK in fpdf_parser_decode.cpp (memcpy empty span) 2018-09-04 rharrison@chromium.org Update libpng from 1.6.22 -> 1.6.34 2018-09-04 thestig@chromium.org Remove unneeded fpdf_parser_decode.h #includes. Created with: gclient setdep -r src/third_party/pdfium@424621e3129f The AutoRoll server is located here: https://autoroll.skia.org/r/pdfium-autoroll Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. BUG= chromium:880322 , chromium:879910 , chromium:880322 TBR=dsinclair@chromium.org Change-Id: Ic8ca7cd74d184268e659f7ba9bb048abba5705c7 Reviewed-on: https://chromium-review.googlesource.com/1205592 Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#588700} [modify] https://crrev.com/69ee978e3646c36317f0b38ca39f1fa5be6a3477/DEPS
,
Oct 1
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/13b08aa11de74120909b871b987d010f33cd0bc6 commit 13b08aa11de74120909b871b987d010f33cd0bc6 Author: Lei Zhang <thestig@chromium.org> Date: Mon Oct 01 17:47:52 2018 M70: Avoid CHECK in fpdf_parser_decode.cpp (memcpy empty span) Given a span of size N, memcpy(dest, &span[N], 0) ought to be a no-op, but since we compute span[N] before checking for zero length, we hit an assert. The correct idiom should be to create a sub-span, which allows specifying N, but only when the size is 0. Bug: chromium:879910 , chromium:889356 Change-Id: Ic6f368109a5c2f1e13a5f638c6a233769e2ad41b Reviewed-on: https://pdfium-review.googlesource.com/41930 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> (cherry picked from commit 73e97f4fac2f4f591ff62e70377a80fd40b5f6f3) Reviewed-on: https://pdfium-review.googlesource.com/43271 [modify] https://crrev.com/13b08aa11de74120909b871b987d010f33cd0bc6/core/fpdfapi/parser/fpdf_parser_decode.cpp |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Sep 2Labels: Test-Predator-Auto-Components