Issue 881095 link

Starred by 1 user

Issue metadata

Status:	Assigned
Owner:	thestig@chromium.org
Cc:	art-sn...@yandex-team.ru kkaluri@chromium.org
Components:	Internals>Plugins>PDF
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Stability-Libfuzzer Clusterfuzz Stability-UndefinedBehaviorSanitizer ClusterFuzz-Verified ClusterFuzz-Wrong M-69 Test-Predator-Auto-CC Test-Predator-Auto-Components

Integer-overflow in CFX_RTFBreak::AppendChar_Others

Project Member Reported by ClusterFuzz, Sep 5

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5866663369768960

Fuzzer: libFuzzer_pdfium_xfa_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CFX_RTFBreak::AppendChar_Others
  CFX_RTFBreak::AppendChar
  CXFA_TextLayout::AppendChar
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=576839:576840

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5866663369768960

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Project Member

Comment 1 by ClusterFuzz, Sep 5

Components: Internals>Plugins>PDF
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Project Member

Comment 2 by ClusterFuzz, Sep 5

Cc: art-sn...@yandex-team.ru
Labels: Test-Predator-Auto-CC

Automatically adding ccs based on suspected regression changelists:

Rework of CPDF_Parser::RebuildCrossRef. by art-snake@yandex-team.ru - https://pdfium.googlesource.com/pdfium/+/c68109a2dac3be544b7753d1fd677255d859745b

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

Comment 3 by kkaluri@chromium.org, Sep 6

Cc: kkaluri@chromium.org
Labels: M-69
Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)

With reference to the  Issue 875282 , assigning it to thestig@

Project Member

Comment 4 by ClusterFuzz, Oct 11

ClusterFuzz has detected this issue as fixed in range 598252:598253.

Detailed report: https://clusterfuzz.com/testcase?key=5866663369768960

Fuzzer: libFuzzer_pdfium_xfa_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CFX_RTFBreak::AppendChar_Others
  CFX_RTFBreak::AppendChar
  CXFA_TextLayout::AppendChar
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=576839:576840
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=598252:598253

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5866663369768960

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 5 by ClusterFuzz, Oct 11

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)

ClusterFuzz testcase 5866663369768960 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 6 by thestig@chromium.org, Oct 11

Labels: ClusterFuzz-Wrong
Status: Assigned (was: Verified)

Not fixed. I broke the fuzzer.

►

Issue 881095 link

Issue metadata

Integer-overflow in CFX_RTFBreak::AppendChar_Others

Issue description

Comment 1 by ClusterFuzz, Sep 5

Comment 1 Deleted

Comment 2 by ClusterFuzz, Sep 5

Comment 2 Deleted

Comment 3 by kkaluri@chromium.org, Sep 6

Comment 3 Deleted

Comment 4 by ClusterFuzz, Oct 11

Comment 4 Deleted

Comment 5 by ClusterFuzz, Oct 11

Comment 5 Deleted

Comment 6 by thestig@chromium.org, Oct 11

Comment 6 Deleted

Sign in to add a comment