Ill in CPDF_FormField::CountControls |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5392359582597120 Fuzzer: ifratric_pdf_generic Job Type: linux_ubsan_vptr_chrome Platform Id: linux Crash Type: Ill Crash Address: 0x5635a8ef831a Crash State: CPDF_FormField::CountControls CJS_Field::setFocus void JSMethod<CJS_Field, & Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=599834:599837 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5392359582597120 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 16
Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/e4f2f4a3f4fd3e9f372912f4151d7c7843f9556f (Use more UnownedPtr in CPDF_FormControl.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Oct 17
Issue 895858 has been merged into this issue.
,
Oct 17
Issue 895836 has been merged into this issue.
,
Oct 17
,
Oct 17
Issue 895780 has been merged into this issue.
,
Oct 17
Issue 895896 has been merged into this issue.
,
Oct 17
Issue 896055 has been merged into this issue.
,
Oct 17
Issue 896053 has been merged into this issue.
,
Oct 17
,
Oct 17
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/190645c34266d7e8ed2a3026d11a7fd5a03de86a commit 190645c34266d7e8ed2a3026d11a7fd5a03de86a Author: Lei Zhang <thestig@chromium.org> Date: Wed Oct 17 04:12:44 2018 Fix assert failure in CPDF_InteractiveForm::GetControlsForField(). |CPDF_InteractiveForm::m_ControlLists| replaced |CPDF_FormField::m_ControlList| for all CPDF_FormFields. So when any CPDF_FormFields wants to know about its control list, it has to ask CPDF_InteractiveForm. Every CPDF_FormField started out with an empty control list, so CPDF_InteractiveForm should keep that behavior. BUG= chromium:895983 TBR=tsepez@chromium.org Change-Id: Ibae5f6f54a21b9576b253e230c346bfd6705ca5d Reviewed-on: https://pdfium-review.googlesource.com/c/44150 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> [modify] https://crrev.com/190645c34266d7e8ed2a3026d11a7fd5a03de86a/core/fpdfdoc/cpdf_interactiveform.h [modify] https://crrev.com/190645c34266d7e8ed2a3026d11a7fd5a03de86a/core/fpdfdoc/cpdf_interactiveform.cpp
,
Oct 17
Issue 896084 has been merged into this issue.
,
Oct 17
,
Oct 17
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0111c9da450458fade5b4c7a801d7d1eaadacce6 commit 0111c9da450458fade5b4c7a801d7d1eaadacce6 Author: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Date: Wed Oct 17 06:15:18 2018 Roll src/third_party/pdfium e9b1cfbe85ce..190645c34266 (1 commits) https://pdfium.googlesource.com/pdfium.git/+log/e9b1cfbe85ce..190645c34266 git log e9b1cfbe85ce..190645c34266 --date=short --no-merges --format='%ad %ae %s' 2018-10-17 thestig@chromium.org Fix assert failure in CPDF_InteractiveForm::GetControlsForField(). Created with: gclient setdep -r src/third_party/pdfium@190645c34266 The AutoRoll server is located here: https://autoroll.skia.org/r/pdfium-autoroll Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. BUG= chromium:895983 TBR=dsinclair@chromium.org Change-Id: I17b47965b5aebdcd2ff53257e1ffddf9887eaf14 Reviewed-on: https://chromium-review.googlesource.com/c/1286110 Reviewed-by: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#600297} [modify] https://crrev.com/0111c9da450458fade5b4c7a801d7d1eaadacce6/DEPS
,
Oct 17
ClusterFuzz testcase 4517591463493632 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 17
ClusterFuzz has detected this issue as fixed in range 600296:600297. Detailed report: https://clusterfuzz.com/testcase?key=5392359582597120 Fuzzer: ifratric_pdf_generic Job Type: linux_ubsan_vptr_chrome Platform Id: linux Crash Type: Ill Crash Address: 0x5635a8ef831a Crash State: CPDF_FormField::CountControls CJS_Field::setFocus void JSMethod<CJS_Field, & Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=599834:599837 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=600296:600297 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5392359582597120 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 17
The older reward-topanel issue 895836 has been merged into this one. Please manually review this issue to see if the duplicate is potentially eligible for a reward.
,
Oct 31
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Oct 16Labels: Test-Predator-Auto-Components