You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I fuzz the parsePDF functionality using harness PDFParserFuzzingHarness provided in this project. My fuzzer found a stack overflow crash. below is sanitizer's message. ==955==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc697a9ff8 (pc 0x5640d42640f1 bp 0x00000000001e sp 0x7ffc697aa000 T0) #0 0x5640d42640f1 in __asan::GetCurrentThread() crtstuff.c #1 0x5640d42619fd in __sanitizer::BufferedStackTrace::UnwindImpl(unsigned long, unsigned long, void*, bool, unsigned int) crtstuff.c #2 0x5640d429196e in operator new(unsigned long) (/PDF-Writer/build/PDFWriterTesting/PDFParserFuzzingHarness+0x16296e) (BuildId: 3573c99225bcd3d6) #3 0x5640d42cda71 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:590:22 #4 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #5 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #6 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #7 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #8 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #9 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #10 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #11 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #12 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #13 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #14 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #15 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #16 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #17 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #18 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #19 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #20 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16
This backtrace message is incomplete due to the screen limitation. I utilize GDB to retrieve the initial parts of backtrace. #13438 0x000055762a2ecfc4 in PDFObjectParser::ParseArray (this=<optimized out>) at /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603 #13439 0x000055762a2e4f6b in PDFObjectParser::ParseNewObject (this=<optimized out>) at /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200 #13440 0x000055762a2ecfc4 in PDFObjectParser::ParseArray (this=<optimized out>) at /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603 #13441 0x000055762a2e4f6b in PDFObjectParser::ParseNewObject (this=<optimized out>) at /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200 #13442 0x000055762a2b8546 in PDFParser::ParseLastXrefPosition (this=0x7fc46c700060) at /PDF-Writer/PDFWriter/PDFParser.cpp:363 #13443 0x000055762a2b4bfb in PDFParser::StartPDFParsing (this=0x7fc46c700060, inSourceStream=0x7fc46c700020, inOptions=...) at /PDF-Writer/PDFWriter/PDFParser.cpp:117 #13444 0x000055762a2b3063 in LLVMFuzzerTestOneInput (
It demonstrates that the stack contained so many function frame data that it is overflowed. I have attached my crash sample. crash.zip
The text was updated successfully, but these errors were encountered:
I fuzz the parsePDF functionality using harness PDFParserFuzzingHarness provided in this project. My fuzzer found a stack overflow crash. below is sanitizer's message.
==955==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc697a9ff8 (pc 0x5640d42640f1 bp 0x00000000001e sp 0x7ffc697aa000 T0) #0 0x5640d42640f1 in __asan::GetCurrentThread() crtstuff.c #1 0x5640d42619fd in __sanitizer::BufferedStackTrace::UnwindImpl(unsigned long, unsigned long, void*, bool, unsigned int) crtstuff.c #2 0x5640d429196e in operator new(unsigned long) (/PDF-Writer/build/PDFWriterTesting/PDFParserFuzzingHarness+0x16296e) (BuildId: 3573c99225bcd3d6) #3 0x5640d42cda71 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:590:22 #4 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #5 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #6 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #7 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #8 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #9 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #10 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #11 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #12 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #13 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #14 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #15 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #16 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #17 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #18 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16 #19 0x5640d42cdfc3 in PDFObjectParser::ParseArray() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603:35 #20 0x5640d42c5f6a in PDFObjectParser::ParseNewObject() /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200:16This backtrace message is incomplete due to the screen limitation. I utilize GDB to retrieve the initial parts of backtrace.
#13438 0x000055762a2ecfc4 in PDFObjectParser::ParseArray (this=<optimized out>) at /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603 #13439 0x000055762a2e4f6b in PDFObjectParser::ParseNewObject (this=<optimized out>) at /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200 #13440 0x000055762a2ecfc4 in PDFObjectParser::ParseArray (this=<optimized out>) at /PDF-Writer/PDFWriter/PDFObjectParser.cpp:603 #13441 0x000055762a2e4f6b in PDFObjectParser::ParseNewObject (this=<optimized out>) at /PDF-Writer/PDFWriter/PDFObjectParser.cpp:200 #13442 0x000055762a2b8546 in PDFParser::ParseLastXrefPosition (this=0x7fc46c700060) at /PDF-Writer/PDFWriter/PDFParser.cpp:363 #13443 0x000055762a2b4bfb in PDFParser::StartPDFParsing (this=0x7fc46c700060, inSourceStream=0x7fc46c700020, inOptions=...) at /PDF-Writer/PDFWriter/PDFParser.cpp:117 #13444 0x000055762a2b3063 in LLVMFuzzerTestOneInput (It demonstrates that the stack contained so many function frame data that it is overflowed. I have attached my crash sample.
crash.zip
The text was updated successfully, but these errors were encountered: