use-of-uninitialized-value in CPDF_Object::Release()

[GoogleCodeExporter]

foxit@ubuntu:~/chrome/src/out/Debug$ ./pdfium_test --ppm 
/home/foxit/chrome/testfiles/387979/signal_sigsegv_54ad95_9186_cov_1954837690_71
75.pdf 2>&1 | /home/foxit/chrome/src/tools/valgrind/asan/asan_symbolize.py | 
c++filt 
==4105== WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7ff08f007a01 in CPDF_Object::Release() /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp:10:9
    #1 0x7ff08f0e9928 in CPDF_DataAvail::CheckPage(IFX_DownloadHints*) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:3290:17
    #2 0x7ff08f0ea3a6 in CPDF_DataAvail::CheckPageStatus(IFX_DownloadHints*) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:3033:20
    #3 0x7ff08f103612 in CPDF_DataAvail::LoadPages(IFX_DownloadHints*) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:4097:14
    #4 0x7ff08f108e38 in CPDF_DataAvail::IsPageAvail(int, IFX_DownloadHints*) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:4223:22
    #5 0x7ff08e97b2a7 in FPDFAvail_IsPageAvail /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/fpdfsdk/src/fpdf_dataavail.cpp:150:9
    #6 0x7ff08e9034e4 in RenderPdf(char const*, char const*, unsigned long, OutputFormat) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/samples/pdfium_test.cc:297:12
    #7 0x7ff08e909de0 in main /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/samples/pdfium_test.cc:393:7
    #8 0x7ff08b5fd76c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226:0
    #9 0x7ff08e8fbaec in _start ??:0:0

  Uninitialized value was created by a heap allocation
    #0 0x7ff08e8a7713 in __interceptor_free ??:0:0
    #1 0x7ff08e93ad9c in CFX_Object::operator delete(void*) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/fpdfsdk/src/../include/../../core/include/fpdfapi/../fxcrt/fx_memory.h:44:9
    #2 0x7ff08f007f8c in CPDF_Object::Destroy() /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp:28:13
    #3 0x7ff08f007a3b in CPDF_Object::Release() /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp:13:5
    #4 0x7ff08f0e9728 in CPDF_DataAvail::CheckPage(IFX_DownloadHints*) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:3287:13
    #5 0x7ff08f0ea3a6 in CPDF_DataAvail::CheckPageStatus(IFX_DownloadHints*) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:3033:20
    #6 0x7ff08f103612 in CPDF_DataAvail::LoadPages(IFX_DownloadHints*) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:4097:14
    #7 0x7ff08f108e38 in CPDF_DataAvail::IsPageAvail(int, IFX_DownloadHints*) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:4223:22
    #8 0x7ff08e97b2a7 in FPDFAvail_IsPageAvail /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/fpdfsdk/src/fpdf_dataavail.cpp:150:9
    #9 0x7ff08e9034e4 in RenderPdf(char const*, char const*, unsigned long, OutputFormat) /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/samples/pdfium_test.cc:297:12
    #10 0x7ff08e909de0 in main /home/foxit/chrome/src/out/Debug/../../third_party/pdfium/samples/pdfium_test.cc:393:7
    #11 0x7ff08b5fd76c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226:0

SUMMARY: MemorySanitizer: use-of-uninitialized-value ??:0 ??
Exiting

Original issue reported on code.google.com by jun_f...@foxitsoftware.com on 4 Aug 2014 at 7:38

Attachments:

• signal_sigsegv_54ad95_9186_cov_1954837690_7175.pdf

[GoogleCodeExporter]

Original comment by jun_f...@foxitsoftware.com on 4 Aug 2014 at 7:39

• Added labels: cr-internals-plugins-pdf

[GoogleCodeExporter]

Original comment by jun_f...@foxitsoftware.com on 4 Aug 2014 at 7:43

• Added labels: Type-Bug-SecurityCr-internals-Plugins-PDF, Type-Defect
• Removed labels: Type-bugs-security, cr-internals-plugins-pdf

[GoogleCodeExporter]

This issue should be raised for chrome not for pdfium. Close it and raise 
another security issue for Chrome.

Original comment by jun_f...@foxitsoftware.com on 4 Aug 2014 at 7:49

• Changed state: Invalid