Tinkering with Mr. Zalewski's American Fuzzy Lop fuzzer and found a few cases
where the following segfault occurs (read on null ptr):
==26134== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==26134== Access not within mapped region at address 0x1C
==26134== at 0x835D719: CFX_BaseSegmentedArray::Iterate(int (*)(void*,
void*), void*) const (fx_basic_array.cpp:312)
==26134== by 0x8372242: CFX_CMapByteStringToPtr::Lookup(CFX_ByteStringC
const&, void*&) const (fx_basic_maps.cpp:507)
==26134== by 0x813D959: CPDF_Dictionary::GetElement(CFX_ByteStringC const&)
const (fpdf_parser_objects.cpp:595)
==26134== by 0x81591A1: CPDF_DataAvail::CheckRoot(IFX_DownloadHints*)
(fpdf_parser_parser.cpp:3173)
==26134== by 0x81581CF: CPDF_DataAvail::CheckDocStatus(IFX_DownloadHints*)
(fpdf_parser_parser.cpp:3000)
==26134== by 0x8157A77: CPDF_DataAvail::IsDocAvail(IFX_DownloadHints*)
(fpdf_parser_parser.cpp:2922)
==26134== by 0x805808F: FPDFAvail_IsDocAvail (fpdf_dataavail.cpp:117)
==26134== by 0x804CF35: RenderPdf(char const*, char const*, unsigned int,
OutputFormat) (pdfium_test.cc:279)
==26134== by 0x804DB71: main (pdfium_test.cc:397)
Collection of test files including the original (good.pdf) is attached
Original issue reported on code.google.com by bobr...@gmail.com on 22 Aug 2014 at 7:02
Original issue reported on code.google.com by
bobr...@gmail.comon 22 Aug 2014 at 7:02Attachments: