summaryrefslogtreecommitdiff
path: root/testing/libfuzzer
diff options
context:
space:
mode:
authorDan Sinclair <dsinclair@chromium.org>2017-05-16 11:45:23 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-05-16 16:00:10 +0000
commit2eef64cba5c8e08a9e625f4aba5a7fbdc8e62bad (patch)
tree38a70cf1d91fc56a64a4525c041447c203b07f49 /testing/libfuzzer
parent2a835b7b902bc0b61b1a3618f5c82b91571ecd72 (diff)
downloadpdfium-2eef64cba5c8e08a9e625f4aba5a7fbdc8e62bad.tar.xz
Do not walk off end of formcalc string
The fm2js code takes a pointer to the input string and then walks along that pointer. There are currently no checks to verify we haven't walked off the end of the pointer into random memory. If this happens, we can end up allocating large chunks of memory and copying random bits. BUG=chromium:721533 Change-Id: Ia61fe96c1ff9eb9ded63cf8326b7be44986bd9e1 Reviewed-on: https://pdfium-review.googlesource.com/5550 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'testing/libfuzzer')
0 files changed, 0 insertions, 0 deletions