Chromium Embedded Framework Forum

Forum for support and discussion of the Chromium Embedded Framework (CEF)
Visit the CEF Project Site to download CEF and report issues.

Skip to content

CEF crash at putcontig8bitCIELab in 103.0.12

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.
Forum rules
Post a reply

CEF crash at putcontig8bitCIELab in 103.0.12

Postby ccbournejr » Mon Jul 17, 2023 10:31 am

CEF version 103.0.12
I have a minidump from our production product in CEF 103.0.13. I have read that putcontig8bitCIELab can be related to a TIFF that has a security DOS vulnerability. I have found very little else on chormium or CEF searching and I am not sure how I can reproduce this.
Any help is greatly appreciated.

StackFrame
Code: Select all
0  libcef.dll!static void putcontig8bitCIELab(struct _TIFFRGBAImage *, unsigned int *, unsigned int, unsigned int, unsigned int, unsigned int, int, int, unsigned char *) [tif_getimage.c : 1826 + 0x6]
 1  libcef.dll!static void base::internal::BindState<`lambda at ../../components/browsing_data/content/database_helper.cc:49:11',base::internal::RetainedRefWrapper<storage::DatabaseTracker> >::Destroy(const class base::internal::BindStateBase *) [bind_internal.h : 980 + 0x30]
 2  libcef.dll!void std::__1::vector<scoped_refptr<content::VideoCaptureController>,std::__1::allocator<scoped_refptr<content::VideoCaptureController> > >::__emplace_back_slow_path<content::VideoCaptureController *&>(class content::VideoCaptureController * & const) [vector : 1666 + 0x13]
 3  libcef.dll!ruy::Kernel<16,signed char,signed char,int,int>::Run(ruy::PMat<signed char> const &,ruy::PMat<signed char> const &,ruy::MulParams<int,int> const &,int,int,int,int,ruy::Mat<int> *) [kernel_x86.h : 132 + 0x6]
 4  libcef.dll!content::NavigationRequest::CheckResponseAdherenceToCoep(GURL const &) [navigation_request.cc : 7143 + 0xa]
 5  KERNELBASE.dll + 0x32f4f
 6  libcef.dll!static class content::RenderFrameObserverTracker<extensions::(anonymous namespace)::FrameContentWatcher> * & const std::__1::map<const content::RenderFrame *,content::RenderFrameObserverTracker<extensions::(anonymous namespace)::FrameContentWatcher> *,std::__1::less<const content::RenderFrame *>,std::__1::allocator<std::__1::pair<const content::RenderFrame *const,content::RenderFrameObserverTracker<extensions::(anonymous namespace)::FrameContentWatcher> *> > >::operator[](const class content::RenderFrame * & const) [map : 1536 + 0x5e]
 7  libcef.dll!content::NavigationRequest::CommitNavigation() [navigation_request.cc : 4661 + 0x22]
 8  libcef.dll!extensions::api::automation::ParseActionType(std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> > const &) [automation.cc : 1555 + 0x1c]
 9  libcef.dll!CPDF_Document::InsertDeletePDFPage(CPDF_Dictionary *,int,CPDF_Dictionary *,bool,std::__1::set<CPDF_Dictionary *,std::__1::less<CPDF_Dictionary *>,std::__1::allocator<CPDF_Dictionary *> > *) [cpdf_document.cpp : 444 + 0x4b]
10  libcef.dll!tflite::reference_ops::PerChannelQuantize<float,short>(tflite::PerChannelQuantizationParams const &,tflite::RuntimeShape const &,float const *,tflite::RuntimeShape const &,short *) [quantize.h : 67 + 0xd]
11  libcef.dll!CFX_FontMapper::FindSubstFont(fxcrt::ByteString const &,bool,unsigned int,int,int,FX_CodePage,CFX_SubstFont *) [cfx_fontmapper.cpp : 643 + 0xdb]
12  libcef.dll!static int Fax3Decode1D(struct tiff *, unsigned char *, __int64, unsigned short) [tif_fax3.c : 243 + 0xf]
13  libcef.dll!tflite::reference_ops::PerChannelQuantize<float,short>(tflite::PerChannelQuantizationParams const &,tflite::RuntimeShape const &,float const *,tflite::RuntimeShape const &,short *) [quantize.h : 60 + 0x1]
14  libcef.dll!static void putcontig8bitYCbCr22tile(struct _TIFFRGBAImage *, unsigned int *, unsigned int, unsigned int, unsigned int, unsigned int, int, int, unsigned char *) [tif_getimage.c : 2189 + 0x2c]
15  libcef.dll!extensions::script_parsing::ParseMatchPatterns(std::__1::vector<std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> >,std::__1::allocator<std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> > > > const &,std::__1::vector<std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> >,std::__1::allocator<std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> > > > const *,int,int,bool,int,bool,extensions::UserScript *,std::__1::basic_string<char16_t,std::__1::char_traits<char16_t>,std::__1::allocator<char16_t> > *,bool *) [content_script_utils.cc : 110 + 0x36]
16  libcef.dll!crx_file::Verify(base::FilePath const &,crx_file::VerifierFormat const &,std::__1::vector<std::__1::vector<unsigned char,std::__1::allocator<unsigned char> >,std::__1::allocator<std::__1::vector<unsigned char,std::__1::allocator<unsigned char> > > > const &,std::__1::vector<unsigned char,std::__1::allocator<unsigned char> > const &,std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> > *,std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> > *,std::__1::vector<unsigned char,std::__1::allocator<unsigned char> > *) [crx_verifier.cc : 251 + 0x1ce]
17  libcef.dll!crx_file::Verify(base::FilePath const &,crx_file::VerifierFormat const &,std::__1::vector<std::__1::vector<unsigned char,std::__1::allocator<unsigned char> >,std::__1::allocator<std::__1::vector<unsigned char,std::__1::allocator<unsigned char> > > > const &,std::__1::vector<unsigned char,std::__1::allocator<unsigned char> > const &,std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> > *,std::__1::basic_string<char,std::__1::char_traits<char>,std::__1::allocator<char> > *,std::__1::vector<unsigned char,std::__1::allocator<unsigned char> > *) [crx_verifier.cc : 251 + 0x28f]
18  libcef.dll!static int TIFFWriteDirectorySec(struct tiff *, int, int, unsigned __int64 *) [tif_dirwrite.c : 578 + 0x16]
19  libcef.dll!static int Fax4Decode(struct tiff *, unsigned char *, __int64, unsigned short) [tif_fax3.c : 1497 + 0x15]
20  libcef.dll!content::FileSystemAccessManagerImpl::ResolveTransferToken(mojo::PendingRemote<blink::mojom::FileSystemAccessTransferToken>,base::OnceCallback<void >) [file_system_access_manager_impl.cc : 1519 + 0x5]
21  libcef.dll!void std::__1::__vector_base<std::__1::unique_ptr<content::FileSystemAccessFileWriterImpl,std::__1::default_delete<content::FileSystemAccessFileWriterImpl> >,std::__1::allocator<std::__1::unique_ptr<content::FileSystemAccessFileWriterImpl,std::__1::default_delete<content::FileSystemAccessFileWriterImpl> > > >::~__vector_base() [vector : 466 + 0x13]
22  libcef.dll!static void putRGBseparate8bittile(struct _TIFFRGBAImage *, unsigned int *, unsigned int, unsigned int, unsigned int, unsigned int, int, int, unsigned char *, unsigned char *, unsigned char *, unsigned char *) [tif_getimage.c : 1675 + 0x17]
23  libcef.dll!extensions::WebviewHandler::Parse(extensions::Extension *,std::__1::basic_string<char16_t,std::__1::char_traits<char16_t>,std::__1::allocator<char16_t> > *) [webview_info.cc : 116 + 0x8]
24  libcef.dll!CPDF_DataAvail::CheckLinearizedData() [cpdf_data_avail.cpp : 772 + 0xa]
25  KERNEL32.DLL + 0x154e0
26  ntdll.dll + 0x485b
27  KERNELBASE.dll + 0x1461d0
ccbournejr
Techie
 
Posts: 30
Joined: Mon Aug 23, 2021 7:47 am
Top
Post a reply

Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 220 guests

Powered by phpBB® Forum Software © phpBB Group