New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 468167 link

Starred by 0 users

Issue metadata

Status: Fixed
Last visit > 30 days ago
Closed: Apr 2015
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security

Sign in to add a comment

Use-of-uninitialized-value in parse_font_matrix

Project Member Reported by ClusterFuzz, Mar 18 2015

Issue description

Detailed report:

Fuzzer: Attekett_surku_fuzzer
Job Type: Linux_msan_chrome

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:

Minimized Testcase (57.40 Kb):

Filer: inferno
Labels: Cr-Internals-Plugins-PDF
Status: Assigned
Project Member

Comment 2 by ClusterFuzz, Mar 18 2015

Labels: Pri-1
Labels: M-43
Project Member

Comment 4 by ClusterFuzz, Apr 8 2015

Labels: Nag
jun_fang@: Uh oh! This issue is still open and hasn't been updated in the last 21 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz
Project Member

Comment 7 by ClusterFuzz, Apr 22 2015

Labels: -Restrict-View-SecurityTeam M-42 Merge-Triage Restrict-View-SecurityNotify
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on

- Your friendly ClusterFuzz
Labels: -Nag -M-42 -Merge-Triage Merge-Requested
Merge requested for M43 (branch 2357)
Labels: -Merge-Requested Merge-Review-43 Hotlist-Merge-Review
[Automated comment] No bugdroid (commit) comments found, couldn't auto-approve, needs manual review.

Comment 11 by, May 11 2015

Labels: -Merge-Review-43 Merge-Approved
I'll do the merge.
Project Member

Comment 13 by, May 11 2015

Labels: -Merge-Approved merge-merged-2357
The following revision refers to this bug:

r73326 | | 2015-05-11T21:12:16.916094Z

Labels: Release-0-M43
Labels: -reward-topanel reward-unpaid reward-1000 CVE-2015-1259
$500 for this report + $500 for the clusterfuzz bonus. Congrats!
Labels: -reward-unpaid reward-inprocess
Processing rewards - should be paid in approximately 2 weeks.
Labels: -reward-inprocess
Processing via our e-payment system can take up to two weeks, but the reward should be on its way to you. Thanks again for your help!

(Note: sorry for the delay here - it turns out in the new payment system, these payments were waiting for a second approval from me).
Project Member

Comment 18 by ClusterFuzz, Jul 29 2015

Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.
Project Member

Comment 19 by, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit - Your friendly Sheriffbot
Project Member

Comment 20 by, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit - Your friendly Sheriffbot
Labels: allpublic
Labels: CVE_description-submitted

Sign in to add a comment