New issue
Advanced search Search tips

Issue 617647 link

Starred by 0 users
Status: WontFix
Owner:
bunge...@chromium.org
Closed: Aug 2016
Cc:
mtklein@chromium.org
mac-bugs-priority@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in TFont::FindColourBitmapForGlyph

Project Member Reported by ClusterFuzz, Jun 6 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4950811696431104

Fuzzer: inferno_twister
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x00018cd22f4a
Crash State:
  TFont::FindColourBitmapForGlyph
  TFont::CreatePathForGlyph
  CTFontCreatePathForGlyph
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=356531:356692

Minimized Testcase (0.63 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97IGVNG2bc9EZ86VkvVIe6hKLMZu8W1pWcUYyhVq8RTB9mV_dx0dZjfGPvEPnBElt3xeCl7ia9LwDrVLsfBYFw_VUDhFKFKWAtylZBOis-jxnHW5U7gTMU8XieJi0i7pokIHNV1qWMYNwNCCz9LEkAouRtOOA

Filer: ochang

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by f...@chromium.org, Jun 6 2016

Components: Internals>Skia
Labels: M-51

Comment 2 by f...@chromium.org, Jun 6 2016

Owner: mtkl...@chormium.org
Status: Assigned (was: Available)
mtklein, would you be a good owner for this bug?
Project Member

Comment 3 by sheriffbot@chromium.org, Jun 7 2016

Labels: Pri-1

Comment 4 by rmis...@google.com, Jun 13 2016

Owner: mtklein@chromium.org
Project Member

Comment 5 by sheriffbot@chromium.org, Jun 21 2016 

mtklein: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by mtklein@chromium.org, Jun 21 2016

Cc: mtklein@chromium.org
Owner: bunge...@chromium.org
Ben, looks like a crash down in Core Text.  Seems familiar... did we look at this last week perhaps, or maybe it's a dupe?
Project Member

Comment 7 by sheriffbot@chromium.org, Jul 6 2016 

bungeman: Uh oh! This issue still open and hasn't been updated in the last 29 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 8 by sheriffbot@chromium.org, Jul 21 2016

Labels: -M-51 M-52

Comment 9 by raymes@chromium.org, Aug 2 2016 

bungeman: any updates here? Thanks!

Comment 10 by och...@chromium.org, Aug 9 2016

Status: WontFix (was: Assigned)
This is no longer reproducible on CF, and we don't see any new reports. Closing.
Project Member

Comment 11 by sheriffbot@chromium.org, Nov 16 2016

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment