Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in cff_get_glyph_name |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5759961133219840 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x60c0000ddb78 Crash State: cff_get_glyph_name CPDF_Type1Font::LoadGlyphMap CPDF_SimpleFont::LoadCommon Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=387601:387928 Minimized Testcase (17.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96w7LBZ2UPjR0te7Xxc_0tujbh5bKfRXVgsdej5DbePAz5kxtJh1PFDtIz2lf2GYoOM3Kk1DCdSsn3s2q1NAKjFsjjueD1zDGPZD87kDYGR9_6_EeFY77zlNfSelziU4ieJ7drRngtirN4LSFU8tWtZt3P7JnlY1dMmcPdUntp3x_8SZs4?testcase_id=5759961133219840 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
,
Jul 12 2016
,
Jul 13 2016
,
Jul 13 2016
ochang@, I wonder if you could take a look at this one. It's similar to the one you fixed before (https://bugs.chromium.org/p/chromium/issues/detail?id=551503).
,
Jul 13 2016
Which bot builds the chrome binaries that feeds into CF? It's crashing in third_party/freetype2, whereas real Chrome Linux binaries, last I checked, use system freetype. We shouldn't be using third_party/freetype2 in production at all, though we do use third_party/pdfium/third_party/freetype (ya it's third_party all the way down) on Windows/Mac.
,
Jul 18 2016
I suspect Chrome is linking with with the freetype2 library built as a dependency of content_shell as they are all built into the same directory. Either way, there's not much we can do here.
,
Jul 19 2016
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408633:408661. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5759961133219840 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x60c0000ddb78 Crash State: cff_get_glyph_name CPDF_Type1Font::LoadGlyphMap CPDF_SimpleFont::LoadCommon Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=387601:387928 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=408633:408661 Minimized Testcase (17.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96w7LBZ2UPjR0te7Xxc_0tujbh5bKfRXVgsdej5DbePAz5kxtJh1PFDtIz2lf2GYoOM3Kk1DCdSsn3s2q1NAKjFsjjueD1zDGPZD87kDYGR9_6_EeFY77zlNfSelziU4ieJ7drRngtirN4LSFU8tWtZt3P7JnlY1dMmcPdUntp3x_8SZs4?testcase_id=5759961133219840 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 25 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Jul 12 2016Components: Internals>Plugins>PDF