New issue
Advanced search Search tips

Issue 643602 link

Starred by 1 user
Status: WontFix
Owner:
behdad@chromium.org
Closed: Dec 2016
Cc:
bashi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Integer-overflow in position_cluster

Project Member Reported by ClusterFuzz, Sep 2 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6695542052880384

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  position_cluster
  _hb_ot_shape_fallback_position
  hb_ot_shape_internal
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027

Minimized Testcase (30.93 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97lFBZEP52lLOixa1dxWFv7DQZ-_C1zx74GNnD_p46YJd9pwfzHmOWl5y6I0Ndbx63JyPHtXxi2ZAM7ibY5esG0S6PLPFevYaQxdoF_qMZafbZHEjyOXmqJkh8UDGb6I8e0L5TsDsSBaTWdYwwaLDMmR95R_sPEuGsj60lo__t4iR4Hok8?testcase_id=6695542052880384

Issue manually filed by: msrchandra

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, Sep 2 2016

Cc: bashi@chromium.org
Components: Tools>Test>FindIt>NoResult Blink>Fonts
Labels: -Type-Bug findit-wrong Te-Logged Type-Bug-Regression
Owner: behdad@chromium.org
Status: Assigned (was: Untriaged)
Unable to find the possible suspect from find it. Assigning to concern owner who already worked on similar issue.
Also providing find it results for internal purpose.
Suspected CLs	Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.)

Author: bashi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/55097d32fb9f0b18fe8fea1fcdb2a9c89f6698b9
Time: Tue Sep 11 01:34:56 2012
The CL last changed line 296 of file hb-ot-shape-fallback.cc, which is stack frame 0.

Author: bashi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/55097d32fb9f0b18fe8fea1fcdb2a9c89f6698b9
Time: Tue Sep 11 01:34:56 2012
The CL last changed line 370 of file hb-ot-shape-fallback.cc, which is stack frame 1.

Author: bashi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/55097d32fb9f0b18fe8fea1fcdb2a9c89f6698b9
Time: Tue Sep 11 01:34:56 2012
The CL last changed line 409 of file hb-ot-shape-fallback.cc, which is stack frame 2.

Author: bashi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/55097d32fb9f0b18fe8fea1fcdb2a9c89f6698b9
Time: Tue Sep 11 01:34:56 2012
The CL last changed line 427 of file hb-ot-shape-fallback.cc, which is stack frame 3.

Author: jshin@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/307f7bdd33cf295aac89b436982d40d8ba63fc6a
Time: Fri Jan 11 20:33:21 2013
The CL last changed line 724 of file hb-ot-shape.cc, which is stack frame 4.

Author: bashi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/55097d32fb9f0b18fe8fea1fcdb2a9c89f6698b9
Time: Tue Sep 11 01:34:56 2012
The CL last changed line 768 of file hb-ot-shape.cc, which is stack frame 5.

Author: bashi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/55097d32fb9f0b18fe8fea1fcdb2a9c89f6698b9
Time: Tue Sep 11 01:34:56 2012
The CL last changed line 792 of file hb-ot-shape.cc, which is stack frame 6.

Suspected Project: chromium
Suspected Component: Blink>Fonts

@behdad -- Could you please look into the issue, pardon me if it has nothing to do with your changes and also if possible assign it to concern Dev.
Thank You.

Comment 2 by infe...@chromium.org, Oct 11 2016

Labels: Pri-2

Comment 3 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Assigned)
ClusterFuzz testcase 6695542052880384 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment