New issue
Advanced search Search tips

Issue 659383 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: Dec 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

num_hmetrics >= 0

Project Member Reported by ClusterFuzz, Oct 26 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5515868055535616

Fuzzer: libfuzzer_sfntly_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  num_hmetrics >= 0
  sfntly::HorizontalMetricsTable::Builder::SetNumberOfHMetrics
  sfntly::Font::Builder::InterRelateBuilders
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=416997:417261

Minimized Testcase (0.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96DYQiy3J7zBqH8YcYdUTcrrwgW0KzLmkBbso5IL_Dfxdr_eQNVkqoMoflFuIWqcPIzaPcCkhZ9CQUNcP9mETTC91-f6nhp7h_TFs4BvI2iYXEDOuAAY25KkeLyY2gMovfYYsFA9-sCYT1gN7Yue5t6yYw0Rw?testcase_id=5515868055535616

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 

Comment 1 by aarya@google.com, Oct 26 2016

Labels: -Restrict-View-SecurityTeam Restrict-View-EditIssue Type-Bug
These were incorrectly filed as security bugs, removing security tags.

Comment 2 by aarya@google.com, Oct 26 2016

Labels: -Security_Impact-Beta -Security_Severity-High
Labels: Test-Predator-Correct
Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)
Suspected CLs
===================
The result is a list of CLs that change the crashed files.

Author: Lei Zhang
Project: chromium-sfntly
Changelist: https://chromium.googlesource.com/external/github.com/googlei18n/sfntly.git/+/813efeb18bf6205354b01a525352ebdb10eebe06
Time: Thu Sep 01 07:15:48 2016
File font.cc is changed in this cl (and is part of stack frame #5, "sfntly::Font::Builder::InterRelateBuilders"; frame #6, "sfntly::Font::Builder::BuildAllTableBuilders")
Minimum distance from crash line to modified line: 35. (file: font.cc, crashed on: 354, modified: 319).

===================
Suspected Project: chromium-sfntly

thestig@ : Could you please take a look into this and assign appropriately, as unable to assign to leizleiz@users.noreply.github.com for the above suspect. 
Cc: behdad@chromium.org
Components: Internals>Skia>PDF
Labels: Pri-3
Status: Started (was: Assigned)
Easy fix. I'll wait a bit, see if more sfntly bugs come out of the fuzzer, and do another pull request for them all.
bug_659383.patch
648 bytes Download
 Issue 659482  has been merged into this issue.
 Issue 659215  has been merged into this issue.
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 8 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Started)
ClusterFuzz testcase 4575443727679488 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment