New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 675108 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Feb 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in position_around_base

Project Member Reported by ClusterFuzz, Dec 16 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5069644953288704

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  position_around_base
  position_cluster
  hb_ot_position
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=407004:407005

Minimized Testcase (0.27 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94xTVblQSuYMukaUBnrNkCx301ph7oz49uydvSPHkrwvHf6eXyMN9XxNNTfwBFe6IvpmzFhnOEpVCPcr5gDFo4zDzjquJqS_3OL5xrr2RW_KntCfCYguRlWo46NgeImx0N-V-fBz1OFGK28h_sAIvxmJPJx8g?testcase_id=5069644953288704
<style>@font-face {
    }
.line {
    white-space: pre
</style>
<div class=line>	🏠🏡🏢🏣🏤🏥🏦🏧🏨🏩🏪🏫🏬🏭🏮🏯🏰🏱🏲🏳🏴🏵🏶🏷🏸🏹🏺🏻🏼🏽🏾🏿<style>
* { animation-name: cfpulse66; zoom: 9.92676897969e+18;


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: brajkumar@chromium.org
Labels: Test-Predator-Wrong M-55
Owner: e...@chromium.org
Status: Assigned (was: Untriaged)
Find it and CL did not provide any possible suspect.
Using code search for file "HarfBuzzShaper.cpp" from line #17 and suspecting the below change
Review URL: https://codereview.chromium.org/2516723002

eae@ - Observed some recent changes on this file so assigning to you, could you please check if this is caused with respect to your change, if not please help us in reassign the issue to the right owner.

Thanks!
Project Member

Comment 2 by ClusterFuzz, Feb 17 2017

ClusterFuzz has detected this issue as fixed in range 451144:451201.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5069644953288704

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  position_around_base
  position_cluster
  hb_ot_position
  
Sanitizer: undefined (UBSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=407004:407005
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=451144:451201

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94xTVblQSuYMukaUBnrNkCx301ph7oz49uydvSPHkrwvHf6eXyMN9XxNNTfwBFe6IvpmzFhnOEpVCPcr5gDFo4zDzjquJqS_3OL5xrr2RW_KntCfCYguRlWo46NgeImx0N-V-fBz1OFGK28h_sAIvxmJPJx8g?testcase_id=5069644953288704


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Feb 17 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5069644953288704 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment