Issue metadata
Sign in to add a comment
|
Memcpy-param-overlap in BDF_Face_Init |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5039880557297664 Fuzzer: attekett_surku_fuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x619000007880,0x619000007aab) and [0x619000007a55, 0x619000007c80) Crash State: BDF_Face_Init open_face FT_Open_Face Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=314095:314100 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv959l3w7Hu_9D8w9ffZUQ0Q0FWBNbVCQ1ZnQhSA7Fi1un1twjFjx0qPtOQsepqiBfWQTtWBxPxHgmuUClMIA4wi__eQgG2TvQEQlDEoYlYYo7yd1EpXrrn7LtxHpRv3S1V-AE0E0u2PWXi9laZAgbXBVWuQdPAN5ocq95Su8oW_6XPEfV-Ia8nnmaOXTnCibqN3sI3l3dK-6Un1HoEddiQBZvxI0808NqGolecbFXUqR652Z1O2n0_h78DXrHivoetQpkc3HcB1cAauMRV7oVTm63wxfXmjFmp4Cx3MlXolJNur12Vc_I8jxmLEDwAKxw8egxAsfBtIllS3rlUarfkpzRHxitZtyBKffvanQS1hn7NQiyac?testcase_id=5039880557297664 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 31 2017
,
Feb 1 2017
,
Feb 4 2017
Caused by this function: FT_MEM_COPY( buf, buf + start, bytes ); Change component to Blink>Fonts.
,
Feb 6 2017
This is a third party library. Assigning to dpranke@chromium.org who is the owner of this lib. dpranke@, could you please help to find the owner of this bug? Thanks.
,
Feb 6 2017
@mbarbella - I might be confused about something: that regression range is from two years ago; is that possibly right?
,
Feb 6 2017
It's right, it's just not useful. From the pdfium roll: 71c24b8 Use system FreeType on Linux. I guess we just need to ensure this is fixed upstream and that the bots are patched. Would still be good to know who owns this, but since it's used by pdfium adding dsinclair.
,
Feb 7 2017
npm@ can you take a look at fixing this?
,
Feb 8 2017
Unable to reproduce. Will do another try tomorrow...
,
Feb 9 2017
It looks like we just need to update thirdparty/freetype2, which is only used by tests. So this is not security critical. Assigning to dpranke, owner of that. third_party/pdfium/third_party/freetype/ seems to be a bit more up to date and the bug is not reproducible using that version.
,
Feb 9 2017
I accidentally removed someone from CC, sorry.
,
Feb 9 2017
@marbella - ah, I'm just surprised that we're bisecting so far back and catching this just now. @drott, can I punt this to you?
,
Feb 28 2017
This should be fixed, FreeType was updated to 2.7.1+patches in https://chromium-review.googlesource.com/c/444189/, compare issue 686947 .
,
Feb 28 2017
,
Feb 28 2017
ClusterFuzz has detected this issue as fixed in range 453200:453220. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5039880557297664 Fuzzer: attekett_surku_fuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x619000007880,0x619000007aab) and [0x619000007a55, 0x619000007c80) Crash State: BDF_Face_Init open_face FT_Open_Face Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=314095:314100 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=453200:453220 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv959l3w7Hu_9D8w9ffZUQ0Q0FWBNbVCQ1ZnQhSA7Fi1un1twjFjx0qPtOQsepqiBfWQTtWBxPxHgmuUClMIA4wi__eQgG2TvQEQlDEoYlYYo7yd1EpXrrn7LtxHpRv3S1V-AE0E0u2PWXi9laZAgbXBVWuQdPAN5ocq95Su8oW_6XPEfV-Ia8nnmaOXTnCibqN3sI3l3dK-6Un1HoEddiQBZvxI0808NqGolecbFXUqR652Z1O2n0_h78DXrHivoetQpkc3HcB1cAauMRV7oVTm63wxfXmjFmp4Cx3MlXolJNur12Vc_I8jxmLEDwAKxw8egxAsfBtIllS3rlUarfkpzRHxitZtyBKffvanQS1hn7NQiyac?testcase_id=5039880557297664 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 1 2017
ClusterFuzz has detected this issue as fixed in range 453200:453220. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5039880557297664 Fuzzer: attekett_surku_fuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x619000007880,0x619000007aab) and [0x619000007a55, 0x619000007c80) Crash State: BDF_Face_Init open_face FT_Open_Face Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=314095:314100 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=453200:453220 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv959l3w7Hu_9D8w9ffZUQ0Q0FWBNbVCQ1ZnQhSA7Fi1un1twjFjx0qPtOQsepqiBfWQTtWBxPxHgmuUClMIA4wi__eQgG2TvQEQlDEoYlYYo7yd1EpXrrn7LtxHpRv3S1V-AE0E0u2PWXi9laZAgbXBVWuQdPAN5ocq95Su8oW_6XPEfV-Ia8nnmaOXTnCibqN3sI3l3dK-6Un1HoEddiQBZvxI0808NqGolecbFXUqR652Z1O2n0_h78DXrHivoetQpkc3HcB1cAauMRV7oVTm63wxfXmjFmp4Cx3MlXolJNur12Vc_I8jxmLEDwAKxw8egxAsfBtIllS3rlUarfkpzRHxitZtyBKffvanQS1hn7NQiyac?testcase_id=5039880557297664 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 13 2017
,
Jun 7 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jan 31 2017