New issue
Advanced search Search tips

Issue 699510 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Mar 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

num_glyphs >= 0

Project Member Reported by ClusterFuzz, Mar 8 2017

Issue description

Cc: mmoroz@chromium.org thestig@chromium.org tsepez@chromium.org och...@chromium.org
Labels: Test-Predator-Wrong M-59
Could someone please take a look?.
Thank you
Cc: -tsepez@chromium.org -och...@chromium.org behdad@chromium.org
Components: Internals>Skia>PDF
Labels: -Pri-1 -M-59 Pri-2
Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)
Status: Started (was: Assigned)
https://github.com/googlei18n/sfntly/pull/75
Project Member

Comment 5 by bugdroid1@chromium.org, Mar 28 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/83d38421f79045fef26de00d4c76198c06067852

commit 83d38421f79045fef26de00d4c76198c06067852
Author: thestig <thestig@chromium.org>
Date: Tue Mar 28 19:27:17 2017

Roll DEPS for sfntly de3cce5..04740d2

04740d2 Merge pull request #75 from leizleiz/morefixes
0c9b2fd Fix nits in OTFBasicEditing test.
3723ffd Fix ReadableFontData::ReadDateTimeAsLong().
126f3b3 Fix assert failures in HorizontalMetricsTable.
8fcbf51 Check offsets in FontFactory::LoadCollectionForBuilding().
b95a8f4 Avoid integer overflow in LocaTable::GlyphLength().
cccd3aa Check for integer overflow in SetupGlyfBuilders.
f1384b2 Fix more NULL pointer derefs in sfntly::Font::Builder.
7525f24 Revert commit 3e3a91a.

BUG= 659936 ,663737, 666619 , 669806 , 699510 , 705357 
TBR=behdad@chromium.org,jshin@chromium.org

Review-Url: https://codereview.chromium.org/2784563002
Cr-Commit-Position: refs/heads/master@{#460186}

[modify] https://crrev.com/83d38421f79045fef26de00d4c76198c06067852/DEPS

Status: Fixed (was: Started)
Project Member

Comment 7 by ClusterFuzz, Mar 29 2017

ClusterFuzz has detected this issue as fixed in range 460170:460210.

Detailed report: https://clusterfuzz.com/testcase?key=5808042252959744

Fuzzer: libfuzzer_sfntly_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  num_glyphs >= 0
  sfntly::HorizontalMetricsTable::Builder::SetNumGlyphs
  sfntly::Font::Builder::InterRelateBuilders
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=455091:455226
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=460170:460210

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv959Grc1nIJQJ7zl7b-c3PyEnwUHhKDxbl8xkRW9WRwdDnLimg9-rUGhfhBuOXMBpeA1rJ8BoW4e64i9AutWeuTU7WKdIYuq6V_Fp2psCouR34pVJr8DSWWVoZfNlY7Y8zzfyL1DN7Kr0hoa5o3jJpoYukZaHSb9-Xc5yh3Q67x1yrfyX9bv1ozNforD8qmA1PLPTxOboritNHDGxAuxz6HUSplfZunfK8BMcdmYM1anJgLWCTJSNKTX9wImLOufk5gf3MVui_pkdfd4cLT96R81w3zu_fI-yO8Cr1TRzZXD3UBni1zrmPHdyjhTzGHugXVSAZq5_brxNBSmPn3zl2I5IUPVK8-UNwnQZiIpxlqFo0uRVRw?testcase_id=5808042252959744


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment