Issue 722846 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	behdad@chromium.org
Closed:	Jan 2018
Cc:	ebra...@gnu.org drott@chromium.org
Components:	Blink>Fonts
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Needs-Feedback Clusterfuzz Stability-UndefinedBehaviorSanitizer Test-Predator-Wrong-CLs M-63 Test-Predator-Auto-Components

Integer-overflow in position_cluster

Project Member Reported by ClusterFuzz, May 16 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6264935586988032

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  position_cluster
  _hb_ot_shape_fallback_position
  hb_ot_position
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=434178:434216

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6264935586988032


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by bunge...@chromium.org, Aug 3 2017

Cc: drott@chromium.org
Owner: behdad@chromium.org

Assigning to behdad@ for triage. This may already be fixed upstream, in which case we should update Chromium. It could be nothing, in which case we should mark as such.

Taking a quick look at the 'regression range' the only suspicious commit is that clang was updated, which probably added this check.

Comment 2 by msrchandra@chromium.org, Sep 19 2017

Components: Blink>Fonts
Labels: M-63 Test-Predator-Wrong-CLs
Status: Assigned (was: Untriaged)

Project Member

Comment 3 by ClusterFuzz, Oct 1 2017

Labels: Test-Predator-AutoComponents

Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 4 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Comment 5 by e...@chromium.org, Jan 30 2018

Status: WontFix (was: Assigned)

Project Member

Comment 6 by ClusterFuzz, Feb 6 2018

Labels: Needs-Feedback

ClusterFuzz testcase 6264935586988032 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 7 by behdad@chromium.org, Feb 8 2018

Cc: ebra...@gnu.org

Comment 8 by behdad@google.com, Feb 8 2018

Should be fixed by https://github.com/harfbuzz/harfbuzz/commit/b220b5a44425db387b2149c4904a43ab369a2d6a

►

Issue 722846 link

Issue metadata

Integer-overflow in position_cluster

Issue description

Comment 1 by bunge...@chromium.org, Aug 3 2017

Comment 1 Deleted

Comment 2 by msrchandra@chromium.org, Sep 19 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Oct 1 2017

Comment 3 Deleted

Comment 4 by mbarbe...@chromium.org, Nov 7 2017

Comment 4 Deleted

Comment 5 by e...@chromium.org, Jan 30 2018

Comment 5 Deleted

Comment 6 by ClusterFuzz, Feb 6 2018

Comment 6 Deleted

Comment 7 by behdad@chromium.org, Feb 8 2018

Comment 7 Deleted

Comment 8 by behdad@google.com, Feb 8 2018

Comment 8 Deleted

Sign in to add a comment