Issue 729669 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	behdad@chromium.org
Closed:	Jan 2018
Cc:	ebra...@gnu.org drott@chromium.org
Components:	Blink>Fonts
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Needs-Feedback Clusterfuzz Stability-UndefinedBehaviorSanitizer Test-Predator-Wrong-CLs M-63 Test-Predator-Auto-Components

Integer-overflow in position_mark

Project Member Reported by ClusterFuzz, Jun 5 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4765267493388288

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  position_mark
  position_around_base
  position_cluster
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=370022:370027

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4765267493388288


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by bunge...@chromium.org, Aug 3 2017

Cc: drott@chromium.org
Owner: behdad@chromium.org

The detailed report here claims this affects 'stable 58 and beta 59' but the actual current reproduction is from a master commit about two days ago, so I'm not sure what that's all about.

Upstream may need a fix, Chromium may need to update harfbuzz, and it's possible that this is fine (and it should be marked that way, WontFix and whatever label the infra bot then asks for).

Comment 2 by msrchandra@chromium.org, Sep 19 2017

Components: Blink>Fonts
Labels: M-63 Test-Predator-Wrong-CLs
Status: Assigned (was: Untriaged)

Project Member

Comment 3 by ClusterFuzz, Oct 1 2017

Labels: Test-Predator-AutoComponents

Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 4 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Comment 5 by e...@chromium.org, Jan 29 2018

Status: WontFix (was: Assigned)

Project Member

Comment 6 by ClusterFuzz, Feb 5 2018

Labels: Needs-Feedback

ClusterFuzz testcase 4765267493388288 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 7 by behdad@chromium.org, Feb 8 2018

Cc: ebra...@gnu.org

Comment 8 by behdad@google.com, Feb 8 2018

Fixed in https://github.com/harfbuzz/harfbuzz/commit/b220b5a44425db387b2149c4904a43ab369a2d6a

►

Issue 729669 link

Issue metadata

Integer-overflow in position_mark

Issue description

Comment 1 by bunge...@chromium.org, Aug 3 2017

Comment 1 Deleted

Comment 2 by msrchandra@chromium.org, Sep 19 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Oct 1 2017

Comment 3 Deleted

Comment 4 by mbarbe...@chromium.org, Nov 7 2017

Comment 4 Deleted

Comment 5 by e...@chromium.org, Jan 29 2018

Comment 5 Deleted

Comment 6 by ClusterFuzz, Feb 5 2018

Comment 6 Deleted

Comment 7 by behdad@chromium.org, Feb 8 2018

Comment 7 Deleted

Comment 8 by behdad@google.com, Feb 8 2018

Comment 8 Deleted

Sign in to add a comment