Issue metadata
Sign in to add a comment
|
Incorrect-function-pointer-type in hb_font_destroy |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5841369016041472 Fuzzer: libFuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Incorrect-function-pointer-type Crash Address: Crash State: hb_font_destroy af_face_globals_free destroy_face Sanitizer: undefined (UBSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=472409:472435 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5841369016041472 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 13 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 13 2017
,
Jun 13 2017
Punting to dsinclair for pdfium triage, please
,
Jun 14 2017
May be related to the FreeType roll?
,
Jun 14 2017
,
Jun 14 2017
,
Jun 14 2017
This is caused by fbec38011870753cffb3cb2ff98aa0c00c63b25c. drott@ could you take a look at this?
,
Jun 14 2017
Thanks for investigating, I can try to take a look, but this is probably something for behdad@.
,
Jun 21 2017
,
Jun 29 2017
drott: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 30 2017
ClusterFuzz has detected this issue as fixed in range 483358:483512. Detailed report: https://clusterfuzz.com/testcase?key=5841369016041472 Fuzzer: libFuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Incorrect-function-pointer-type Crash Address: Crash State: hb_font_destroy af_face_globals_free destroy_face Sanitizer: undefined (UBSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=472409:472435 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=483358:483512 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5841369016041472 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 30 2017
ClusterFuzz testcase 5841369016041472 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 30 2017
FreeType roll in https://chromium-review.googlesource.com/c/550379/
,
Jun 30 2017
,
Jul 26 2017
,
Oct 6 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jun 13 2017