New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 734820 link

Starred by 2 users
Status: WontFix
Owner:
behdad@chromium.org
Closed: Jan 2018
Cc:
ebra...@gnu.org
msrchandra@chromium.org
drott@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in position_around_base

Project Member Reported by ClusterFuzz, Jun 20 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6063607579410432

Fuzzer: inferno_twister_c
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  position_around_base
  position_cluster
  hb_ot_position
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=444706:444710

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6063607579410432


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by sandeepkumars@chromium.org, Jul 14 2017

Cc: msrchandra@chromium.org
Components: Blink>Fonts
Labels: M-61 Test-Predator-Correct-CLs
Owner: drott@chromium.org
Status: Assigned (was: Untriaged)
The result is a list of CLs that change the crashed files. 

Author: drott
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/f2dc38825cce54c0b87841a420afbd71453d506b
Time: Thu Jan 19 11:28:10 2017
Files hb-ot-shape.cc, hb-shape.cc are changed in this cl (and is part of stack frame #2, "hb_ot_position"; frame #3, "hb_ot_shape_internal"; frame #4, "_hb_ot_shape")
Minimum distance from crash line to modified line: 2. (file: hb-ot-shape.cc, crashed on: 766, modified: 764).

@drott -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You

Comment 2 by bunge...@chromium.org, Aug 3 2017

Cc: drott@chromium.org
Owner: behdad@chromium.org
Assigning to behdad@ for triage. May need upstream changes, update harfbuzz in Chromium, and/or mark as WontFix as needed.
Project Member

Comment 3 by ClusterFuzz, Oct 1 2017

Labels: Test-Predator-AutoComponents
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 4 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Comment 5 by e...@chromium.org, Jan 29 2018

Status: WontFix (was: Assigned)
Project Member

Comment 6 by ClusterFuzz, Feb 5 2018

Labels: Needs-Feedback
ClusterFuzz testcase 6063607579410432 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 7 by behdad@chromium.org, Feb 8 2018

Cc: ebra...@gnu.org

Sign in to add a comment