Integer-overflow in SkReadBuffer::readTypeface |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6209471096553472 Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: SkReadBuffer::readTypeface SkPaint::unflatten SkTextBlob::MakeFromBuffer Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=522890:522915 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6209471096553472 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Dec 9 2017
Automatically assigning owner based on suspected regression changelist https://skia.googlesource.com/skia/+/8e74cbcd6526a7542b9f704b9e40b0c60d475849 (Revert "Revert "use serialprocs for typefaces""). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Dec 11 2017
The following revision refers to this bug: https://skia.googlesource.com/skia/+/73822257cb01fb31c3ea90de0b88948def4caacf commit 73822257cb01fb31c3ea90de0b88948def4caacf Author: Mike Reed <reed@google.com> Date: Mon Dec 11 19:21:08 2017 read signed 32 if we want to treat it as signed Bug:793603 Change-Id: I040d775fcf76da095ea2a25c33408508b3466fd7 Reviewed-on: https://skia-review.googlesource.com/83280 Commit-Queue: Mike Reed <reed@google.com> Reviewed-by: Mike Klein <mtklein@chromium.org> [modify] https://crrev.com/73822257cb01fb31c3ea90de0b88948def4caacf/src/core/SkReadBuffer.cpp
,
Dec 12 2017
ClusterFuzz testcase 6209471096553472 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Dec 9 2017Labels: Test-Predator-Auto-Components