Issue 916029 link

Starred by 3 users

Issue metadata

Status:	Assigned
Owner:	thestig@chromium.org
Components:	Internals>Skia>PDF
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Stability-Libfuzzer Clusterfuzz Stability-UndefinedBehaviorSanitizer ClusterFuzz-Auto-CC

Integer-overflow in sfntly::BitmapGlyphInfo::offset

Project Member Reported by ClusterFuzz, Dec 18

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5673396312211456

Fuzzer: libFuzzer_sfntly_fuzzer
Fuzz target binary: sfntly_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sfntly::BitmapGlyphInfo::offset
  sfntly::EbdtTable::Builder::Initialize
  sfntly::EbdtTable::Builder::GetGlyphBuilders
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=417039:417261

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5673396312211456

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

Project Member

Comment 1 by ClusterFuzz, Dec 18

Cc: thestig@chromium.org
Labels: ClusterFuzz-Auto-CC

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 2 by thestig@chromium.org, Dec 18

Cc: -thestig@chromium.org
Components: Internals>Skia>PDF
Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)

►

Issue 916029 link

Issue metadata

Integer-overflow in sfntly::BitmapGlyphInfo::offset

Issue description

Comment 1 by ClusterFuzz, Dec 18

Comment 1 Deleted

Comment 2 by thestig@chromium.org, Dec 18

Comment 2 Deleted

Sign in to add a comment