Issue 917726 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	Dec 26
Cc:	behdad@google.com mmoroz@chromium.org
Components:	Blink>Fonts
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	2
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Stability-Libfuzzer Clusterfuzz Test-Predator-Auto-Components ClusterFuzz-Auto-CC

Bus in BEInt<unsigned int, 4>::operator unsigned int

Project Member Reported by ClusterFuzz, Dec 25

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5719356528656384

Fuzzer: libFuzzer_harfbuzz_fuzzer
Fuzz target binary: harfbuzz_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Bus
Crash Address: 0x61300400024c
Crash State:
  BEInt<unsigned int, 4>::operator unsigned int
  OT::ArrayOf<AAT::Anchor, OT::IntType<unsigned int, 4u> >::get_size
  AAT::ankr::get_anchor
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=610733:610738

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5719356528656384

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for instructions to reproduce this bug locally.

Project Member

Comment 1 by ClusterFuzz, Dec 25

Components: Blink>Fonts
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Project Member

Comment 2 by ClusterFuzz, Dec 25

Cc: mmoroz@chromium.org
Labels: ClusterFuzz-Auto-CC

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 3 by e...@chromium.org, Dec 26

Cc: behdad@google.com
Labels: -Pri-1 Pri-2
Status: Available (was: Untriaged)

Comment 4 by e...@chromium.org, Dec 26

Mergedinto: 917702
Status: Duplicate (was: Available)

Project Member

Comment 5 by ClusterFuzz, Jan 15

ClusterFuzz has detected this issue as fixed in range 622756:622794.

Detailed report: https://clusterfuzz.com/testcase?key=5719356528656384

Fuzzer: libFuzzer_harfbuzz_fuzzer
Fuzz target binary: harfbuzz_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Bus
Crash Address: 0x61300400024c
Crash State:
  BEInt<unsigned int, 4>::operator unsigned int
  OT::ArrayOf<AAT::Anchor, OT::IntType<unsigned int, 4u> >::get_size
  AAT::ankr::get_anchor
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=610733:610738
Fixed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=622756:622794

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5719356528656384

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 917726 link

Issue metadata

Bus in BEInt<unsigned int, 4>::operator unsigned int

Issue description

Comment 1 by ClusterFuzz, Dec 25

Comment 1 Deleted

Comment 2 by ClusterFuzz, Dec 25

Comment 2 Deleted

Comment 3 by e...@chromium.org, Dec 26

Comment 3 Deleted

Comment 4 by e...@chromium.org, Dec 26

Comment 4 Deleted

Comment 5 by ClusterFuzz, Jan 15

Comment 5 Deleted

Sign in to add a comment