Monorail Project: oss-fuzz Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users
Status: Verified
Owner: ----
Closed: Oct 2016
Cc:
Type: Bug-Security



Sign in to add a comment
Heap-buffer-overflow in tt_face_vary_cvt
Project Member Reported by monor...@clusterfuzz-external.iam.gserviceaccount.com, Oct 13 2016 Back to list
Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6269022198824960

Fuzzer: libFuzzer_freetype2_fuzzer
Job Type: libfuzzer_asan_freetype2
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 2
Crash Address: 0x615000000ffa
Crash State:
  tt_face_vary_cvt
  TT_Set_MM_Blend
  TT_Set_Var_Design
  
Recommended Security Severity: Medium

Regressed: https://clusterfuzz-external.appspot.com/revisions?job=libfuzzer_asan_freetype2&range=201605242252:201605250605

Minimized Testcase (1.31 Kb): https://clusterfuzz-external.appspot.com/download/AMIfv951N0zOd_zY8BRAVnFTWXEkrcaYRqT1j28mvKr4Y03TBa-YIywVo6rXYl5Zk0lY-w_q27eQ5uWpdbprALJYEyZCGRMoJPS6EojCJupxlo_rKv5H474YSu488vZfwnEZxosZWi7VMeVprKasPW-xf1nIJ6r06IQFJ0kmdpb4xo8x2aYmlDA?testcase_id=6269022198824960

Issue filed automatically.

See  for more information.
 
Comment 1 by aizatsky@google.com, Oct 14 2016
Cc: lemzw...@googlemail.com
Fixed in git.
ClusterFuzz has detected this issue as fixed in range 201610140307:201610140704.

Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6269022198824960

Fuzzer: libFuzzer_freetype2_fuzzer
Job Type: libfuzzer_asan_freetype2
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 2
Crash Address: 0x615000000ffa
Crash State:
  tt_face_vary_cvt
  TT_Set_MM_Blend
  TT_Set_Var_Design
  
Recommended Security Severity: Medium

Regressed: https://clusterfuzz-external.appspot.com/revisions?job=libfuzzer_asan_freetype2&range=201605242252:201605250605
Fixed: https://clusterfuzz-external.appspot.com/revisions?job=libfuzzer_asan_freetype2&range=201610140307:201610140704

Minimized Testcase (1.31 Kb): https://clusterfuzz-external.appspot.com/download/AMIfv951N0zOd_zY8BRAVnFTWXEkrcaYRqT1j28mvKr4Y03TBa-YIywVo6rXYl5Zk0lY-w_q27eQ5uWpdbprALJYEyZCGRMoJPS6EojCJupxlo_rKv5H474YSu488vZfwnEZxosZWi7VMeVprKasPW-xf1nIJ6r06IQFJ0kmdpb4xo8x2aYmlDA?testcase_id=6269022198824960

See  for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Labels: ClusterFuzz-Verified
Status: Verified
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member Comment 5 by ochang@google.com, Nov 4 2016
Labels: -Restrict-View-Commit
Derestricting.
Project Member Comment 6 by ochang@google.com, Nov 29 2016
Labels: -Library-freetype2
Project Member Comment 7 by ochang@google.com, Feb 24
Labels: Engine-libfuzzer
Project Member Comment 8 by ochang@google.com, Jun 13
Labels: Proj-freetype2
Project Member Comment 9 by aarya@google.com, Jul 3
Cc: hintak.l...@gmail.com
Sign in to add a comment