Closed
Bug 1210485
Opened 9 years ago
Closed 9 years ago
MSan: use-of-uninitialized-value in pcf_read_TOC (pcfread.c:105)
Categories
(Core :: Layout: Text and Fonts, defect)
Core
Layout: Text and Fonts
Tracking
()
RESOLVED
INVALID
Tracking | Status | |
---|---|---|
firefox44 | --- | affected |
People
(Reporter: tsmith, Unassigned)
Details
(Keywords: crash, csectype-uninitialized, testcase)
Attachments
(2 files)
This was found while fuzzing freetype 2.5.5 This appears to be a fairly serious issue the the uninitialized values is used as a size in a memory allocation. This can lead to a crash or worse. This likely also affects Firefox OS since I believe it is used in the aosp kernel.
Reporter | ||
Comment 1•9 years ago
|
||
Reporter | ||
Comment 2•9 years ago
|
||
Verified that this is in both 2.5.5 and the latest released version 2.6.
Reporter | ||
Comment 3•9 years ago
|
||
This test case should be a .pcf file (Portable Compiled Format) which we do not support in firefox. So this is likely invalid unless it is used in fxos for some reason.
Comment 4•9 years ago
|
||
I don't know that we support this format anywhere. Even if the code is present on FxOS you either have the built-in fonts (which wouldn't be an attack) or downloadable web fonts which are WOFF (opentype).
Comment 5•9 years ago
|
||
I don't know that android supports this format either, but we could report it upstream to freetype and AOSP anyway.
Comment 6•9 years ago
|
||
I don't believe AOSP will be directly affected by this either, but it should definitely be reported upstream to freetype.
Updated•9 years ago
|
Group: core-security → layout-core-security
Reporter | ||
Comment 7•9 years ago
|
||
Already reported and fixed upstream. https://savannah.nongnu.org/bugs/?func=detailitem&item_id=46109
Reporter | ||
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Updated•9 years ago
|
Group: layout-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•