Closed Bug 1249911 Opened 8 years ago Closed 8 years ago

graphite2: stack-overflow in [@graphite2::Slot::floodShift] Slot.cpp:486

Categories

(Core :: Graphics: Text, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox45 --- fixed
firefox46 --- fixed
firefox47 --- fixed
firefox-esr38 --- fixed
firefox-esr45 45+ ---

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords, Whiteboard: [adv-main45-][adv-esr38.7-])

Attachments

(2 files)

Attached file test_case.ttf
Found in graphite2 revision 2c04f1eda80803d75ff94e53e67c64f108af6d06

==33110==ERROR: AddressSanitizer: stack-overflow on address 0x7ffcab510ff8 (pc 0x7f8463aec57c bp 0x00000071ace0 sp 0x7ffcab511000 T0)
    #0 0x7f8463aec57b in graphite2::Slot::floodShift(graphite2::Position) /home/user/code/graphite/src/Slot.cpp:486:18
    #1 0x7f8463aec580 in graphite2::Slot::floodShift(graphite2::Position) /home/user/code/graphite/src/Slot.cpp:486:18
    ...
    #251 0x7f8463aec580 in graphite2::Slot::floodShift(graphite2::Position) /home/user/code/graphite/src/Slot.cpp:486:18
Attached file test_string.txt
Fixed? upstream in c00e3f7d3741ac5f9a4706e8097320f8a60f4ea8
Verified with graphite revision 2b7f42152ec779c6f96ea744d83a7b7a6912473b. Thanks Martin.
Status: NEW → RESOLVED
Closed: 8 years ago
Depends on: 1252311
Resolution: --- → FIXED
Group: gfx-core-security → core-security-release
Whiteboard: [adv-main45+][adv-esr38.7+]
Whiteboard: [adv-main45+][adv-esr38.7+] → [adv-main45-][adv-esr38.7-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.