Closed Bug 1252335 Opened 8 years ago Closed 8 years ago

graphite2: stack-overflow in [@graphite2::Slot::finalise]

Categories

(Core :: Graphics: Text, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox45 --- disabled
firefox46 --- fixed
firefox47 --- fixed
firefox48 --- fixed
firefox-esr38 46+ disabled
firefox-esr45 46+ disabled

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords, Whiteboard: [gfx-noted])

Attachments

(1 file)

57.49 KB, application/x-font-ttf
Details
Attached file test_case.ttf
Found in graphite2 revision 92e0add6083b2e360e30854cbfceedecaac0d3ad

==60649==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe5185ef78 (pc 0x7f293e31c969 bp 0x7ffe5185f050 sp 0x7ffe5185ef80 T0)
    #0 0x7f293e31c968 in graphite2::GlyphCache::glyph(unsigned short) const /home/user/code/graphite/src/GlyphCache.cpp:211
    #1 0x7f293e35965e in graphite2::GlyphCache::glyphSafe(unsigned short) const /home/user/code/graphite/src/inc/GlyphCache.h:156:36
    #2 0x7f293e35965e in graphite2::Slot::finalise(graphite2::Segment const*, graphite2::Font const*, graphite2::Position&, graphite2::Rect&, unsigned char, float&, bool, bool) /home/user/code/graphite/src/Slot.cpp:101
    ...
    #252 0x7f293e35a0aa in graphite2::Slot::finalise(graphite2::Segment const*, graphite2::Font const*, graphite2::Position&, graphite2::Rect&, unsigned char, float&, bool, bool) /home/user/code/graphite/src/Slot.cpp:136:25

SUMMARY: AddressSanitizer: stack-overflow /home/user/code/graphite/src/GlyphCache.cpp:211 in graphite2::GlyphCache::glyph(unsigned short) const
I used a method similar to the method found in bug 1251869 to generate the test string.
fixed? in 8b0d0679de281ab5d49adebb24f34844350a7f85
Verified with graphite revision bc5409c573aa9ecccacd18cf713021272998cd35
Whiteboard: [gfx-noted]
Depends on: 1255158
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Group: gfx-core-security → core-security-release
Graphite2 has been updated on all affected branches including ESRs.
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.