Closed
Bug 1254862
Opened 8 years ago
Closed 8 years ago
graphite2: heap-buffer-overflow read in [@graphite2::Segment::splice]
Categories
(Core :: Graphics: Text, defect)
Core
Graphics: Text
Tracking
()
RESOLVED
FIXED
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(4 keywords)
Attachments
(2 files)
This was found while fuzzing graphite2 latest revision (f67e446f6637d5845a4df55e83a4f8a0eb7ad42b) This uses the segcache code that is not used by Firefox (correct me if I am wrong here Martin or Jonathan). This is likely not a sec issue however I am hiding this bug because of the large number of bugs that have been found and I would like to avoid any unwanted attention until things calm down. To reproduce run: ./gr2fonttest test_case.ttf -auto -cache
Reporter | ||
Comment 1•8 years ago
|
||
Reporter | ||
Updated•8 years ago
|
Summary: graphite2: heap-buffer-overflow read in [@graphite2::Slot::index] → graphite2: heap-buffer-overflow read in [@graphite2::Segment::splice]
Comment 2•8 years ago
|
||
Right, we build with the GRAPHITE2_NSEGCACHE symbol defined, to omit the segcache code. So provided this occurs within code subject to that #ifndef, it can't affect firefox.
Reporter | ||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Group: gfx-core-security → core-security-release
Updated•4 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•