Closed
Bug 1272170
Opened 9 years ago
Closed 8 years ago
freetype2: UBSan: null pointer passed as argument 2, which is declared to never be null [@cff_index_get_name] in cffload.c:605
Categories
(Core :: Graphics: Text, defect)
Core
Graphics: Text
Tracking
()
RESOLVED
FIXED
mozilla53
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, csectype-nullptr, testcase, Whiteboard: gfx-noted)
Attachments
(1 file)
1.52 KB,
application/x-font-ttf
|
Details |
Found while fuzzing freetype2 commit cdc8f4d9330b0e402fbc22e22c13c30656d1c3cd(>2.6.3)
To reproduce run the attached test case with ftrandom built with Undefined Behavior Sanitizer.
/home/user/code/freetype2/src/cff/cffload.c:605:7: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:47:28: note: nonnull attribute specified here
#0 0x6592b7 in cff_index_get_name /home/user/code/freetype2/src/cff/cffload.c:605:7
#1 0x608581 in cff_font_load /home/user/code/freetype2/src/cff/cffload.c:1665:23
#2 0x608581 in cff_face_init /home/user/code/freetype2/src/cff/cffobjs.c:582
#3 0x5025bf in open_face /home/user/code/freetype2/src/base/ftobjs.c:1177:15
#4 0x4ff659 in FT_Open_Face /home/user/code/freetype2/src/base/ftobjs.c:2177:19
#5 0x4fed0e in FT_New_Face /home/user/code/freetype2/src/base/ftobjs.c:1240:12
#6 0x4e38b7 in ExecuteTest /home/user/code/freetype2/src/tools/ftrandom/../../../src/tools/ftrandom/ftrandom.c:139:10
#7 0x4e38b7 in main /home/user/code/freetype2/src/tools/ftrandom/../../../src/tools/ftrandom/ftrandom.c:166
#8 0x7fdebd94fec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#9 0x41dfa5 in _start (/home/ubuntu/build/build/ftrandom+0x41dfa5)
Updated•9 years ago
|
Whiteboard: gfx-noted
Reporter | ||
Comment 1•8 years ago
|
||
Reporter | ||
Comment 2•8 years ago
|
||
Fixed upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0fa7a67bfc334775b030d95cac763eeb7247436
Planned release: 2.7.0
Reporter | ||
Updated•8 years ago
|
Updated•8 years ago
|
status-firefox51:
--- → wontfix
status-firefox52:
--- → affected
status-firefox53:
--- → fixed
Target Milestone: --- → mozilla53
Updated•8 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•