Closed Bug 1322660 Opened 8 years ago Closed 8 years ago

Crash in woff2 module

Categories

(Core :: Graphics: Text, defect, P3)

Product:
Core
Component:
Graphics: Text
Version:
50 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox52 --- wontfix
firefox-esr52 53+ fixed
firefox53 --- fixed
firefox54 --- fixed
firefox55 --- fixed

People

(Reporter: martin, Assigned: martin)

References

Details

(Whiteboard: [gfx-noted])

Attachments

(1 file, 1 obsolete file)

Use memset instead of dereferencing a pointer after casting (v2)
2.23 KB, patch
jfkthame
: review+
gchang
: approval-mozilla-aurora+
gchang
: approval-mozilla-beta+
jcristau
: approval-mozilla-esr52+
Details | Diff | Splinter Review
The woff2 module dereferences pointers after casting to a type requiring higher alignement. This causes crashes on some architectures (will also report this upstream). Fix is trivial.
Upstream pull request: https://github.com/google/woff2/pull/69
Component: General → Graphics: Text
Assignee: nobody → martin
Priority: -- → P3
Whiteboard: [gfx-noted]
Martin, what's the status of your patch? Is it reviewable?
Flags: needinfo?(martin)
[Tracking Requested - why for this release]: Improve stability on strict alignment architectures (e.g. sparc64). Bug 1323303 broke big-endian architectures (e.g. sparc64), so it'd be nice to have a stable ESR base.
tracking-firefox-esr52: --- → ?
Yes, the patch should be good to review/merge.
Flags: needinfo?(martin)
Attachment #8817606 - Flags: review?(jfkthame)
Comment on attachment 8817606 [details] [diff] [review] Use memset instead of dereferencing a pointer after casting (v2) Review of attachment 8817606 [details] [diff] [review]: ----------------------------------------------------------------- Yes, patch looks fine; I think we should go ahead and take this, even though we're still waiting for upstream to act on it. (This attachment doesn't actually have the necessary patch metadata to be able to land directly; but I'll just fix that up locally and push it.)
Attachment #8817606 - Flags: review?(jfkthame) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/1c8f82fbc5cfa2f1e30a2cfe10d6ec743d54be67 Bug 1322660 - Use memcpy() in WOFF2 code instead of dereferencing a pointer after casting to a type with different alignment requirements. r=jfkthame
https://hg.mozilla.org/mozilla-central/rev/1c8f82fbc5cf
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
Comment on attachment 8817606 [details] [diff] [review] Use memset instead of dereferencing a pointer after casting (v2) Approval Request Comment [ESR consideration]: FF53+ via Skia and Rust require more porting on non-x86 non-arm platforms [Feature/Bug causing the regression]: bug 1064737 + bug 1227058 [User impact if declined]: Crash on strict-alignment architectures (e.g. sparc64) [Is this code covered by automated tests?]: Yes. [Has the fix been verified in Nightly?]: Only downstream on 50.0-52.0 [Needs manual test from QE? If yes, steps to reproduce]: None [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: Can only crash with downloaded fonts. [String changes made/needed]: None
Attachment #8817606 - Flags: approval-mozilla-esr52?
Attachment #8817606 - Flags: approval-mozilla-beta?
Attachment #8817606 - Flags: approval-mozilla-aurora?
Comment on attachment 8817606 [details] [diff] [review] Use memset instead of dereferencing a pointer after casting (v2) Fix a crash. Aurora54+ & Beta53+.
Attachment #8817606 - Flags: approval-mozilla-beta?
Attachment #8817606 - Flags: approval-mozilla-beta+
Attachment #8817606 - Flags: approval-mozilla-aurora?
Attachment #8817606 - Flags: approval-mozilla-aurora+
Setting qe-verify- based on Jan's assessment on manual testing needs (see Comment 9) and the fact that this fix has automated coverage.
Flags: qe-verify-
Comment on attachment 8817606 [details] [diff] [review] Use memset instead of dereferencing a pointer after casting (v2) avoid unaligned memory access, esr52+
Attachment #8817606 - Flags: approval-mozilla-esr52? → approval-mozilla-esr52+
Depends on: 1363907
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: