Open
Bug 1459755
Opened 6 years ago
Updated 2 years ago
graphite2: crash at null in [@ graphite2::Segment::delLineEnd]
Categories
(Core :: Graphics: Text, defect, P3)
Core
Graphics: Text
Tracking
()
NEW
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Attachments
(1 file)
|
5.99 KB,
application/x-font-ttf
|
Details |
Found with graphite commit edeb6b92d93aca07df457d81a1d728a799a54350
==9988==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000052a877 bp 0x7fffe4230b50 sp 0x7fffe4230a00 T0)
==9988==The signal is caused by a READ memory access.
==9988==Hint: address points to the zero page.
#0 0x52a876 in graphite2::Slot::prev() const src/inc/Slot.h:86:33
#1 0x52a876 in graphite2::Segment::delLineEnd(graphite2::Slot*) src/Justifier.cpp:277
#2 0x52a876 in graphite2::Segment::justify(graphite2::Slot*, graphite2::Font const*, float, graphite2::justFlags, graphite2::Slot*, graphite2::Slot*) src/Justifier.cpp:228
#3 0x511303 in LLVMFuzzerTestOneInput tests/fuzz-tests/gr-fuzzer-segment.cpp:115:9
#4 0x511a24 in main tests/fuzz-tests/gr-fuzzer-segment.cpp:143:7
#5 0x7ff70b07c82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#6 0x41a3e8 in _start (gr-fuzzer-segment+0x41a3e8)
|
||
Updated•6 years ago
|
Priority: -- → P3
|
||
Comment 1•6 years ago
|
||
This font is returned as being invalid and no further processing happens. How do you get this to get this far?
Flags: needinfo?(twsmith)
|
Reporter | |
Comment 2•6 years ago
|
||
Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1459753#c2
Flags: needinfo?(twsmith)
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•