Open
Bug 1459756
Opened 6 years ago
Updated 2 years ago
graphite2: crash near null in [@ graphite2::Segment::collisionInfo]
Categories
(Core :: Graphics: Text, defect, P3)
Core
Graphics: Text
Tracking
()
NEW
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Attachments
(1 file)
5.32 KB,
application/x-font-ttf
|
Details |
Found with graphite commit edeb6b92d93aca07df457d81a1d728a799a54350 ==9992==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x000000575318 bp 0x7ffff7779030 sp 0x7ffff7778ea0 T0) ==9992==The signal is caused by a READ memory access. ==9992==Hint: address points to the zero page. #0 0x575317 in graphite2::Slot::index() const src/inc/Slot.h:79:35 #1 0x575317 in graphite2::Segment::collisionInfo(graphite2::Slot const*) const src/inc/Segment.h:152 #2 0x575317 in graphite2::Pass::collisionShift(graphite2::Segment*, int, graphite2::json*) const src/Pass.cpp:806 #3 0x572c60 in graphite2::Pass::runGraphite(graphite2::vm::Machine&, graphite2::FiniteStateMachine&, bool) const src/Pass.cpp:444:14 #4 0x53e899 in graphite2::Silf::runGraphite(graphite2::Segment*, unsigned char, unsigned char, int) const src/Silf.cpp:431:33 #5 0x52a650 in graphite2::Segment::justify(graphite2::Slot*, graphite2::Font const*, float, graphite2::justFlags, graphite2::Slot*, graphite2::Slot*) src/Justifier.cpp:208:17 #6 0x5112c5 in LLVMFuzzerTestOneInput tests/fuzz-tests/gr-fuzzer-segment.cpp:113:9 #7 0x511a24 in main tests/fuzz-tests/gr-fuzzer-segment.cpp:143:7 #8 0x7f9856a8782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #9 0x41a3e8 in _start (gr-fuzzer-segment+0x41a3e8)
Updated•6 years ago
|
Priority: -- → P3
Comment 1•6 years ago
|
||
`gr2fonttest -auto -noprint testcase.ttf` results in a failure to load the font due to it being an invalid font. Not sure how you got past that.
Flags: needinfo?(twsmith)
Reporter | ||
Comment 2•6 years ago
|
||
Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1459753#c2
Flags: needinfo?(twsmith)
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•