Closed
Bug 580100
Opened 14 years ago
Closed 14 years ago
ASSERTION/Crash: font is lacking metrics, we shouldn't be here: '(mNumLongMetrics > 0) && mHmtxTable != nsnull'
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: posidron, Assigned: jfkthame)
References
(Blocks 1 open bug)
Details
Attachments
(4 files)
|
22.84 KB,
application/zip
|
Details | |
|
5.31 KB,
text/plain
|
Details | |
|
3.20 KB,
patch
|
jtd
:
review+
|
Details | Diff | Splinter Review |
|
27.04 KB,
patch
|
jtd
:
review+
|
Details | Diff | Splinter Review |
Build identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; en-US; rv:2.0b2pre) Gecko/20100718 Minefield/4.0b2pre
Table: hhea
Offset: 268/0x10c
Values:
80 00 # metricDataFormat
00 00 # numberOfHMetrics
Load the provided html file.
|
Reporter | |
Comment 1•14 years ago
|
||
|
|
Reporter | |
Comment 2•14 years ago
|
||
|
Assignee | |
Comment 3•14 years ago
|
||
This patch adds some sanity-checking for the metrics tables during initialization, so that we don't risk out-of-bounds indexing when it comes to actually looking up entries.
Assignee: nobody → jfkthame
Attachment #458600 -
Flags: review?(jdaggett)
|
||
Comment 4•14 years ago
|
||
Comment on attachment 458600 [details] [diff] [review]
patch, v1 - sanity-check hhea fields & hmtx length before using font with harfbuzz
Yup, looks good.
Attachment #458600 -
Flags: review?(jdaggett) → review+
|
|
||
Comment 5•14 years ago
|
||
BTW, I think we need a simple reftest for this.
|
|
Assignee | |
Comment 6•14 years ago
|
||
Attachment #458950 -
Flags: review?(jdaggett)
|
|
Assignee | |
Comment 7•14 years ago
|
||
Nominating for blocking2.0 - this provides a means for a corrupt or malicious font to trigger a crash. Patch is low-risk, just improving validation before we use the font data.
blocking2.0: --- → ?
|
|
||
Updated•14 years ago
|
Attachment #458950 -
Flags: review?(jdaggett) → review+
|
||
Updated•14 years ago
|
blocking2.0: ? → final+
|
|
Assignee | |
Comment 8•14 years ago
|
||
Pushed patch + crashtest:
http://hg.mozilla.org/mozilla-central/rev/676e4798d2b0
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Updated•13 years ago
|
Blocks: fuzzing-fonts
You need to log in
before you can comment on or make changes to this bug.
Description
•