Closed
Bug 586501
Opened 14 years ago
Closed 14 years ago
Arithmetic exception in GPOS table [@AnchorMatrix::sanitize]
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: posidron, Assigned: jfkthame)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Attachments
(3 files)
Tag: b'GPOS' Checksum: 0x0001c590 Offset: 364/0x0000016c Length: 3738
Table: b'GPOS'
Number of replaced values: 5
Offset: 21/0x000015 Value: ['ff', 'ff']
Offset: 411/0x00019b Value: ['00', '00', '00', '00', '00', '00', '00', '01']
Offset: 783/0x00030f Value: ['ff', 'ff', 'ff', 'ff']
Offset: 2862/0x000b2e Value: ['00', '00', '00', '01']
Offset: 3148/0x000c4c Value: ['ff', 'ff', 'ff', 'ff']
|
Reporter | |
Comment 1•14 years ago
|
||
|
Assignee | |
Comment 2•14 years ago
|
||
Assignee: nobody → jfkthame
Attachment #465728 -
Flags: review?(jdaggett)
|
||
Updated•14 years ago
|
Attachment #465728 -
Flags: review?(jdaggett) → review+
|
|
Assignee | |
Comment 3•14 years ago
|
||
Comment on attachment 465728 [details] [diff] [review]
patch, v1 - check "rows" value is non-zero before division
Requesting approval2.0 -- we should take this as it's a risk-free fix (also accepted upstream) for an issue where a bad/malicious downloadable font can crash the browser.
Attachment #465728 -
Flags: approval2.0?
|
||
Updated•14 years ago
|
blocking2.0: --- → final+
|
|
||
Comment 4•14 years ago
|
||
Comment on attachment 465728 [details] [diff] [review]
patch, v1 - check "rows" value is non-zero before division
This now blocks, so it doesn't need approval.
Attachment #465728 -
Flags: approval2.0?
|
|
Assignee | |
Comment 5•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Updated•14 years ago
|
Crash Signature: [@AnchorMatrix::sanitize]
|
|
Reporter | |
Updated•13 years ago
|
Blocks: fuzzing-fonts
You need to log in
before you can comment on or make changes to this bug.
Description
•