Closed Bug 682204 Opened 14 years ago Closed 13 years ago

Malformed Silf table in Graphite leads to crash [@graphite2::vm::Code::release_buffers]

Tracking

()

Status:

RESOLVED FIXED

Tracking Flags:

Tracking

Status

firefox6

---

unaffected

firefox7

unaffected

firefox8

unaffected

firefox9

unaffected

firefox10

verified

firefox-esr10

---

unaffected

People

(Reporter: posidron, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase, Whiteboard: [sg:critical?][qa!])

Attachments

(2 files)

testcase 14 years ago Christoph Diehl [:posidron] 138.03 KB, application/zip		Details
callstack 14 years ago Christoph Diehl [:posidron] 16.85 KB, text/plain		Details

Christoph Diehl [:posidron]

Reporter

Description

•

14 years ago

Attached file testcase — Details

No description provided.

Christoph Diehl [:posidron]

Reporter

Comment 1

•

14 years ago

Attached file callstack — Details

Christoph Diehl [:posidron]

Reporter

Updated

•

14 years ago

Blocks: 681976

martin_hosken

Comment 2

•

14 years ago

Fixed in repo. Thanks for finding a class of bug we hadn't checked for in our fuzz testing. Running a long fuzz test in that area now to flush out any more.

Jonathan Kew [:jfkthame]

Comment 3

•

14 years ago

This fix is included in the latest version of the graphite2 code in bug 631479 part 1 (attachment 556272 [details] [diff] [review]).

Daniel Veditz [:dveditz]

Updated

•

14 years ago

Depends on: 631479

Whiteboard: [sg:critical?]

Daniel Veditz [:dveditz]

Comment 4

•

14 years ago

Given comment 3 should we mark this bug "fixed" then? it's not actually in the Firefox product and now won't be.

status-firefox6: --- → unaffected

status-firefox7: --- → unaffected

status-firefox8: --- → unaffected

Daniel Veditz [:dveditz]

Updated

•

13 years ago

status-firefox9: --- → affected

tracking-firefox9: --- → +

Jonathan Kew [:jfkthame]

Comment 5

•

13 years ago

Marking "fixed" as per comments 3 and 4 - the bug never actually landed in our tree, and is now fixed upstream and in our under-review patch. Not sure why this is marked as "status-firefox9: affected", therefore?

Status: NEW → RESOLVED

Closed: 13 years ago

Resolution: --- → FIXED

Jonathan Kew [:jfkthame]

Updated

•

13 years ago

status-firefox9: affected → unaffected

Daniel Veditz [:dveditz]

Updated

•

13 years ago

tracking-firefox10: --- → +

tracking-firefox7: --- → -

tracking-firefox8: --- → -

tracking-firefox9: + → -

Daniel Veditz [:dveditz]

Updated

•

13 years ago

status-firefox10: --- → fixed

u279076

Updated

•

13 years ago

Whiteboard: [sg:critical?] → [sg:critical?][qa+]

Geo Mealer [:geo] -- This account is inactive after 2015-07-07

Comment 6

•

13 years ago

No crash in 10.0b2 on Mac OS X. As I understand it, there's no prior build to observe crash, so marking verified in Fx 10 and closing out QA verification flag.

status-firefox10: fixed → verified

Whiteboard: [sg:critical?][qa+] → [sg:critical?][qa!]

Daniel Veditz [:dveditz]

Updated

•

13 years ago

Group: core-security

status-firefox-esr10: --- → unaffected

Christoph Diehl [:posidron]

Reporter

Updated

•

13 years ago

Blocks: fuzzing-fonts

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Malformed Silf table in Graphite leads to crash [@graphite2::vm::Code::release_buffers]

Categories

(Core :: Graphics, defect)

Tracking

()

People

(Reporter: posidron, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase, Whiteboard: [sg:critical?][qa!])

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Comment 1

Updated

Comment 2

Comment 3

Updated

Comment 4

Updated

Comment 5

Updated

Updated

Updated

Updated

Comment 6

Updated

Updated

Attachment

General

Description

File Name

Content Type