Closed
Bug 803498
Opened 12 years ago
Closed 12 years ago
Graphite2 crash [@graphite2::Silf::readGraphite]
Categories
(Core :: Graphics, defect)
Tracking
()
VERIFIED
FIXED
mozilla19
Tracking | Status | |
---|---|---|
firefox17 | --- | disabled |
firefox18 | --- | disabled |
firefox19 | + | fixed |
firefox-esr10 | --- | unaffected |
firefox-esr17 | --- | unaffected |
People
(Reporter: posidron, Assigned: jfkthame)
References
(Blocks 1 open bug)
Details
(Keywords: crash, sec-critical, testcase, Whiteboard: [adv-main19-])
Attachments
(3 files)
29.18 KB,
application/zip
|
Details | |
11.48 KB,
text/plain
|
Details | |
8.44 KB,
patch
|
Details | Diff | Splinter Review |
Table: b'Sill'
Number of values: 2
Offset: 8/0x000008 Value: ['ff', 'ff', 'ff', 'fe']
Offset: 14/0x00000e Value: ['20', '00']
Table: b'Silf'
Number of values: 4
Offset: 15/0x00000f Value: ['40', '00']
Offset: 18/0x000012 Value: ['00', '00', '00', '00']
Offset: 42/0x00002a Value: ['7f', 'fe']
Offset: 60/0x00003c Value: ['7f', 'fe']
Reporter | ||
Comment 1•12 years ago
|
||
Assignee | ||
Comment 2•12 years ago
|
||
Is this consistently reproducible for you, or is it unpredictable how long it may run before it reports a problem?
Assignee | ||
Comment 3•12 years ago
|
||
Never mind, confirmed that this is readily reproducible using a current ASAN build (from https://people.mozilla.com/~choller/firefox/asan/20121019-mozilla-central-macosx64-debug-0ff60bfb3442+asan.html) with graphite enabled in about:config.
Updated•12 years ago
|
Assignee: nobody → jfkthame
Assignee | ||
Comment 4•12 years ago
|
||
I think this will be fixed by the library update in bug 803347 - we should re-test once we have ASAN builds with that patch.
Reporter | ||
Comment 5•12 years ago
|
||
(In reply to Jonathan Kew (:jfkthame) from comment #4)
> I think this will be fixed by the library update in bug 803347 - we should
> re-test once we have ASAN builds with that patch.
Nope, did not fix this problem.
Assignee | ||
Comment 6•12 years ago
|
||
Drat. OK, thanks for checking; will follow up with the graphite team.
Updated•12 years ago
|
status-firefox19:
--- → affected
tracking-firefox19:
--- → +
Assignee | ||
Comment 7•12 years ago
|
||
See upstream changelog at http://hg.palaso.org/graphitedev for details.
Attachment #676115 -
Flags: review?(jdaggett)
Assignee | ||
Comment 8•12 years ago
|
||
This will be superseded by bug 805760, which updates us to a more recent upstream commit and has just landed on m-i.
Target Milestone: --- → mozilla19
Assignee | ||
Updated•12 years ago
|
Attachment #676115 -
Flags: review?(jdaggett)
Assignee | ||
Comment 9•12 years ago
|
||
Fixed by bug 805760.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Reporter | ||
Updated•12 years ago
|
Status: RESOLVED → VERIFIED
Updated•12 years ago
|
status-firefox17:
--- → disabled
status-firefox18:
--- → disabled
status-firefox-esr17:
--- → unaffected
Comment 10•12 years ago
|
||
How is this "disabled" for 18 but bug 803347 is not when they are both graphite2 crashes?
Assignee | ||
Comment 11•12 years ago
|
||
All graphite2-related bugs are "disabled" for current branches, in the sense that the feature is preffed off by default, so the code is only reachable if a user has explicitly turned it on through about:config.
Comment 12•12 years ago
|
||
That's good to know. That changes the measure of how we discuss this for advisories as a security issue.
Updated•12 years ago
|
Whiteboard: [adv-main19-]
Reporter | ||
Updated•12 years ago
|
Blocks: fuzzing-fonts
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•