[cairo] Anyone interested in fuzzing issues?

Bill Spitzak spitzak at gmail.com
Wed Dec 16 19:50:40 UTC 2020


These seem really useful, provided the tool gives a bit deeper of a stack
dump.


On Wed, Dec 16, 2020 at 11:29 AM Albert Astals Cid <aacid at kde.org> wrote:

> We recently added fuzzing to the cairo renderer in poppler and we're
> getting quite some issues like
>
> ==937==ERROR: AddressSanitizer: SEGV on unknown address 0x621ffffffbf1 (pc
> 0x00000128668c bp 0x7fff021c0130 sp 0x7fff021c0130 T0)
> The signal is caused by a READ memory access.
>             #0 0x128668c in get_unaligned_be16 cairo/src/cairoint.h:254:12
>
> ==16677==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x61e000000ab0 at pc 0x000001284abe bp 0x7ffcd2a139c0 sp 0x7ffcd2a139b8
> WRITE of size 4 at 0x61e000000ab0 thread T0
>             #0 0x1284abd in cairo_cff_font_read_fdselect
> cairo/src/cairo-cff-subset.c:995:35
>
> ==82684==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008
> (pc 0x000001183711 bp 0x7fff8230a940 sp 0x7fff8230a840 T0)
> The signal is caused by a READ memory access.
>             #0 0x1183711 in
> cairo_cff_font_subset_charstrings_and_subroutines
> cairo/src/cairo-cff-subset.c:1792:45
>
> Anyone interested in the full traces/files to reproduce those issues?
>
> Cheers,
>   Albert
>
>
> --
> cairo mailing list
> cairo at cairographics.org
> https://lists.cairographics.org/mailman/listinfo/cairo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo/attachments/20201216/5cbf4d12/attachment.htm>


More information about the cairo mailing list