[cairo] Anyone interested in fuzzing issues?
Albert Astals Cid
aacid at kde.org
Wed Dec 16 22:48:36 UTC 2020
El dimecres, 16 de desembre de 2020, a les 20:50:40 CET, Bill Spitzak va escriure:
> These seem really useful, provided the tool gives a bit deeper of a stack
> dump.
Yes, there's obviously full backtraces, i didn't post them because I'm not sure what the security policy is for cairo and didn't want to spill the beans on the floor for everyone to see if that's not what you do.
Cheers,
Albert
>
>
> On Wed, Dec 16, 2020 at 11:29 AM Albert Astals Cid <aacid at kde.org> wrote:
>
> > We recently added fuzzing to the cairo renderer in poppler and we're
> > getting quite some issues like
> >
> > ==937==ERROR: AddressSanitizer: SEGV on unknown address 0x621ffffffbf1 (pc
> > 0x00000128668c bp 0x7fff021c0130 sp 0x7fff021c0130 T0)
> > The signal is caused by a READ memory access.
> > #0 0x128668c in get_unaligned_be16 cairo/src/cairoint.h:254:12
> >
> > ==16677==ERROR: AddressSanitizer: heap-buffer-overflow on address
> > 0x61e000000ab0 at pc 0x000001284abe bp 0x7ffcd2a139c0 sp 0x7ffcd2a139b8
> > WRITE of size 4 at 0x61e000000ab0 thread T0
> > #0 0x1284abd in cairo_cff_font_read_fdselect
> > cairo/src/cairo-cff-subset.c:995:35
> >
> > ==82684==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008
> > (pc 0x000001183711 bp 0x7fff8230a940 sp 0x7fff8230a840 T0)
> > The signal is caused by a READ memory access.
> > #0 0x1183711 in
> > cairo_cff_font_subset_charstrings_and_subroutines
> > cairo/src/cairo-cff-subset.c:1792:45
> >
> > Anyone interested in the full traces/files to reproduce those issues?
> >
> > Cheers,
> > Albert
> >
> >
> > --
> > cairo mailing list
> > cairo at cairographics.org
> > https://lists.cairographics.org/mailman/listinfo/cairo
> >
>
More information about the cairo
mailing list