<div id="origbody"><div id="origbody"><div id="origbody"><div style="box-sizing: border-box; line-height: 1.42857; margin-right: 0px; margin-bottom: 16px; margin-left: 0px; color: rgb(46, 64, 94); font-family: Roboto, "PingFang SC", "Noto Sans SC", "Microsoft YaHei UI", "Microsoft YaHei", "Segoe UI", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">when we do poppler fusiontest-testcase-annot_fuzzer-202110250005 and fusiontest-testcase-pdf_draw_fuzzer-202110250011(this is too big so i can't send to you)£¬we find cairo have <span style="color: rgb(64, 72, 91); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Liberation Sans", "PingFang SC", "Microsoft YaHei", "Hiragino Sans GB", "Wenquanyi Micro Hei", "WenQuanYi Zen Hei", "ST Heiti", SimHei, SimSun, "WenQuanYi Zen Hei Sharp", sans-serif;">SEGV on unknown address</span>, and we put bugfix-fix-read-memory-access.patch</div><div style="box-sizing: border-box; line-height: 1.42857; margin-right: 0px; margin-bottom: 16px; margin-left: 0px; color: rgb(46, 64, 94); font-family: Roboto, "PingFang SC", "Noto Sans SC", "Microsoft YaHei UI", "Microsoft YaHei", "Segoe UI", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;"><p style="box-sizing: border-box; margin-right: 0em; margin-bottom: 16px; margin-left: 0em; line-height: 1.6; word-break: break-word; color: rgb(64, 72, 91); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Liberation Sans", "PingFang SC", "Microsoft YaHei", "Hiragino Sans GB", "Wenquanyi Micro Hei", "WenQuanYi Zen Hei", "ST Heiti", SimHei, SimSun, "WenQuanYi Zen Hei Sharp", sans-serif;">==445452==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000012d1cdb bp 0x7ffcff8d3f20 sp 0x7ffcff8d3da0 T0)<br style="box-sizing: border-box;">==445452==The signal is caused by a READ memory access.<br style="box-sizing: border-box;">==445452==Hint: address points to the zero page.<br style="box-sizing: border-box;">#0 0x12d1cdb in cairo_cff_font_subset_dict_string /src/cairo/_builddir/../src/cairo-cff-subset.c:1418:70<br style="box-sizing: border-box;">#1 0x12d1a94 in cairo_cff_font_subset_dict_strings /src/cairo/_builddir/../src/cairo-cff-subset.c:1450:18<br style="box-sizing: border-box;">#2 0x12ce35f in cairo_cff_font_subset_strings /src/cairo/_builddir/../src/cairo-cff-subset.c:1928:14<br style="box-sizing: border-box;">#3 0x12c8813 in cairo_cff_font_subset_font /src/cairo/_builddir/../src/cairo-cff-subset.c:2004:14<br style="box-sizing: border-box;">#4 0x12c388e in cairo_cff_font_generate /src/cairo/_builddir/../src/cairo-cff-subset.c:2600:14<br style="box-sizing: border-box;">#5 0x12c277a in _cairo_cff_subset_init /src/cairo/_builddir/../src/cairo-cff-subset.c:2977:14<br style="box-sizing: border-box;">#6 0x11f790c in _cairo_pdf_surface_emit_cff_font_subset /src/cairo/_builddir/../src/cairo-pdf-surface.c:5939:14<br style="box-sizing: border-box;">#7 0x11f7152 in _cairo_pdf_surface_emit_unscaled_font_subset /src/cairo/_builddir/../src/cairo-pdf-surface.c:6654:14<br style="box-sizing: border-box;">#8 0x12dca14 in _cairo_sub_font_collect /src/cairo/_builddir/../src/cairo-scaled-font-subsets.c:742:30<br style="box-sizing: border-box;">#9 0x12d965a in _cairo_scaled_font_subsets_foreach_internal /src/cairo/_builddir/../src/cairo-scaled-font-subsets.c:1064:6<br style="box-sizing: border-box;">#10 0x12d9972 in _cairo_scaled_font_subsets_foreach_unscaled /src/cairo/_builddir/../src/cairo-scaled-font-subsets.c:1092:12<br style="box-sizing: border-box;">#11 0x11dffd0 in _cairo_pdf_surface_emit_font_subsets /src/cairo/_builddir/../src/cairo-pdf-surface.c:6704:14<br style="box-sizing: border-box;">#12 0x11da795 in _cairo_pdf_surface_finish /src/cairo/_builddir/../src/cairo-pdf-surface.c:2486:11<br style="box-sizing: border-box;">#13 0x11a8498 in _cairo_surface_finish /src/cairo/_builddir/../src/cairo-surface.c:1030:11<br style="box-sizing: border-box;">#14 0x11a76e9 in cairo_surface_finish /src/cairo/_builddir/../src/cairo-surface.c:1079:5<br style="box-sizing: border-box;">#15 0x126d062 in _cairo_paginated_surface_finish /src/cairo/_builddir/../src/cairo-paginated-surface.c:214:2<br style="box-sizing: border-box;">#16 0x11a8498 in _cairo_surface_finish /src/cairo/_builddir/../src/cairo-surface.c:1030:11<br style="box-sizing: border-box;">#17 0x11a5175 in cairo_surface_destroy /src/cairo/_builddir/../src/cairo-surface.c:970:2<br style="box-sizing: border-box;">#18 0x6a338d in LLVMFuzzerTestOneInput /src/poppler/glib/tests/fuzzing/annot_fuzzer.cc:73:5<br style="box-sizing: border-box;">#19 0x5a91d3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15<br style="box-sizing: border-box;">#20 0x594942 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6<br style="box-sizing: border-box;">#21 0x59a5e6 in fuzzer::FuzzerDriver(int*, char***, int (<em style="box-sizing: border-box;">)(unsigned char const</em>, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9<br style="box-sizing: border-box;">#22 0x5c3af2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10<br style="box-sizing: border-box;">#23 0x7f6d3482db26 in __libc_start_main (/lib64/libc.so.6+0x25b26)<br style="box-sizing: border-box;">#24 0x5707f9 in _start (/root/oss-fuzz/build/out/poppler/annot_fuzzer+0x5707f9)</p><p style="box-sizing: border-box; margin-right: 0em; margin-left: 0em; line-height: 1.6; word-break: break-word; color: rgb(64, 72, 91); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Liberation Sans", "PingFang SC", "Microsoft YaHei", "Hiragino Sans GB", "Wenquanyi Micro Hei", "WenQuanYi Zen Hei", "ST Heiti", SimHei, SimSun, "WenQuanYi Zen Hei Sharp", sans-serif;">AddressSanitizer can not provide additional info.<br style="box-sizing: border-box;">SUMMARY: AddressSanitizer: SEGV /src/cairo/_builddir/../src/cairo-cff-subset.c:1418:70 in cairo_cff_font_subset_dict_string<br style="box-sizing: border-box;"></p><div>==445452==ABORTING</div><div>-----------------------------------------------------------------------------------</div><p></p><p style="box-sizing: border-box; margin-right: 0em; margin-bottom: 16px; margin-left: 0em; line-height: 1.6; word-break: break-word; color: rgb(64, 72, 91); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Liberation Sans", "PingFang SC", "Microsoft YaHei", "Hiragino Sans GB", "Wenquanyi Micro Hei", "WenQuanYi Zen Hei", "ST Heiti", SimHei, SimSun, "WenQuanYi Zen Hei Sharp", sans-serif;">==445378==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000012f1859 bp 0x7ffd0e09e930 sp 0x7ffd0e09e820 T0)<br style="box-sizing: border-box;">==445378==The signal is caused by a READ memory access.<br style="box-sizing: border-box;">==445378==Hint: address points to the zero page.<br style="box-sizing: border-box;">#0 0x12f1859 in cairo_type1_font_subset_for_each_glyph /src/cairo/_builddir/../src/cairo-type1-subset.c:1238:40<br style="box-sizing: border-box;">#1 0x12ef869 in cairo_type1_font_subset_write_private_dict /src/cairo/_builddir/../src/cairo-type1-subset.c:1383:14<br style="box-sizing: border-box;">#2 0x12ed874 in cairo_type1_font_subset_write /src/cairo/_builddir/../src/cairo-type1-subset.c:1605:14<br style="box-sizing: border-box;">#3 0x12ecd95 in cairo_type1_font_subset_generate /src/cairo/_builddir/../src/cairo-type1-subset.c:1677:14<br style="box-sizing: border-box;">#4 0x12ec05b in _cairo_type1_subset_init /src/cairo/_builddir/../src/cairo-type1-subset.c:1749:14<br style="box-sizing: border-box;">#5 0x11f8c7c in _cairo_pdf_surface_emit_type1_font_subset /src/cairo/_builddir/../src/cairo-pdf-surface.c:6132:14<br style="box-sizing: border-box;">#6 0x11f7262 in _cairo_pdf_surface_emit_unscaled_font_subset /src/cairo/_builddir/../src/cairo-pdf-surface.c:6662:14<br style="box-sizing: border-box;">#7 0x12dcae4 in _cairo_sub_font_collect /src/cairo/_builddir/../src/cairo-scaled-font-subsets.c:742:30<br style="box-sizing: border-box;">#8 0x12d972a in _cairo_scaled_font_subsets_foreach_internal /src/cairo/_builddir/../src/cairo-scaled-font-subsets.c:1064:6<br style="box-sizing: border-box;">#9 0x12d9a42 in _cairo_scaled_font_subsets_foreach_unscaled /src/cairo/_builddir/../src/cairo-scaled-font-subsets.c:1092:12<br style="box-sizing: border-box;">#10 0x11e00a0 in _cairo_pdf_surface_emit_font_subsets /src/cairo/_builddir/../src/cairo-pdf-surface.c:6704:14<br style="box-sizing: border-box;">#11 0x11da865 in _cairo_pdf_surface_finish /src/cairo/_builddir/../src/cairo-pdf-surface.c:2486:11<br style="box-sizing: border-box;">#12 0x11a8568 in _cairo_surface_finish /src/cairo/_builddir/../src/cairo-surface.c:1030:11<br style="box-sizing: border-box;">#13 0x11a77b9 in cairo_surface_finish /src/cairo/_builddir/../src/cairo-surface.c:1079:5<br style="box-sizing: border-box;">#14 0x126d132 in _cairo_paginated_surface_finish /src/cairo/_builddir/../src/cairo-paginated-surface.c:214:2<br style="box-sizing: border-box;">#15 0x11a8568 in _cairo_surface_finish /src/cairo/_builddir/../src/cairo-surface.c:1030:11<br style="box-sizing: border-box;">#16 0x11a5245 in cairo_surface_destroy /src/cairo/_builddir/../src/cairo-surface.c:970:2<br style="box-sizing: border-box;">#17 0x6a3436 in LLVMFuzzerTestOneInput /src/poppler/glib/tests/fuzzing/pdf_draw_fuzzer.cc:70:5<br style="box-sizing: border-box;">#18 0x5a91d3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15<br style="box-sizing: border-box;">#19 0x594942 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6<br style="box-sizing: border-box;">#20 0x59a5e6 in fuzzer::FuzzerDriver(int*, char***, int (<em style="box-sizing: border-box;">)(unsigned char const</em>, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9<br style="box-sizing: border-box;">#21 0x5c3af2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10<br style="box-sizing: border-box;">#22 0x7fa61d4ceb26 in __libc_start_main (/lib64/libc.so.6+0x25b26)<br style="box-sizing: border-box;">#23 0x5707f9 in _start (/root/oss-fuzz/build/out/poppler/pdf_draw_fuzzer+0x5707f9)</p><div><p style="box-sizing: border-box; margin-right: 0em; margin-left: 0em; line-height: 1.6; word-break: break-word; color: rgb(64, 72, 91); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Liberation Sans", "PingFang SC", "Microsoft YaHei", "Hiragino Sans GB", "Wenquanyi Micro Hei", "WenQuanYi Zen Hei", "ST Heiti", SimHei, SimSun, "WenQuanYi Zen Hei Sharp", sans-serif;">AddressSanitizer can not provide additional info.<br style="box-sizing: border-box;">SUMMARY: AddressSanitizer: SEGV /src/cairo/_builddir/../src/cairo-type1-subset.c:1238:40 in cairo_type1_font_subset_for_each_glyph<br style="box-sizing: border-box;">==445378==ABORTING</p></div><p style="box-sizing: border-box; margin-right: 0em; margin-left: 0em; line-height: 1.6; word-break: break-word; color: rgb(64, 72, 91); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Liberation Sans", "PingFang SC", "Microsoft YaHei", "Hiragino Sans GB", "Wenquanyi Micro Hei", "WenQuanYi Zen Hei", "ST Heiti", SimHei, SimSun, "WenQuanYi Zen Hei Sharp", sans-serif;"></p><div><br></div><p></p><p></p></div></div></div></div>