Closed Bug 1254426 Opened 9 years ago Closed 9 years ago

graphite2: stack-overflow in [@graphite2::Slot::finalise] Slot.cpp:136

Tracking

()

Status:

RESOLVED FIXED

Tracking Flags:

Tracking

Status

firefox45

---

disabled

firefox46

---

fixed

firefox47

---

fixed

firefox48

---

fixed

firefox-esr38

46+

disabled

firefox-esr45

46+

disabled

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords, Whiteboard: [gfx-noted])

Attachments

(1 file)

test_case.ttf 9 years ago Tyson Smith [:tsmith] (deleted), application/x-font-ttf		Details

Tyson Smith [:tsmith]

Reporter

Description

•

9 years ago

Attached file test_case.ttf (deleted) — Details

Found in graphite2 revision bc0ed88404ae7561f8f4ae2cd6dc52dbf55ef8b2 ==65085==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe7f7e0fb8 (pc 0x7f2b02245629 bp 0x7ffe7f7e1090 sp 0x7ffe7f7e0fc0 T0) #0 0x7f2b02245628 in graphite2::GlyphCache::glyph(unsigned short) const /home/user/code/graphite/src/GlyphCache.cpp:213 #1 0x7f2b022819be in graphite2::GlyphCache::glyphSafe(unsigned short) const /home/user/code/graphite/src/inc/GlyphCache.h:156:36 #2 0x7f2b022819be in graphite2::Slot::finalise(graphite2::Segment const*, graphite2::Font const*, graphite2::Position&, graphite2::Rect&, unsigned char, float&, bool, bool) /home/user/code/graphite/src/Slot.cpp:101 ... #252 0x7f2b0228240a in graphite2::Slot::finalise(graphite2::Segment const*, graphite2::Font const*, graphite2::Position&, graphite2::Rect&, unsigned char, float&, bool, bool) /home/user/code/graphite/src/Slot.cpp:136:25

martin_hosken

Comment 1

•

9 years ago

fixed? in 18442d1d5fe7fff1c046368b209b9504e3a13f17

Tyson Smith [:tsmith]

Reporter

Comment 2

•

9 years ago

Verified with graphite revision 18442d1d5fe7fff1c046368b209b9504e3a13f17

Milan Sreckovic [:milan] (needinfo for best results)

Updated

•

9 years ago

Whiteboard: [gfx-noted]

Tyson Smith [:tsmith]

Reporter

Updated

•

9 years ago

Depends on: 1255158

Tyson Smith [:tsmith]

Reporter

Updated

•

9 years ago

Status: NEW → RESOLVED

Closed: 9 years ago

Resolution: --- → FIXED

Daniel Veditz [:dveditz]

Updated

•

9 years ago

Group: gfx-core-security → core-security-release

Daniel Veditz [:dveditz]

Comment 3

•

9 years ago

Graphite2 has been updated on all affected branches including ESRs.

status-firefox45: --- → wontfix

status-firefox46: --- → fixed

status-firefox47: --- → fixed

status-firefox48: --- → fixed

status-firefox-esr38: --- → fixed

status-firefox-esr45: --- → fixed

tracking-firefox-esr38: --- → 46+

tracking-firefox-esr45: --- → 46+

Al Billings [:abillings - ex-MoCo]

Updated

•

9 years ago

status-firefox45: wontfix → disabled

Al Billings [:abillings - ex-MoCo]

Updated

•

9 years ago

status-firefox-esr38: fixed → disabled

status-firefox-esr45: fixed → disabled

Daniel Veditz [:dveditz]

Updated

•

8 years ago

Group: core-security-release

You need to log in before you can comment on or make changes to this bug.

Bugzilla

graphite2: stack-overflow in [@graphite2::Slot::finalise] Slot.cpp:136

Categories

(Core :: Graphics: Text, defect)

Tracking

()

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords, Whiteboard: [gfx-noted])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Updated

Updated

Updated

Updated

Comment 3

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type