freetype-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: uninitialized value in _bdf_readstream


From: Ben Wagner
Subject: Re: uninitialized value in _bdf_readstream
Date: Mon, 13 Dec 2021 17:10:40 -0500

I think the earlier Q commit is really the culprit here. The bisected change modified the error returned by the other modules when rejecting data, so I think that change just allowed the code to get this far. 

Looking into getting the fuzzer going with MemorySanitizer to catch this sort of issue, but because the fuzzer driver is C++ this means needing to build and link against libc++ built with -fsanitize=memory. This used to be part of the oss-fuzz base image but no longer is.

This particular issue should now be resolved with "[bdf] Fix use of uninitialized value."

On Thu, Dec 9, 2021, 4:00 PM Alexei Podtelezhnikov <apodtele@gmail.com> wrote:
Not the earlier Q-commit. Huh.


I can reproduce locally and surprisingly this bisects to 8ef8072ba15 "[bdf, cid, pfr, winfonts] Improve rejection of other font formats." Will take a quick look.

On Wed, Dec 8, 2021, 2:32 PM Derek B. Noonburg <derekn@glyphandcog.com> wrote:
Valgrind is reporting an uninitialized value in _bdf_readstream for
certain (very broken) fonts in my xpdf regression testing on Linux.

I'm attaching a sample font.  It's essentially garbage (pulled out of a
damaged PDF file), but I think the uninitialized value is still a
problem.

To reproduce: valgrind ftview 16 f1.cff

Valgrind reports:

==22204== Conditional jump or move depends on uninitialised value(s)
==22204==    at 0x4E84410: _bdf_readstream (bdflib.c:577)
==22204==    by 0x4E84410: bdf_load_font (bdflib.c:2196)
==22204==    by 0x4E84410: BDF_Face_Init (bdfdrivr.c:376)
==22204==    by 0x4E51B2A: open_face (ftobjs.c:1465)
==22204==    by 0x4E53062: ft_open_face_internal (ftobjs.c:2537)
==22204==    by 0x4E5342B: FT_New_Face (ftobjs.c:1528)
==22204==    by 0x407FCF: FTDemo_Install_Font (ftcommon.c:543)
==22204==    by 0x403226: main (ftview.c:1809)

This is new as of 2.11.1.

- Derek

reply via email to

[Prev in Thread] Current Thread [Next in Thread]