|
From: | armin |
Subject: | Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics |
Date: | Wed, 7 Aug 2019 21:59:58 +0100 |
> Thanks for looking into it. FWIW, my commit merely re-enabled an older code > path. NW we've already fixed a lot of those that came up in our own fuzzers :) ... it's actually harmless but a side product of fuzzers throwing super random input at apps. Some overflow when facing gigantic glyphs but no one who's truly interested in rendered results would ever use FreeType with such inputs. The idea is to keep the overflow as it is, but have it done in `unsigned' world where it is actually "defined" behaviour (resulting in the same value most likely tho). I left a comment at https://bugs.chromium.org/p/chromium/issues/detail?id=977845#c7 which would help me figure out the exact line of peril much more quickly :) Armin
[Prev in Thread] | Current Thread | [Next in Thread] |