[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: uninitialized value in _bdf_readstream
From: |
Derek B. Noonburg |
Subject: |
Re: uninitialized value in _bdf_readstream |
Date: |
Tue, 14 Dec 2021 14:57:26 -0800 |
I can confirm this fixes the problem for me.
Thanks!
- Derek
On Mon, 13 Dec 2021 17:10:40 -0500
Ben Wagner <bungeman@gmail.com> wrote:
> I think the earlier Q commit is really the culprit here. The bisected
> change modified the error returned by the other modules when rejecting
> data, so I think that change just allowed the code to get this far.
>
> Looking into getting the fuzzer going with MemorySanitizer to catch
> this sort of issue, but because the fuzzer driver is C++ this means
> needing to build and link against libc++ built with
> -fsanitize=memory. This used to be part of the oss-fuzz base image
> but no longer is.
>
> This particular issue should now be resolved with "[bdf] Fix use of
> uninitialized value."
>
> On Thu, Dec 9, 2021, 4:00 PM Alexei Podtelezhnikov
> <apodtele@gmail.com> wrote:
>
> > Not the earlier Q-commit. Huh.
> >
> >
> > I can reproduce locally and surprisingly this bisects to 8ef8072ba15
> > "[bdf, cid, pfr, winfonts] Improve rejection of other font
> > formats." Will take a quick look.
> >
> > On Wed, Dec 8, 2021, 2:32 PM Derek B. Noonburg
> > <derekn@glyphandcog.com> wrote:
> >
> >> Valgrind is reporting an uninitialized value in _bdf_readstream for
> >> certain (very broken) fonts in my xpdf regression testing on Linux.
> >>
> >> I'm attaching a sample font. It's essentially garbage (pulled out
> >> of a damaged PDF file), but I think the uninitialized value is
> >> still a problem.
> >>
> >> To reproduce: valgrind ftview 16 f1.cff
> >>
> >> Valgrind reports:
> >>
> >> ==22204== Conditional jump or move depends on uninitialised
> >> value(s) ==22204== at 0x4E84410: _bdf_readstream (bdflib.c:577)
> >> ==22204== by 0x4E84410: bdf_load_font (bdflib.c:2196)
> >> ==22204== by 0x4E84410: BDF_Face_Init (bdfdrivr.c:376)
> >> ==22204== by 0x4E51B2A: open_face (ftobjs.c:1465)
> >> ==22204== by 0x4E53062: ft_open_face_internal (ftobjs.c:2537)
> >> ==22204== by 0x4E5342B: FT_New_Face (ftobjs.c:1528)
> >> ==22204== by 0x407FCF: FTDemo_Install_Font (ftcommon.c:543)
> >> ==22204== by 0x403226: main (ftview.c:1809)
> >>
> >> This is new as of 2.11.1.
> >>
> >> - Derek
> >
> >