freetype2: Heap-buffer-overflow in ft_var_to_normalized

2017-03-07T02:00:09
ID OSSFUZZ-739
Type ossfuzz
Reporter Google
Modified 2019-03-04T16:56:33

Description

Project: https://github.com/freetype/freetype2-testing.git

Detailed report: https://oss-fuzz.com/testcase?key=6377448260239360

Project: freetype2 Fuzzer: libFuzzer_freetype2_ftfuzzer Fuzz target binary: ftfuzzer Job Type: libfuzzer_asan_freetype2 Platform Id: linux

Crash Type: Heap-buffer-overflow WRITE 8 Crash Address: 0x603000000540 Crash State: ft_var_to_normalized TT_Get_MM_Var FT_Get_MM_Var

Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_freetype2&range=201703061903:201703062108

Reproducer Testcase: https://oss-fuzz.com/download/AMIfv94CWg7EcjFFH4e_Z62h_qwSj1_GNBqlVYcFdHELUdflt8k2F749LgDft_BAQuyqHv5nAvyaKSghb9DlOtTQ5C5qcTI4PtkORefL1yyYRr0Rha4o8UZqnBaDZT_hb5BKDMp_ScPjzejjGoQqk_bXz5phMVq0yomuZQLgdJYZJJeZnbfR46tFQFLmVfziUk7Vd5kmJKeftUsAlKRAHXNKialsYkeheAY2YgTkJkVFWhs0kbJ9mtYin3qg853t6jvhfI3eW7Vzhkh4-yjqFzGmr8sKZhzV4sSP1fVhNzZs_TQ4e_zQtPyPSEjvzbi9KGIoD5AuhcR9MFKHVWo_x3oN0RGTdN5Xmt556w1scvw-ZqaWKQh4v74h9zcvp0udqORxfKbZVBHX?testcase_id=6377448260239360

Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public.