SEGV in cairo_cff_font_subset_dict_string
AddressSanitizer:DEADLYSIGNAL
=================================================================
==35533==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000012934db bp 0x7fff53aa6060 sp 0x7fff53aa5ee0 T0)
==35533==The signal is caused by a READ memory access.
==35533==Hint: address points to the zero page.
#0 0x12934db in cairo_cff_font_subset_dict_string /src/cairo/_builddir/../src/cairo-cff-subset.c:1418:70
#1 0x1293294 in cairo_cff_font_subset_dict_strings /src/cairo/_builddir/../src/cairo-cff-subset.c:1450:18
#2 0x128fb5f in cairo_cff_font_subset_strings /src/cairo/_builddir/../src/cairo-cff-subset.c:1928:14
#3 0x128a013 in cairo_cff_font_subset_font /src/cairo/_builddir/../src/cairo-cff-subset.c:2004:14
#4 0x128508e in cairo_cff_font_generate /src/cairo/_builddir/../src/cairo-cff-subset.c:2600:14
#5 0x1283f7a in _cairo_cff_subset_init /src/cairo/_builddir/../src/cairo-cff-subset.c:2977:14
#6 0x11b910c in _cairo_pdf_surface_emit_cff_font_subset /src/cairo/_builddir/../src/cairo-pdf-surface.c:5939:14
#7 0x11b8952 in _cairo_pdf_surface_emit_unscaled_font_subset /src/cairo/_builddir/../src/cairo-pdf-surface.c:6654:14
#8 0x129e214 in _cairo_sub_font_collect /src/cairo/_builddir/../src/cairo-scaled-font-subsets.c:742:30
#9 0x129ae5a in _cairo_scaled_font_subsets_foreach_internal /src/cairo/_builddir/../src/cairo-scaled-font-subsets.c:1064:6
#10 0x129b172 in _cairo_scaled_font_subsets_foreach_unscaled /src/cairo/_builddir/../src/cairo-scaled-font-subsets.c:1092:12
#11 0x11a17d0 in _cairo_pdf_surface_emit_font_subsets /src/cairo/_builddir/../src/cairo-pdf-surface.c:6704:14
#12 0x119bf95 in _cairo_pdf_surface_finish /src/cairo/_builddir/../src/cairo-pdf-surface.c:2486:11
#13 0x1169c98 in _cairo_surface_finish /src/cairo/_builddir/../src/cairo-surface.c:1030:11
#14 0x1168ee9 in cairo_surface_finish /src/cairo/_builddir/../src/cairo-surface.c:1079:5
#15 0x122e862 in _cairo_paginated_surface_finish /src/cairo/_builddir/../src/cairo-paginated-surface.c:214:2
#16 0x1169c98 in _cairo_surface_finish /src/cairo/_builddir/../src/cairo-surface.c:1030:11
#17 0x1166975 in cairo_surface_destroy /src/cairo/_builddir/../src/cairo-surface.c:970:2
#18 0x5ec48d in LLVMFuzzerTestOneInput /src/poppler/glib/tests/fuzzing/annot_fuzzer.cc:73:5
#19 0x4f22d3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
#20 0x4dda42 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#21 0x4e36e6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
#22 0x50cbf2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#23 0x7fe83fcb9b26 in __libc_start_main (/lib64/libc.so.6+0x25b26)
#24 0x4b98f9 in _start (/out/annot_fuzzer+0x4b98f9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /src/cairo/_builddir/../src/cairo-cff-subset.c:1418:70 in cairo_cff_font_subset_dict_string
==35533==ABORTING
Edited by wenpei-z