Stack trace of where it gets stuck:
ALARM: working on the last Unit for 5 seconds
and the timeout value is 5 (use -timeout=N to change)
==3206839== ERROR: libFuzzer: timeout after 5 seconds
#0 0x555e927cf5a1 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
#1 0x555e92a14c18 in fuzzer::PrintStackTrace() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3fec18)
#2 0x555e929ed11c in fuzzer::Fuzzer::AlarmCallback() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3d711c)
#3 0x7f3aa1b1c86f (/usr/lib/libpthread.so.0+0x1386f)
#4 0x555e92a1d1a5 in __sanitizer_cov_trace_const_cmp1 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x4071a5)
#5 0x555e927fa9ae in _$LT$ttf_parser..tables..glyf..CompositeGlyphIter$u20$as$u20$core..iter..traits..iterator..Iterator$GT$::next::ha6babbd486b3aac4 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e49ae)
#6 0x555e927ff3af in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e93af)
#7 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#8 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#9 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#10 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#11 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#12 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#13 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#14 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#15 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#16 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#17 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#18 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#19 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#20 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#21 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#22 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#23 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#24 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#25 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#26 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#27 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#28 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#29 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#30 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#31 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#32 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#33 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#34 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#35 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#36 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#37 0x555e927ffcf2 in ttf_parser::tables::glyf::outline_impl::h1ab9a66a6a80293f (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e9cf2)
#38 0x555e92803fd3 in ttf_parser::tables::glyf::Table::outline::hea1c236418b1309c (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1edfd3)
#39 0x555e927fcbfa in ttf_parser::Face::outline_glyph::h96c1e8147a502f76 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1e6bfa)
#40 0x555e928194d1 in rust_fuzzer_test_input (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x2034d1)
#41 0x555e929f7d68 in __rust_try libfuzzer_sys.9307de7e-cgu.0
#42 0x555e929f77f8 in LLVMFuzzerTestOneInput (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3e17f8)
#43 0x555e929ed411 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3d7411)
#44 0x555e929e156a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3cb56a)
#45 0x555e929e5362 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3cf362)
#46 0x555e9274ab52 in main (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x134b52)
#47 0x7f3aa1817b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
#48 0x555e9274acfd in _start (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x134cfd)
SUMMARY: libFuzzer: timeout
Reproduction code (tested against ba4fc75)
fn main() {
let data = b"\x00\x01\x00\x00\x00\x0f\x00\x10\x00PTT-W\x002h\xd7\x81x\x00\
\x00\x00?L\xbaN\x00c\x9a\x9e\x8f\x96\xe3\xfeu\xff\x00\xb2\x00@\x03\x00\xb8\
cvt 5:\x00\x00\x00\xb5\xf8\x01\x00\x03\x9ckEr\x92\xd7\xe6\x98M\xdc\x00\x00\
\x03\xe0\x00\x00\x00dglyf\"\t\x15`\x00\x00\x03\xe0\x00\x00\x00dglyf\"\t\x15\
`\x00\x00\x00 \x00\x00\x00\xfc\x97\x9fmx\x87\xc9\xc8\xfe\x00\x00\xbad\xff\
\xff\xf1\xc8head\xc7\x17\xce[\x00\x00\x00\xfc\x00\x00\x006hhea\x03\xc6\x05\
\xe4\x00\x00\x014\x00\x00\x00$hmtx\xc9\xfdq\xed\x00\x00\xb5\xf8\x01\x00\x03\
\x9ckEr\x92\xd7\xe6\xdch\x00\x00\xc9d\x00\x00\x04 loca\x00M\x82\x11\x00\x00\
\x00\x06\x00\x00\x00\xa0maxp\x17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 name\
\xf4\xd6\xfe\xad\x00OTTO\x00\x02gpost5;5\xe1\x00\x00\xb0P\x00\x00\x01\xf0perp%\
\xb0{\x04\x93D\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x01\x00\x00\xe1!yf%1\
\x08\x95\x00\x00\x00\x00\x00\xaa\x06\x80fmtx\x02\x00\x00\x00\x00\x00\x00\x00\
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00a\xcc\xff\
\xce\x03CCCCCCCCC\x00\x00\x00\x00\x00C\x00\x00\x00\x00\xb5\xf8\x01\x00\x00\x9c";
let face = ttf_parser::Face::from_slice(data, 0).unwrap();
let _ = face.outline_glyph(ttf_parser::GlyphId(0), &mut Builder);
}
struct Builder;
impl ttf_parser::OutlineBuilder for Builder {
#[inline]
fn move_to(&mut self, _: f32, _: f32) {
panic!();
}
#[inline]
fn line_to(&mut self, _: f32, _: f32) {
panic!();
}
#[inline]
fn quad_to(&mut self, _: f32, _: f32, _: f32, _: f32) {
panic!();
}
#[inline]
fn curve_to(&mut self, _: f32, _: f32, _: f32, _: f32, _: f32, _: f32) {
panic!();
}
#[inline]
fn close(&mut self) {
panic!();
}
}
Stack trace of where it gets stuck:
Reproduction code (tested against ba4fc75)