From 03085132bac6bb3f69378cab3eaf5a57ad1362ff Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Mon, 21 Mar 2022 18:06:33 -0600 Subject: [PATCH] [buffer] Fix out-buffer under memory-alloc failure This was broken in July refactoring of the buffer, and exposed to ReverseChainSingleSubstFormat1 in 3807061d634b60bd6235d6e1d8c47a034377f924 Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38800 https://bugs.chromium.org/p/chromium/issues/detail?id=1303552 --- src/hb-buffer.cc | 1 + ...se-minimized-hb-shape-fuzzer-5349416110784512 | Bin 0 -> 1603 bytes 2 files changed, 1 insertion(+) create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5349416110784512 diff --git a/src/hb-buffer.cc b/src/hb-buffer.cc index d36fcfde3..7122792f4 100644 --- a/src/hb-buffer.cc +++ b/src/hb-buffer.cc @@ -404,6 +404,7 @@ hb_buffer_t::sync () reset: have_output = false; + out_info = info; out_len = 0; idx = 0; } diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5349416110784512 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5349416110784512 new file mode 100644 index 0000000000000000000000000000000000000000..7c71adaa6504335c1cba28cf5f00501f2f1e32e7 GIT binary patch literal 1603 zcmb_c-%C?b9RHlNIj1;L@S!ARrh!Y1nQn9C!!m6Jk%IJCZmub^HD%5hgP8pRBE3Zk zz4h8d_#6a1)l&#P^x#`BJr$HP*y-~<+f}E_Ao^bJx#xb*_s8da&gWhz04_i9_9xsx zZy*rZ-TeXg7>fS*^wbQRaf=bLvJVsSnY-hko^5`Rci@RBohi8>`OWCU08}jLRlRCa3 zAtLN)FP=ry!tO@p^qEc z>^}Sc0i*1X)>w@Y*=uZ5YugQd^i#MJ(E`uDgn_I=e$~p%%F{i-`I1Y1%3@wur#zU^ Oq->r-cd)JP9`GA3&vy&} literal 0 HcmV?d00001