From 040ed094ef3cf032d84c4d65bd81f40c26f6f9e0 Mon Sep 17 00:00:00 2001 From: Garret Rieger Date: Thu, 30 Jul 2020 15:14:02 -0700 Subject: [PATCH] [ENOMEM] popragate packed/packed_map errors to the serializer. Will disable further modifications based on a bad state. --- src/hb-serialize.hh | 3 +++ ...se-minimized-hb-subset-fuzzer-5661567174311936 | Bin 0 -> 473 bytes 2 files changed, 3 insertions(+) create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5661567174311936 diff --git a/src/hb-serialize.hh b/src/hb-serialize.hh index d8c61f412..3ce1b8019 100644 --- a/src/hb-serialize.hh +++ b/src/hb-serialize.hh @@ -259,6 +259,7 @@ struct hb_serialize_context_t if (unlikely (packed.in_error ())) { // obj wasn't successfully added to packed, so clean it up otherwise it's // links will be leaked. + propagate_error (packed); obj->fini (); return 0; } @@ -266,6 +267,7 @@ struct hb_serialize_context_t objidx = packed.length - 1; if (share) packed_map.set (obj, objidx); + propagate_error (packed_map); return objidx; } @@ -277,6 +279,7 @@ struct hb_serialize_context_t current->links.shrink (snap.num_links); revert (snap.head, snap.tail); } + void revert (char *snap_head, char *snap_tail) { diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5661567174311936 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5661567174311936 new file mode 100644 index 0000000000000000000000000000000000000000..fbc3f52717d3f4952826054a01a86f96b76647d5 GIT binary patch literal 473 zcmZQzWME(b;Y%DM?!lo>Pq-MIfIKM%E3haZ0|$c|m~R54)fhB@d<6zQ1||kBAhtph z1DSzPZGa?`hedTB*vu@TJxmN*K+M1(1T+z3>nk9e4QvksLpM<72v}AMs0t*@0CtZB zP%X%fhN!k^BHY9P)CF-Xs!fbQU&)YQlQFVC*MR(vY96Y~QNsYubzqYaZW02zkP95f Upm6(-4uJjx0aW4ps9d}}0CFK_KL7v# literal 0 HcmV?d00001