[subset] fixes dangling object_t issue in FeatureVariationRecord
Fixes https://crbug.com/oss-fuzz/21560 revert () does not clean up useless object_t. Adjust the order of subsetting substitutions and conditions to avoid dangling object_t.
This commit is contained in:
parent
57b7de032f
commit
0d5695983e
|
@ -2709,10 +2709,11 @@ struct FeatureVariationRecord
|
||||||
auto *out = c->subset_context->serializer->embed (this);
|
auto *out = c->subset_context->serializer->embed (this);
|
||||||
if (unlikely (!out)) return_trace (false);
|
if (unlikely (!out)) return_trace (false);
|
||||||
|
|
||||||
out->conditions.serialize_subset (c->subset_context, conditions, base);
|
|
||||||
|
|
||||||
bool ret = out->substitutions.serialize_subset (c->subset_context, substitutions, base, c);
|
bool ret = out->substitutions.serialize_subset (c->subset_context, substitutions, base, c);
|
||||||
return_trace (ret);
|
if (unlikely (!ret)) return_trace (false);
|
||||||
|
|
||||||
|
out->conditions.serialize_subset (c->subset_context, conditions, base);
|
||||||
|
return_trace (true);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool sanitize (hb_sanitize_context_t *c, const void *base) const
|
bool sanitize (hb_sanitize_context_t *c, const void *base) const
|
||||||
|
|
Binary file not shown.
Loading…
Reference in New Issue