walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[subset] Fix another fuzzer issue 

Addition could overflow on 32bit arch.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36636
Fixes https://oss-fuzz.com/testcase-detail/5072358514753536
This commit is contained in:
Behdad Esfahbod 2021-07-28 11:28:38 -06:00
parent c65e1e0842
commit 0ded6a70c8
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/hb-serialize.hh
View File

@ -519,8 +519,9 @@ struct hb_serialize_context_t
assert (this->start <= (char *) obj); assert (this->start <= (char *) obj);
assert ((char *) obj <= this->head); assert ((char *) obj <= this->head);
assert ((char *) obj + size >= this->head); assert (this->head - (char *) obj <= size);
if (unlikely (!this->allocate_size<Type> (((char *) obj) + size - this->head))) return nullptr; if (unlikely (((char *) obj + size < (char *) obj) ||
!this->allocate_size<Type> (((char *) obj) + size - this->head))) return nullptr;
return reinterpret_cast<Type *> (obj); return reinterpret_cast<Type *> (obj);
} }
template <typename Type> template <typename Type>

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5072358514753536 Normal file
View File

Binary file not shown.