From 18ab8029d5aab6ac20c240515ad1795bd31dca1e Mon Sep 17 00:00:00 2001 From: Garret Rieger Date: Fri, 31 Jul 2020 14:40:49 -0700 Subject: [PATCH] [ENOMEM] check vector status in cmap subsetting. --- src/hb-ot-cmap-table.hh | 3 +++ ...e-minimized-hb-subset-fuzzer-6316256152780800 | Bin 0 -> 1335 bytes 2 files changed, 3 insertions(+) create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6316256152780800 diff --git a/src/hb-ot-cmap-table.hh b/src/hb-ot-cmap-table.hh index 418af0b53..cc48379bb 100644 --- a/src/hb-ot-cmap-table.hh +++ b/src/hb-ot-cmap-table.hh @@ -1108,6 +1108,9 @@ struct CmapSubtableFormat14 return; } + if (unlikely (!c->check_success (!obj_indices.in_error ()))) + return; + int tail_len = init_tail - c->tail; c->check_assign (this->length, c->length () - table_initpos + tail_len); c->check_assign (this->record.len, diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6316256152780800 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6316256152780800 new file mode 100644 index 0000000000000000000000000000000000000000..b01eb8d96cff6300b9b44e87a21c834fe5ed29f0 GIT binary patch literal 1335 zcmdT^ze_?<6#mY8FW<`^5h2b(U=W&AH0NYX^e2QO)>}j&2ZaU$p|z!{p`js{pg*9Y zzo5ar_MlOyq_pq8D+=<`43`d^bI-Z&@tt2E7XrXW8q!|R7jtE}IOfes8vENv@!BC^ zFvQ&wjaTTdTuQWY#hBry=M_>7oY9Rf)2w;LMAdpl(h(OIfTQpf{LUAQjzmz*Rm+HG zH+bb3nM#bO0yn7@YMQzV^m;tC+ya)>!eT!(-%+Qlv`M8{)Vgv82faBJhLzFM{_H7f zy@^{>W$l&nIbGI)u1o)BbV?C|naJ*nAuLJ~FTT*TgrIUx4T(*xXJ+w1ho=9PSYqFN zbRC&zclV6KvfwAUW@=<+R`cUH@e>-I(_c6A)Nf?C-Q-p#V87g{zwBvtjgTI&wt5Uf z*dyE-C6%Iyk{?OMF`Eqz+=bdM9oP?w!Ev%IRq(t33I{hip^(Y!o>9ktOY}b&HilbM QJtQ+4bpW{rZ&gr=Z#&O4VE_OC literal 0 HcmV?d00001