From 1da4de7e7b71dfde734cb77ec6acb31f574585f2 Mon Sep 17 00:00:00 2001
From: Michiharu Ariza <ariza@adobe.com>
Date: Sat, 3 Nov 2018 15:41:29 -0700
Subject: [PATCH] fix for subset fuzzer failure

A called subr must be freshly parsed or completely parsed. otherwise the prevoius parse must have terminated prematurely
---
 src/hb-subset-cff1.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/hb-subset-cff1.cc b/src/hb-subset-cff1.cc
index 383ffb232..aa5bee63c 100644
--- a/src/hb-subset-cff1.cc
+++ b/src/hb-subset-cff1.cc
@@ -390,6 +390,9 @@ struct CFF1CSOpSet_SubrSubset : CFF1CSOpSet<CFF1CSOpSet_SubrSubset, SubrSubsetPa
     param.current_parsed_str->add_call_op (op, substr, env.context.subr_num);
     hb_set_add (closure, env.context.subr_num);
     param.set_current_str (env);
+    if ( unlikely (!param.current_parsed_str->is_parsed ()
+                && (param.current_parsed_str->values.len > 0)))
+      env.set_error ();
   }
 
   private: