[repacker] don't allow references to the null object in graph.
Fixes fuzzer issue https://oss-fuzz.com/testcase-detail/6714085985353728
This commit is contained in:
parent
4ce0f08897
commit
239a5aca02
|
@ -50,12 +50,13 @@ struct graph_t
|
||||||
unsigned priority = 0;
|
unsigned priority = 0;
|
||||||
|
|
||||||
|
|
||||||
bool link_positions_valid (unsigned num_objects)
|
bool link_positions_valid (unsigned num_objects, bool removed_nil)
|
||||||
{
|
{
|
||||||
hb_set_t assigned_bytes;
|
hb_set_t assigned_bytes;
|
||||||
for (const auto& l : obj.real_links)
|
for (const auto& l : obj.real_links)
|
||||||
{
|
{
|
||||||
if (l.objidx >= num_objects)
|
if (l.objidx >= num_objects
|
||||||
|
|| (removed_nil && !l.objidx))
|
||||||
{
|
{
|
||||||
DEBUG_MSG (SUBSET_REPACK, nullptr,
|
DEBUG_MSG (SUBSET_REPACK, nullptr,
|
||||||
"Invalid graph. Invalid object index.");
|
"Invalid graph. Invalid object index.");
|
||||||
|
@ -340,7 +341,7 @@ struct graph_t
|
||||||
if (check_success (!vertices_.in_error ()))
|
if (check_success (!vertices_.in_error ()))
|
||||||
v->obj = *objects[i];
|
v->obj = *objects[i];
|
||||||
|
|
||||||
check_success (v->link_positions_valid (objects.length));
|
check_success (v->link_positions_valid (objects.length, removed_nil));
|
||||||
|
|
||||||
if (!removed_nil) continue;
|
if (!removed_nil) continue;
|
||||||
// Fix indices to account for removed nil object.
|
// Fix indices to account for removed nil object.
|
||||||
|
|
Binary file not shown.
Loading…
Reference in New Issue