walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[repacker] don't allow references to the null object in graph. 

Fixes fuzzer issue https://oss-fuzz.com/testcase-detail/6714085985353728
This commit is contained in:
Garret Rieger 2022-12-05 19:15:36 +00:00 committed by Behdad Esfahbod
parent 4ce0f08897
commit 239a5aca02
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/graph/graph.hh
View File

@ -50,12 +50,13 @@ struct graph_t
unsigned priority = 0;
bool link_positions_valid (unsigned num_objects)
bool link_positions_valid (unsigned num_objects, bool removed_nil)
{
hb_set_t assigned_bytes;
for (const auto& l : obj.real_links)
{
if (l.objidx >= num_objects)
if (l.objidx >= num_objects
|| (removed_nil && !l.objidx))
{
DEBUG_MSG (SUBSET_REPACK, nullptr,
"Invalid graph. Invalid object index.");
@ -340,7 +341,7 @@ struct graph_t
if (check_success (!vertices_.in_error ()))
v->obj = *objects[i];
check_success (v->link_positions_valid (objects.length));
check_success (v->link_positions_valid (objects.length, removed_nil));
if (!removed_nil) continue;
// Fix indices to account for removed nil object.

BIN
test/fuzzing/graphs/clusterfuzz-testcase-minimized-hb-repacker-fuzzer-6714085985353728 Normal file
View File

Binary file not shown.