walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fail serialize when map has incorrect value 

fixes https://crbug.com/oss-fuzz/19956

am not super happy with the fix, guess we should do some check
before the memcpy anyway as @blueshade7 thinks also,
so let's have it or revert it when we have a better approach for the case.
This commit is contained in:
Ebrahim Byagowi 2020-01-09 22:55:45 +03:30 committed by GitHub
parent 1db2c1d0da
commit 257a197ae7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/hb-ot-layout-common.hh
View File

@ -1906,8 +1906,13 @@ struct VarRegionList
axisCount = src->axisCount;
regionCount = region_map.get_population ();
if (unlikely (!c->allocate_size<VarRegionList> (get_size () - min_size))) return_trace (false);
unsigned int region_count = src->get_region_count ();
for (unsigned int r = 0; r < regionCount; r++)
memcpy (&axesZ[axisCount * r], &src->axesZ[axisCount * region_map.backward (r)], VarRegionAxis::static_size * axisCount);
{
unsigned int backward = region_map.backward (r);
if (backward >= region_count) return_trace (false);
memcpy (&axesZ[axisCount * r], &src->axesZ[axisCount * backward], VarRegionAxis::static_size * axisCount);
}
return_trace (true);
}

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5708764082864128 Normal file
View File

Binary file not shown.