From 2cd81fdfb6ccc6ba7ec63abe14e0126ece71f304 Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Thu, 30 Mar 2023 22:11:43 +0000
Subject: [PATCH] [subset] fix memory leak.

Fixes fuzzer issue https://oss-fuzz.com/testcase-detail/6169920089227264
---
 src/hb-subset-plan.cc                            |   3 ++-
 ...e-minimized-hb-subset-fuzzer-6169920089227264 | Bin 0 -> 1214 bytes
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6169920089227264

diff --git a/src/hb-subset-plan.cc b/src/hb-subset-plan.cc
index ee8136797..76e127bd7 100644
--- a/src/hb-subset-plan.cc
+++ b/src/hb-subset-plan.cc
@@ -386,11 +386,12 @@ _collect_layout_variation_indices (hb_subset_plan_t* plan)
   if (collect_delta)
   {
     if (unlikely (!plan->check_success (font = _get_hb_font_with_variations (plan)))) {
+      hb_font_destroy (font);
       gdef.destroy ();
       gpos.destroy ();
       return;
     }
-    
+
     if (gdef->has_var_store ())
     {
       var_store = &(gdef->get_var_store ());
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6169920089227264 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6169920089227264
new file mode 100644
index 0000000000000000000000000000000000000000..56dc798bf333b85b95edb177b11653b6871b746d
GIT binary patch
literal 1214
zcmbtSTM~jW3|t-u@WTV}<#-Su=U^C-4;UTCar8#svNjC`8Yor?W7BLl+n5#+fXrjc
z#gDuFfe;`v36XZm0a4N9SE2#&mVEihZyYCY^5^<hatv}Ks{~S2r<@?$U)9{79LI)P
zUkWE5(!ayuziqT;mO;s2YYJdiiFR5tp#-3~zT<z}Y<z@P_Xj!XOG3*>0(v!Tq@>Sl
zmZ^-}RmNE^F_xK_!K9ev$au2I4=yb4h3!mw<li0i+rvu#VwyX~GJ5R#PHaLStiL(q
aYno$(<~-*(-LRHrs+2mFuRHX-o~J%%-Mb+G

literal 0
HcmV?d00001