[subset-fuzzer] Protect against overflow

Fixes https://github.com/harfbuzz/harfbuzz/issues/4137#issuecomment-1448994447
2023-02-28 15:31:45 -07:00 · 2023-02-28 15:31:45 -07:00 · 2d33a6b4df
parent 5226d69733
commit 2d33a6b4df
1 changed files with 1 additions and 1 deletions
--- a/test/fuzzing/hb-subset-fuzzer.cc
+++ b/test/fuzzing/hb-subset-fuzzer.cc
@ -85,7 +85,7 @@ extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
 	    data + size,
 	    sizeof (num_axes));

-    if (num_axes > 0 && size > num_axes * (sizeof(hb_tag_t) + sizeof(float)))
+    if (num_axes > 0 && num_axes < 8 && size > num_axes * (sizeof(hb_tag_t) + sizeof(int)))
    {
      for (unsigned i = 0; i < num_axes; i++) {
        hb_tag_t tag;