[subset-fuzzer] Protect against overflow
Fixes https://github.com/harfbuzz/harfbuzz/issues/4137#issuecomment-1448994447
This commit is contained in:
parent
5226d69733
commit
2d33a6b4df
|
@ -85,7 +85,7 @@ extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
|
||||||
data + size,
|
data + size,
|
||||||
sizeof (num_axes));
|
sizeof (num_axes));
|
||||||
|
|
||||||
if (num_axes > 0 && size > num_axes * (sizeof(hb_tag_t) + sizeof(float)))
|
if (num_axes > 0 && num_axes < 8 && size > num_axes * (sizeof(hb_tag_t) + sizeof(int)))
|
||||||
{
|
{
|
||||||
for (unsigned i = 0; i < num_axes; i++) {
|
for (unsigned i = 0; i < num_axes; i++) {
|
||||||
hb_tag_t tag;
|
hb_tag_t tag;
|
||||||
|
|
Loading…
Reference in New Issue