[subset] Fix fuzzer issue.

Fixes https://oss-fuzz.com/testcase-detail/5693568490012672. new_index should be set from new_index2 when the entry is present in the map.
2022-06-11 01:05:57 +00:00 · 2022-06-11 01:05:57 +00:00 · 311413f16b
parent 4ba7980b8e
commit 311413f16b
2 changed files with 4 additions and 3 deletions
--- a/src/hb-ot-post-table-v2subset.hh
+++ b/src/hb-ot-post-table-v2subset.hh
@ -52,11 +52,11 @@ HB_INTERNAL bool postV2Tail::serialize (hb_serialize_context_t *c,
  {
    unsigned glyph_id = _.first;
    unsigned new_index = _.second;
-    
+
    if (new_index < 258) continue;
    if (copied_indices.has (new_index)) continue;
    copied_indices.add (new_index);
-    
+
    hb_bytes_t s = reinterpret_cast<const post::accelerator_t*> (_post)->find_glyph_name (glyph_id);
    HBUINT8 *o = c->allocate_size<HBUINT8> (HBUINT8::static_size * (s.length + 1));
    if (unlikely (!o)) return_trace (false);
@ -87,9 +87,10 @@ HB_INTERNAL bool postV2Tail::subset (hb_subset_context_t *c) const
    unsigned new_index;
    const unsigned *new_index2;
    if (old_index <= 257) new_index = old_index;
-    else if (!old_new_index_map.has (old_index, &new_index2))
+    else if (old_new_index_map.has (old_index, &new_index2))
    {
      new_index = *new_index2;
+    } else {
      hb_bytes_t s = _post.find_glyph_name (old_gid);
      new_index = glyph_name_to_new_index.get (s);
      if (new_index == (unsigned)-1)
--- a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5693568490012672
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5693568490012672