[gvar] Fix out-of-memory access issue

Fixes https://oss-fuzz.com/testcase-detail/5953342850596864
This commit is contained in:
Behdad Esfahbod 2023-03-08 10:25:26 -07:00
parent 7327006d68
commit 552290f604
1 changed files with 3 additions and 2 deletions

View File

@ -116,7 +116,7 @@ struct gvar
{ {
TRACE_SUBSET (this); TRACE_SUBSET (this);
unsigned glyph_count = c->plan->source->get_num_glyphs (); unsigned glyph_count = version.to_int () ? c->plan->source->get_num_glyphs () : 0;
gvar *out = c->serializer->allocate_min<gvar> (); gvar *out = c->serializer->allocate_min<gvar> ();
if (unlikely (!out)) return_trace (false); if (unlikely (!out)) return_trace (false);
@ -222,7 +222,8 @@ struct gvar
accelerator_t (hb_face_t *face) accelerator_t (hb_face_t *face)
{ {
table = hb_sanitize_context_t ().reference_table<gvar> (face); table = hb_sanitize_context_t ().reference_table<gvar> (face);
glyphCount = face->get_num_glyphs (); /* If sanitize failed, set glyphCount to 0. */
glyphCount = table->version.to_int () ? face->get_num_glyphs () : 0;
} }
~accelerator_t () { table.destroy (); } ~accelerator_t () { table.destroy (); }