From 64122b5a443d78cc1c4c0c94fa2e489e1f22dd3e Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Mon, 5 Apr 2021 12:53:08 -0700
Subject: [PATCH] [subset] don't visit lookup if covered glyph set has failed.

If covered glyph set is in error then the same lookup can be recursed into repeatedly potentially causing a fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/5416421032067072.
---
 src/hb-ot-layout-gsubgpos.hh                      |   2 ++
 ...se-minimized-hb-subset-fuzzer-5416421032067072 | Bin 0 -> 114 bytes
 2 files changed, 2 insertions(+)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5416421032067072

diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
index 117aeaad4..bc7e91c03 100644
--- a/src/hb-ot-layout-gsubgpos.hh
+++ b/src/hb-ot-layout-gsubgpos.hh
@@ -120,6 +120,8 @@ struct hb_closure_context_t :
     }
 
     hb_set_t *covered_glyph_set = done_lookups_glyph_set->get (lookup_index);
+    if (covered_glyph_set->in_error ())
+      return true;
     if (parent_active_glyphs ()->is_subset (covered_glyph_set))
       return true;
 
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5416421032067072 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5416421032067072
new file mode 100644
index 0000000000000000000000000000000000000000..6b245f3a76880b80c18aa2ce6d28647d2b19b108
GIT binary patch
literal 114
zcmeYd3GruORA5$6HeqlN4s{Y?ux9`QsWt2jj6j-;K?DdHr_W=MVBi4qn1Lh+vI1F5
pK$-~%*?=lJ7?SgIa}yzwAnACJDIfqcg;54b{AFO6#=xMf3jm)?3Zei2

literal 0
HcmV?d00001