walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[subset] Fix fuzzer issue https://oss-fuzz.com/testcase-detail/6521393809588224

This commit is contained in:
Garret Rieger 2023-04-17 22:47:47 +00:00 committed by Behdad Esfahbod
parent 3db6baa20e
commit 647b024784
3 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/OT/glyf/SimpleGlyph.hh
View File

@ -34,6 +34,11 @@ struct SimpleGlyph
unsigned int length (unsigned int instruction_len) const unsigned int length (unsigned int instruction_len) const
{ return instruction_len_offset () + 2 + instruction_len; } { return instruction_len_offset () + 2 + instruction_len; }
bool has_instructions_length () const
{
return instruction_len_offset () + 2 <= bytes.length;
}
unsigned int instructions_length () const unsigned int instructions_length () const
{ {
unsigned int instruction_length_offset = instruction_len_offset (); unsigned int instruction_length_offset = instruction_len_offset ();
@ -94,6 +99,7 @@ struct SimpleGlyph
/* zero instruction length */ /* zero instruction length */
void drop_hints () void drop_hints ()
{ {
if (!has_instructions_length ()) return;
GlyphHeader &glyph_header = const_cast<GlyphHeader &> (header); GlyphHeader &glyph_header = const_cast<GlyphHeader &> (header);
(HBUINT16 &) StructAtOffset<HBUINT16> (&glyph_header, instruction_len_offset ()) = 0; (HBUINT16 &) StructAtOffset<HBUINT16> (&glyph_header, instruction_len_offset ()) = 0;
} }

7
src/OT/glyf/SubsetGlyph.hh
View File

@ -27,7 +27,12 @@ struct SubsetGlyph
TRACE_SERIALIZE (this); TRACE_SERIALIZE (this);
hb_bytes_t dest_glyph = dest_start.copy (c); hb_bytes_t dest_glyph = dest_start.copy (c);
dest_glyph = hb_bytes_t (&dest_glyph, dest_glyph.length + dest_end.copy (c).length); hb_bytes_t end_copy = dest_end.copy (c);
if (!end_copy.arrayZ || !dest_glyph.arrayZ) {
return false;
}
dest_glyph = hb_bytes_t (&dest_glyph, dest_glyph.length + end_copy.length);
unsigned int pad_length = use_short_loca ? padding () : 0; unsigned int pad_length = use_short_loca ? padding () : 0;
DEBUG_MSG (SUBSET, nullptr, "serialize %u byte glyph, width %u pad %u", dest_glyph.length, dest_glyph.length + pad_length, pad_length); DEBUG_MSG (SUBSET, nullptr, "serialize %u byte glyph, width %u pad %u", dest_glyph.length, dest_glyph.length + pad_length, pad_length);

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6521393809588224 Normal file
View File

Binary file not shown.