From 675ebbeb3a0c5b007f87505d6805096a570dd10c Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Wed, 16 Jun 2021 10:40:46 -0700
Subject: [PATCH] [subset] don't alloc zero bytes.

It will be leaked later since hb_blob_create() won't set up the blob to cleanup since it has length zero.
---
 src/hb-serialize.hh                                |   2 ++
 ...ase-minimized-hb-subset-fuzzer-5269686781607936 | Bin 0 -> 48 bytes
 2 files changed, 2 insertions(+)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5269686781607936

diff --git a/src/hb-serialize.hh b/src/hb-serialize.hh
index d6aa58405..2f23b5853 100644
--- a/src/hb-serialize.hh
+++ b/src/hb-serialize.hh
@@ -547,6 +547,8 @@ struct hb_serialize_context_t
     unsigned int len = (this->head - this->start)
 		     + (this->end  - this->tail);
 
+    if (!len) return hb_bytes_t ();
+
     char *p = (char *) malloc (len);
     if (unlikely (!p)) return hb_bytes_t ();
 
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5269686781607936 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5269686781607936
new file mode 100644
index 0000000000000000000000000000000000000000..5c0ad795fa72951d2c482b65a625f5a30deacab2
GIT binary patch
literal 48
kcmZQzWME)mQUHUDjMPLB11Q1(qBC+!DnK-p3t}n&0G!VTy8r+H

literal 0
HcmV?d00001