From 01832fd16b605971466fc3b174cb932787ef4bfb Mon Sep 17 00:00:00 2001 From: Michiharu Ariza Date: Wed, 26 Jun 2019 15:58:38 -0700 Subject: [PATCH 1/2] alternate fix for https://crbug.com/971933 --- src/hb-cff-interp-cs-common.hh | 6 +++--- src/hb-cff1-interp-cs.hh | 2 +- src/hb-cff2-interp-cs.hh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/hb-cff-interp-cs-common.hh b/src/hb-cff-interp-cs-common.hh index 1cfbba603..cf9ce4dc3 100644 --- a/src/hb-cff-interp-cs-common.hh +++ b/src/hb-cff-interp-cs-common.hh @@ -62,9 +62,9 @@ struct call_stack_t : stack_t {}; template struct biased_subrs_t { - void init (const SUBRS &subrs_) + void init (const SUBRS *subrs_) { - subrs = &subrs_; + subrs = subrs_; unsigned int nSubrs = get_count (); if (nSubrs < 1240) bias = 107; @@ -118,7 +118,7 @@ struct point_t template struct cs_interp_env_t : interp_env_t { - void init (const byte_str_t &str, const SUBRS &globalSubrs_, const SUBRS &localSubrs_) + void init (const byte_str_t &str, const SUBRS *globalSubrs_, const SUBRS *localSubrs_) { interp_env_t::init (str); diff --git a/src/hb-cff1-interp-cs.hh b/src/hb-cff1-interp-cs.hh index cc528564c..1c8762c17 100644 --- a/src/hb-cff1-interp-cs.hh +++ b/src/hb-cff1-interp-cs.hh @@ -40,7 +40,7 @@ struct cff1_cs_interp_env_t : cs_interp_env_t template void init (const byte_str_t &str, ACC &acc, unsigned int fd) { - SUPER::init (str, *acc.globalSubrs, *acc.privateDicts[fd].localSubrs); + SUPER::init (str, acc.globalSubrs, acc.privateDicts[fd].localSubrs); processed_width = false; has_width = false; arg_start = 0; diff --git a/src/hb-cff2-interp-cs.hh b/src/hb-cff2-interp-cs.hh index 1faf20831..a72100e1a 100644 --- a/src/hb-cff2-interp-cs.hh +++ b/src/hb-cff2-interp-cs.hh @@ -82,7 +82,7 @@ struct cff2_cs_interp_env_t : cs_interp_env_t void init (const byte_str_t &str, ACC &acc, unsigned int fd, const int *coords_=nullptr, unsigned int num_coords_=0) { - SUPER::init (str, *acc.globalSubrs, *acc.privateDicts[fd].localSubrs); + SUPER::init (str, acc.globalSubrs, acc.privateDicts[fd].localSubrs); coords = coords_; num_coords = num_coords_; From 8341c0b304ee3bb0b7d150bcfb42a8b9e6448687 Mon Sep 17 00:00:00 2001 From: Michiharu Ariza Date: Thu, 27 Jun 2019 08:43:31 -0700 Subject: [PATCH 2/2] add test case file --- ...se-minimized-harfbuzz_fuzzer-5093685255077888 | Bin 0 -> 1160 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5093685255077888 diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5093685255077888 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5093685255077888 new file mode 100644 index 0000000000000000000000000000000000000000..e65025e1655b04232a11c80171bf9ed351030984 GIT binary patch literal 1160 zcmZuxU1%It6h3!mchY31n{JZ^rTMv)6(lw>hN7Yco5ptAre@1-EqyY3yK}QU>F&&Q zX0kLdA{0bxgbE@)i3F?=Ldi?PN2w)N5C!qk(o$dYVEdra9Zbyn-P!g*?S(VveCM3| zoipd&nf&R~c}mmUq*H0~=u!U5wfBaJv{gtWcPd|`J=8^%e1?e3T=9*=-+Esgzz2xf zr}^S@;~!1;bi%d}FP+I3a{2{WWc-B3j&faiyN$CRxcY&^suY&-%J5m(8;}>OaG3Xv zFR=d*aJE_xFQ!+w{{-F-+*=nHJxZQ}Nxwo2N7QBV*v=~AH-XQ1ZVgnE0p<IddlnA z1+0^%yfD^jWY%>Y;fa3z6Xp54p}2If^)A~;eTh9H<;CnO_-G|5p?|}!pz;pwvZmgC zs;$|ZG{%mg`;=-*tuc^2d*`64+NbcuYln}puM)7@H4-ngvC=5(P%&*tyA8z&=Yb9f z(I-oEqB_p+p{?O$hiRHz3L%_|B*>uv)+C*vDd+-8s?a>u5b^(mKtpk9=CqF3&0$mDertPW zfGFkR(XlJJ`0)UJaOqZh(Hw%K)iR%os5|O3pN{6tY}A{f4#te-&#vFN-JG!8bMm+) zozM;!CS7mAw=30cnfX6XjTnIv05BPDX?E0STi%?ple4-E(y@@CW$^XigO) literal 0 HcmV?d00001