walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/6616166961905664

This commit is contained in:
Qunxin Liu 2021-09-27 17:21:16 -07:00 committed by Behdad Esfahbod
parent a52c6df38a
commit 794b00db4b
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/hb-ot-math-table.hh
View File

@ -836,12 +836,16 @@ struct MathVariants
void collect_coverage_and_indices (hb_sorted_vector_t<hb_codepoint_t>& new_coverage, void collect_coverage_and_indices (hb_sorted_vector_t<hb_codepoint_t>& new_coverage,
const Offset16To<Coverage>& coverage, const Offset16To<Coverage>& coverage,
unsigned i, unsigned i,
unsigned end_index,
hb_set_t& indices, hb_set_t& indices,
const hb_set_t& glyphset, const hb_set_t& glyphset,
const hb_map_t& glyph_map) const const hb_map_t& glyph_map) const
{ {
if (!coverage) return;
for (const auto _ : (this+coverage).iter ()) for (const auto _ : (this+coverage).iter ())
{ {
if (i >= end_index) return;
if (glyphset.has (_)) if (glyphset.has (_))
{ {
unsigned new_gid = glyph_map.get (_); unsigned new_gid = glyph_map.get (_);
@ -866,8 +870,8 @@ struct MathVariants
hb_sorted_vector_t<hb_codepoint_t> new_vert_coverage; hb_sorted_vector_t<hb_codepoint_t> new_vert_coverage;
hb_sorted_vector_t<hb_codepoint_t> new_hori_coverage; hb_sorted_vector_t<hb_codepoint_t> new_hori_coverage;
hb_set_t indices; hb_set_t indices;
collect_coverage_and_indices (new_vert_coverage, vertGlyphCoverage, 0, indices, glyphset, glyph_map); collect_coverage_and_indices (new_vert_coverage, vertGlyphCoverage, 0, vertGlyphCount, indices, glyphset, glyph_map);
collect_coverage_and_indices (new_hori_coverage, horizGlyphCoverage, vertGlyphCount, indices, glyphset, glyph_map); collect_coverage_and_indices (new_hori_coverage, horizGlyphCoverage, vertGlyphCount, vertGlyphCount + horizGlyphCount, indices, glyphset, glyph_map);
if (!c->serializer->check_assign (out->vertGlyphCount, new_vert_coverage.length, HB_SERIALIZE_ERROR_INT_OVERFLOW)) if (!c->serializer->check_assign (out->vertGlyphCount, new_vert_coverage.length, HB_SERIALIZE_ERROR_INT_OVERFLOW))
return_trace (false); return_trace (false);

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6616166961905664 Normal file
View File

Binary file not shown.