From 7a87b17742a0cec36ad21d9fddc1c605597eea14 Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Mon, 13 Mar 2023 19:50:28 +0000
Subject: [PATCH] Check for failed subset input creation in the fuzzer.

---
 ...se-minimized-hb-subset-fuzzer-4801020053291008 | Bin 0 -> 311 bytes
 test/fuzzing/hb-subset-fuzzer.cc                  |  12 ++++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-4801020053291008

diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-4801020053291008 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-4801020053291008
new file mode 100644
index 0000000000000000000000000000000000000000..5758a652146f19ee6f05f99d7c06fe07be1b8328
GIT binary patch
literal 311
zcmZQzWME(rQWz8<tt_z!<Pe~X9^!V;e+Ymn_zz>?pcxo}1_I?6m>5JD7+8R2<4}ku
IjMv=%01gE%^#A|>

literal 0
HcmV?d00001

diff --git a/test/fuzzing/hb-subset-fuzzer.cc b/test/fuzzing/hb-subset-fuzzer.cc
index caeafb115..93153ed83 100644
--- a/test/fuzzing/hb-subset-fuzzer.cc
+++ b/test/fuzzing/hb-subset-fuzzer.cc
@@ -64,12 +64,24 @@ extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
       };
 
   hb_subset_input_t *input = hb_subset_input_create_or_fail ();
+  if (!input)
+  {
+    hb_face_destroy (face);
+    hb_blob_destroy (blob);
+    return 0;
+  }
   trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags, input);
 
   unsigned num_axes;
   hb_codepoint_t text_from_data[16];
   if (size > sizeof (text_from_data) + sizeof (flags) + sizeof(num_axes)) {
     hb_subset_input_t *input = hb_subset_input_create_or_fail ();
+    if (!input)
+    {
+      hb_face_destroy (face);
+      hb_blob_destroy (blob);
+      return 0;
+    }
     size -= sizeof (text_from_data);
     memcpy (text_from_data,
 	    data + size,