From be82a2fc0c7ad3553f2e6dc8082a3255cb6c917c Mon Sep 17 00:00:00 2001
From: Michiharu Ariza <ariza@adobe.com>
Date: Mon, 3 Jun 2019 15:52:23 -0700
Subject: [PATCH 1/3] parenthesized cond-exp in CFF2FDSelect::sanitize

---
 src/hb-ot-cff2-table.hh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/hb-ot-cff2-table.hh b/src/hb-ot-cff2-table.hh
index a7b0ba9be..74acc771a 100644
--- a/src/hb-ot-cff2-table.hh
+++ b/src/hb-ot-cff2-table.hh
@@ -56,11 +56,11 @@ struct CFF2FDSelect
     TRACE_SANITIZE (this);
 
     return_trace (likely (c->check_struct (this) && (format == 0 || format == 3 || format == 4) &&
-			  (format == 0)?
+			  ((format == 0)?
 			  u.format0.sanitize (c, fdcount):
 			    ((format == 3)?
 			    u.format3.sanitize (c, fdcount):
-			    u.format4.sanitize (c, fdcount))));
+			    u.format4.sanitize (c, fdcount)))));
   }
 
   bool serialize (hb_serialize_context_t *c, const CFF2FDSelect &src, unsigned int num_glyphs)

From 65e66a2d371f42d018b1a22f31a6428d19a90284 Mon Sep 17 00:00:00 2001
From: Michiharu Ariza <ariza@adobe.com>
Date: Mon, 3 Jun 2019 16:31:41 -0700
Subject: [PATCH 2/3] added test data

---
 ...ase-minimized-harfbuzz_fuzzer-6252118652092416 | Bin 0 -> 126 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-6252118652092416

diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-6252118652092416 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-6252118652092416
new file mode 100644
index 0000000000000000000000000000000000000000..e2dd6a3893cb87376b5820ab9b782c5c5a174a3e
GIT binary patch
literal 126
zcmZQzWME)mW@Iq=x4rHk8$%}pkbj<mfk}XYk;B=|&B(`@kq4+kw;(^K@;noR0E2W-
zPmhY}Pg&hI+0wT>sy~0qW)>v!sFW5ZX5SFJ!K2di3JidHK;S<V0GYBJU=b7o0Gc->
ACjbBd

literal 0
HcmV?d00001


From 12febd68d694cc1bae44b0b672d88bf9fbe8568d Mon Sep 17 00:00:00 2001
From: Michiharu Ariza <ariza@adobe.com>
Date: Mon, 3 Jun 2019 16:40:03 -0700
Subject: [PATCH 3/3] added parentheses to FDSelect::sanitize as well

---
 src/hb-ot-cff-common.hh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/hb-ot-cff-common.hh b/src/hb-ot-cff-common.hh
index ddec517a1..55ae10efe 100644
--- a/src/hb-ot-cff-common.hh
+++ b/src/hb-ot-cff-common.hh
@@ -655,9 +655,9 @@ struct FDSelect {
     TRACE_SANITIZE (this);
 
     return_trace (likely (c->check_struct (this) && (format == 0 || format == 3) &&
-			  (format == 0)?
+			  ((format == 0)?
 			  u.format0.sanitize (c, fdcount):
-			  u.format3.sanitize (c, fdcount)));
+			  u.format3.sanitize (c, fdcount))));
   }
 
   bool serialize (hb_serialize_context_t *c, const FDSelect &src, unsigned int num_glyphs)