[fuzzer] Fix hb-set-fuzzer minor overflow issue

Size shouldn't be smaller than the struct not its pointer size. Fixes https://crbug.com/oss-fuzz/20655
2020-02-12 15:41:22 +03:30 · 2020-02-12 15:41:22 +03:30 · 97229244eb
parent 7b42403c1c
commit 97229244eb
2 changed files with 5 additions and 4 deletions
--- a/test/api/fonts/clusterfuzz-testcase-minimized-hb-set-fuzzer-6255224052514816
+++ b/test/api/fonts/clusterfuzz-testcase-minimized-hb-set-fuzzer-6255224052514816
@ -0,0 +1 @@
+       
--- a/test/fuzzing/hb-set-fuzzer.cc
+++ b/test/fuzzing/hb-set-fuzzer.cc
@ -33,15 +33,15 @@ static hb_set_t* create_set (const uint32_t* value_array, int count)

 extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
 {
-  if (size < sizeof(instructions_t*))
+  if (size < sizeof (instructions_t))
    return 0;

  const instructions_t* instructions = reinterpret_cast<const instructions_t*> (data);
-  data += sizeof(instructions_t);
-  size -= sizeof(instructions_t);
+  data += sizeof (instructions_t);
+  size -= sizeof (instructions_t);

  const uint32_t* values = reinterpret_cast<const uint32_t*> (data);
-  size = size / sizeof(uint32_t);
+  size = size / sizeof (uint32_t);

  if (size < instructions->first_set_size)
    return 0;