walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[ENOMEM] fix access to unitialized memory. 

If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688.
This commit is contained in:
Garret Rieger 2020-08-26 17:31:50 -07:00
parent 45de128930
commit 9825e3dd2e
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/hb-ot-layout-common.hh
View File

@ -2537,7 +2537,10 @@ struct VariationStore
for (unsigned i = 0; i < inner_maps.length; i++) for (unsigned i = 0; i < inner_maps.length; i++)
inner_maps[i].fini (); inner_maps[i].fini ();
return_trace (bool (varstore_prime->dataSets));
return_trace (
!c->serializer->in_error()
&& varstore_prime->dataSets);
} }
unsigned int get_region_index_count (unsigned int ivs) const unsigned int get_region_index_count (unsigned int ivs) const

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5137462782066688 Normal file
View File

Binary file not shown.