From b64ef69b9e3d9cd4e81a2149cea3fe6e9e371cac Mon Sep 17 00:00:00 2001
From: Michiharu Ariza <ariza@adobe.com>
Date: Fri, 12 Oct 2018 14:14:21 -0700
Subject: [PATCH] from encode_int removed assert hit by fuzzer

clamp the value instead
---
 src/hb-subset-cff-common.hh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/hb-subset-cff-common.hh b/src/hb-subset-cff-common.hh
index 7d9340010..549436414 100644
--- a/src/hb-subset-cff-common.hh
+++ b/src/hb-subset-cff-common.hh
@@ -59,7 +59,10 @@ struct ByteStrBuff : hb_vector_t<char, 1>
         return encode_byte ((v >> 8) + OpCode_TwoByteNegInt0) && encode_byte (v & 0xFF);
       }
     }
-    assert ((-32768 <= v) && (v <= 32767));
+    if (unlikely (v < -32768))
+      v = -32768;
+    else if (unlikely (v > 32767))
+      v = 32767;
     return encode_byte (OpCode_shortint) &&
            encode_byte ((v >> 8) & 0xFF) &&
            encode_byte (v & 0xFF);