From c0fac016dc017596e2d979e19e1eb8f88df38ea3 Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Wed, 22 Feb 2023 20:54:20 +0000
Subject: [PATCH] [subset] update the subset fuzzer to be able to reach
 instancing code.

---
 test/fuzzing/fonts/AdobeVFPrototype.ABC.otf | Bin 0 -> 4724 bytes
 test/fuzzing/fonts/Roboto-Variable.ABC.ttf  | Bin 0 -> 13480 bytes
 test/fuzzing/hb-subset-fuzzer.cc            |  49 ++++++++++++++++----
 3 files changed, 41 insertions(+), 8 deletions(-)
 create mode 100644 test/fuzzing/fonts/AdobeVFPrototype.ABC.otf
 create mode 100644 test/fuzzing/fonts/Roboto-Variable.ABC.ttf

diff --git a/test/fuzzing/fonts/AdobeVFPrototype.ABC.otf b/test/fuzzing/fonts/AdobeVFPrototype.ABC.otf
new file mode 100644
index 0000000000000000000000000000000000000000..ab1c925e449f94feec783a988f1bfdca9dc6c89f
GIT binary patch
literal 4724
zcmb_f3vg7`8UD}RN0LJzmlzX`2$v8-KnNl7sA4q<Nk9pNM+k_3ECdL}WFdqkK*&3r
z&AzhPN7w`c5v4MtQY-BgtD_NZ2krQxosQM19h{EZ;#7;2rCl}s&b@cTV|3JM@11kb
z|NrNIp8uTl-&;~zT0&zPk&)yDMMXK@vrVrNv2>ys!@`2XqFZ|svWUh6h-me~WhE;!
zr6(~z=2PG=EL^!N|MW+v&k-e@06uL|S>B4zaxVW3_#c38SOWZM!=X(?@@(L>B`as<
zJmjfwAc__GHm)qqD?K~@uYl#JfdAc6YpG7FN^c}e%mqGsbERb`#Zxc%FA01r=Fd%^
zRz);61pGwB7E5_jTq*ctGl9>o03oJK`Wf(@z|$)#YwEdyo&~-UxLj$e-$}-00NFTn
z<|<3&mJ^n9Wkhk1H$AY^y1Qoh9m+v`HJDe3z-uIu$V72hUW`u<8^;dZf*GQ9ge8M-
zqAwN<Lo@_1`s7k>6x2sSiSlT(*Y;pCp)r!kAS{wm0>Wq%8)Q#;ecp8Ll9M0eVI}<f
zPb~^}dh>ajt7|f-&PnzRr=!c=HJxLa%suk>3roIO!rd;1+bui42y>^)-Q_;sq~fV3
ztqqfS%%y-^mHoo=xf7FJ4ybg21mQbgn^eZTG~r3<PE5KT8k+iG`w7UN4F6{5a|%Cc
z@!A3lc`!U^pTVEEh8hRc_&*&38SwG!x~w~k*G7^bU8!*Yk9cDcN?JXg-R%dwHg8+g
zOy1_}a(8-Px|c_!_2JY#ZH3%^U=9y2|KrCWonQP;Bs=tz58zO})9GwDsPNtvh4<af
zJKG@C)8cSBI;w2m*5+IukS91>TNZKW6du0y(93WC$$zS+BWUY(Ib6Z!Oy1Mxbh>+N
z4wv04r(T%<R^)caEZ+BHZo7lGZcuo)JU)`SK0NBFx<cOIn8Pm)?U*^UtUQwN%k2uc
z*C@Q&X7_X+dK`Y+2kf5qJ#%@r-R`kB4&BQ$*Z1DZkGJ^S4!ULYmDH1+$9(O*yS!_;
z$RT6q@UknfCpPq7sS2G61w(%c1^Z7Qb=we6mls`U2%Xb|)@zMI4l%3JTuo8P=?0`q
zcsc}4JbfwVh$m<p&@cp;5>t2dO69=Q{ejS*`-4YM9gU5+gK^^r=RF)B=Zqh9rs{~(
zx!aY(-(MY;AmmCJb*jJasMEQp)dA)1l=%4fgW8m81BB7xWj7&?`@{}3QVek#Lt`n4
zQYe*fr-?L~rqT?WMRVvb`Z48EA>EH7u$)%WTG~LHXe(7xHPzC7YM~BtkQWE|Fg-?3
z(68tv`YrvA-lX5t`*fZ@rOzo$UoiuVV+kyUjc4g>s#I%OXQ(vT3?h1`)8UqHR<O_A
zT^@(4YZ5oRWs}R{QTP;&0GwTDE;K)y4^1p>FIqF&ezXH<dEBI6Yn!nW&hE}0mn?SH
z9<+Wmh0hQhNbHB0V=C^KCx8oP?AS=yhi+L#Z$8o*XmHD&-5oC3tnkP72U`1UA+QcR
z{!GgQeE*62xu@+O4wCAT!mUE$Xg&Cfxw*~X<dQSE{h~Oh3U8gw>txerb=D=vC>#p>
zZ6Sa-A_y5<3ub~XhvA3tp@e5}Px>?*(?f0kM(jH5^lsTy{L0>eN)Xa`WWv--;njHA
zrSNUfzp}6FRqJ!@zUJy|KDZNS*nhC6qqjQ*DPIvkUY*WQmwW8pk9Rs;&i!}6BX?K#
zp+1~wM<Y&INS<(ZQyZLzJ4^Z=k7WL$z1`Pjb7Q_e)Z0AZIndC*3)atW9bC*i!;{rz
z?dZFYKfACXu&T3lBKIG}+CAEr$pc7+YgZ*a@XEJER!7nz(<1948^hxw8Q~4@yxsTo
z>t0+BcHee%{xb@1S)*{<CWW^jPv_mIF*c@i_oKK#n%p?ZT|sE`bxh>ljkpKkX16eo
zlyn@tk1u_ub|tTlWWLttYijP@8)({pXx9dxul-<)YYjhBZnJq?5YM_5i}$SvBJ(bH
z-$Wi5?CuPBY#w`0OVDHYz{l{uQ#<OQv2Fo3N2LDHARKGmz^62XI(s?-fmQqsU-KlM
z{Oi4k3wU_rl?ye_@cJ(=`1ZE>54@Gbd+M-PS_+ZLev7-yyZk(I(<7TcSsJDc9@+Qr
zd9ExTsF})3PL%*}_-bCz53Q}ort*J;t<Bw7`zOl1Hh&rqpJ@*wH`oLFpYykZXV>AD
z;Jzt5a;(h>or1pJ=RgXN?<?iu?GfwYa)e}kb_EX~JGEy>;dQHdMD7oEEag29%tI)N
z4Lt)0D=?dHKDwN*=U=}1AWoGrlH3rgozFL?@!*+=vf1vxpC77PhQnYECpR<>&ga;t
zJ)R6)Y@*WPYAc+%r0C&<d;UcR!zZB7yZt3EYvWMi@X}$k(Q0r3H=vTKkJL=dq=RIV
zYG{U3PuW6`q4(>bqr^Q4{-s8%s##;!dLtPm#=N2;N)Blah>Nw6ZJ-=cxh137U^1E{
zNmNSV*T|DskY9pAn@0<z_rAU;EU^+r=V9+jN5H74o(b;^Xi4aWh9q2d3PvMdfiD;y
zMxQr4JUldFVH_(H+{QS}tVPpcMt1|#U<p@cK!**qf{y91@fsczmD44iZl-LuMuTD0
z%<MYMD4uzASfW_gufqn=b)5{~YwV;>H&GIMQHRYmmz~pLT;5Ww4#(1TDN%>xuKLM1
zWlQ(!^id>BRXQ9`IZ~qzkEU4Z866%&)1=cnoB;hF>aYy`pX%^fnr65~hZAX$Azz1Y
zq6~vWhm)wl@C+>=EA6DcC>Yym8&yyZvXFyaGK=N{%EMY&QBt-5&Qxb>z<oE(#9ODn
zS!5aE$)e5RuEg9_%DPUr3|zv31-c$lwH1N0O0~8OGgd&N?S=L&$lDh9vIm?(Y8G^5
z<DE_Op|gPUsYHdMo|RD%J`-=$F$0`iPzo)oo*G@Y1k#06hM8*G4S$3W%5@ehR6j%<
zRVbm+xh(KxqukC%bQanHdExC=jP+<@#j;S2v#@4!)UrJHn&`iuf5p&PM@yis9DePA
zoke;^R)ZGJjmVZ*wQ6{=8)G5tYgq9J&()lLo8@nk`XTZ^g!lSfu0$-A@N^U6cm$Dt
zx34!!<bQ9;C}+O9k2WJ~-)-$G?^Q^-E-Q+9Vy?}>57ByUes9d>wHBkf|KF@dwcKb)
zyLoYe4!<e>wZ7qDxFfE864g6cR&Va<n3xAhivCS$jJde>^+(9!=jk#}7`f^h=SfLg
z9Z1IA$1$HuY{!=BDjH8xK~ZrjjeEpWQ$^!c5izTAiwZ-i1q_3P&)Wiw71;mUUm6Wx
zrrhCoaRYD?bt?J@SjC4wreg4{82(VjS+nXHdT3K&Qen}Hn6>{u(Ti9701B!`7aj=D
z<1s>7^?8iyb0Wp6G<0g!(mWS6jd0gQA0dBr1#^UjZ(Tvbt7S>lN%nzqd2IYe_+liJ
z(JUxp8dfD5x4Wj=Dv<h$ZQ`F<c>MqSFBaBS4_GW4t!o!nMQox9r;}8-t)hk@;|rFS
zu0Ty>lt>w<5KD2!Yw`1O1b_d6pO}fxVi4^=Xc{esiQNPoUltlo!mo%|!`Y<~zER>U
zMBtKRgf?1wLBkEo2ra?Tj%5QbM%X|mwWR_^bgNFoXOz0{1-^KMCgDEPa52Ihn#h-g
zSYv67h*NmaI@U~7wG%Ulm{nfUsZz{{IJGD-Ff)rmFJcr}EW?_K=v0ieQE*Y;wJct&
zuZT#U8^aRx7=SXFjny%nR+h-{cc^**i!4d?Q^Xo0cGLMc-b+?Blu5@@x1}^@e3msM
MmvSKx-D?8-FZGsYfB*mh

literal 0
HcmV?d00001

diff --git a/test/fuzzing/fonts/Roboto-Variable.ABC.ttf b/test/fuzzing/fonts/Roboto-Variable.ABC.ttf
new file mode 100644
index 0000000000000000000000000000000000000000..6cf001fc854c4f501f2a4bf4dfcb66a28f8aeafe
GIT binary patch
literal 13480
zcmbVT31AdO)~@RAxiT}kAmNxmPiSU15(p#^!l4Wa2{+_~Ot>;RLGBQ)6(o}c#1St*
z1y|kG6<lR^?VxBxR1jrdS5Q>egL9R|-vdDoLynpLzv`YGAg=y@&2)FYqh7sw_0_AI
znS@Y6NHlH&DI7O8J;Sw5dXJD^qrfd0mpLtG`KB-8LI05uY8jW4m-@SH(V>J$e}TMq
z{PZ!|x6OOwVM2Nj0{!o4ISGlC6THU=(F>ppb8^SzZc(P*MTny_+Q)lVdMYyRa_I=^
zQwjN~;zgdN#6li{ehKIy#VafABd<Hx5z_S%=s?-h@<o5v)h0r|osh7NWoR$XHU5VX
zrwjImlzWyhB}UQ>{;~co<qOx8HN2Nl3)w<K`19q^r+;=Qp+6bopXQZ%O89B<j}fBV
z1pVZBV1(?`JqP+M=-%@dRjzit$J;?40Bv8mq}U^P`9jdl-^fLt)l2#M@WY^UnS8Nl
zQEB{)0yiPu;IFag(k06)l|=+&=@ri8ODjs3uE{_8F#>ESggZ)j(gSUK>SRRQM69Hr
ztFvG*gjlV5VzyW~BhOXnIAaBgON>j57@m+ce0WksQes5Xpuv<%G>OtaNtBO@9m>5O
z==ly8x1K%}=)te&2ApX*s!M1(rjwg8bqU_4OwRV?ljx9OWWpx&){P8eeRb>S<ofiX
zPG_hkjH`&T*+SL6B9gS;&{yQ};pi*2Pi$gx^3WkprxY6@MZ_ld<f1z3^#(q6Si4|Y
zY!{8q$$<wrIxS~y`fck91LqFXQ%mJLU9<kQXlh{cB06rCckGC@MS%+(UEOc~mMN<~
z<DUC{%KQnLr3p<x=;Q%&x0Dq;G|TGm`-E#nX4XpA?^8^rkI&ikng^3eRx95NpXuHv
zeMpomq+3)tU(uWBOo-3>NqEE4q)<-kHIN%Rbja;oQet#;7il0Ep<Gl{=bm6BCktH<
zgjId}Le;THva)u3cK6P6>%$I&PTsuCv$Z&Jz^wZ{cW#+PKk$9AzOb%w$3r_B_Y|%@
z@nG53%!!-csNA|>|NU80w=h3E$|Yg2@C5vbco}Zo1usa#`$?mJn-Bb|eU@cM9$ofw
zbw)<*Yn5BxU1r%Aa{J1;(^hBob4*^DS+aUGU9)UY*^~#~TUWO3y$7e1zO-V>;*mqk
zx6Cfjf9Q_kDT~-#-U~!u67IuX4kmqFonmbLx^Wz}IVpA8c&jCBos}evPKxX@JRu=L
zok$fn9i~$HrKyyHQyI!}*@1%`?J<5{O3I?lQ?JrTil1CIYV!T1;{u!J(r#1c4@)S`
zyh!PozJ=b@kxL%uI&JPVDS6bC-Ypj4KIhcc+2dABF!*2J9-lpYWd7jIL;0-r6LQw&
z_6P2<{)J`mUc-Hi%VH&Z-eRE!ew~hzgd})AJOSwYIn?I_mcLHVtf3PEE3LnypMUC~
z%zxVwE!@|<od4ku&CBTv+qYwe?oz(Px_XE7V@T;99l=*PZ-o>dNQq2Nz8NaK3YA$0
z!!~~Z{DL<gUv_)JuCF%jy!=4eTVd|UmK8m*bY%Z23u`B@*p>yboLHZ_PCo6u?P+R!
zvuy3j2TQkQWj%ak?dX!f_=<*3-HL?|e~=Ea`l856V!+&mlLUgS!<`RXfmkppA;ZX{
z<OJ<O*V4bxE1(&dr~0J$eu;C#MqMK|Bhw;pUy2yWo+rNiz~0o|f7~?KxE!PjR@K69
zCMCKQ(nDw=&*_Ge)xuih5wgg=!bZ|rS559>b`1*y7BrdI)IBiKG&tD5)|}mqL=f(w
z4+7If_n0mTu87)`KSs(}H^Hv77Mk~3os63{Z5(ltF(ge-0)&(q9^;6e&_6J-Fanu}
zfaGy!CfKucaQvNt1UqN}FJ>`KQE(rlD9QoNKi9+^+aG=8?u{F2YpT6f>+f2(_Rim}
zS-ooIipu2`%a$%#ylCNqJLb<TFDor6F7g!4oilsZ%mR1*jOlr~Ia!(0rcRkWY2t+O
z<1+e+;UT7YT4xSPlhR5<2E>!P5HqUg0r6DUr^yDDDNl>D%dV{a*h$&>>0@oNv2L3b
zE4yUDk<KnpiLba-;D!mbLR*-alp{^bD#*8|`wG=o;N;#wY4Q|iQI!R2GMAQ{FK5Jo
zuSzs}oJvDcBgfw)p3o|m>@vyp`AX^t?|>PXt&XY{UD~~FjKnR;MR8KBlwS%{bw*-|
z%`Hqr&C*(<_HpRJULQ`1a23yx>S?f6kT2T{%iQCkO*n_FzH{oyP-(SRFO==YcDt;1
zNJW|XzF3(SO12=KosWo7kIfe=#oFEOdgWjY)0SdkizBIZ65W(l=c1c(3i8pZY~Pfd
zzlWn-T4AcYt~X@)^>!k=R4&K3jLB5&j3ARJW@Zm(RP}B3E+SW{QbA>?bTLMu@-(Ga
zUBFRsJ*V-)RlPbV>j)AK5<!!=R0((jct(v^rD^vKY8xR5XOdS5M+rg)pS6N0VIo~2
zI+xL9a#=Vlhq+*^J>cvEu1%D@XrWeWtAkC90PK2NRcCV9;4Lg^tbMc!nv7S~#)Icf
zt%D(SsSP}@eFS+0`7c@s?5lTZq_Q#~KD~~c8Yi{GIx8O&m|jPx#uWnElR)y0bUR=z
zyK?fGZlMjBk9E7p4v1&yvgb>sHpyMrxwCI+I?PCQ9=)?L&X+GUkTGaU;UfT4-Z7zA
z$|z(SSSWZ;0IPVqy-+SHj6>BPp5cSoUhHAoB)X2{9d%T2(A&xFh?L$Uhe)NVvRO)P
zlZ+;#HHn@{3{t90qqR7vOX>Em^L@oq5isY<%rCc<xjnEgyCjb+NU63ufuv$Rb)^_Y
zdL5Y>htW&|>ZZkI&cw20!?*i<W9@Y=!RaaXFnVk(R=O`JlE#i@%e1vcy4@$cJjI33
zNO!Bs1LEO=FJ1E3OOP%wT*N9zLbafP^^#kV@3WLhB@$xla``+Mw#{Dbw)xz}YK-9y
zTq6VGb?x~mn2tEM>K(;pxM3j_6-q@KgRRG#dF3}V%AnPeCrxDC!P$w-Ydn1urSuYL
zu**{-^T1uKy~M47gk-9j;un=*LINaIB|GL+HSP-^$&kV*$W;mi-afhfMsi*onE^4t
zAUFnUSdj%M!&-i<e1}b5=w^7)R6KH3k=<txmqtkJrs8ZIq~i)@onxF_RqVkykcEIf
zFeZXw&o2UcVKAf6*NQka6P#^5$%`@f9ZVvL(p+@SIan0rs!V&K+g?}*F1CSKn_br7
zX)p6IaIr+2iT?4<M7GDn<I6!?!j_CpHX!Ghc}k^Nq;v4xYFyRnL+=xTkbIfgd_Ku1
zQ@H5JfHKTGWxaC(d*Hn^PV$su5?OzCPpR5A1MaHPVgA|DrC2vqI0uV63mo!85xW)p
zfJS*XR-4Wd;fwUyhx?GHW+TN4&f@8X*a+<5_6)l^)gB<31z`fC+%Tjmny_Nk_AtS`
zSrk_{+u&&Dfa#Ez#A(V#)hay8&X+S;r|fM|->58$lesP_5V8rP+1O8z6);gOcsj=f
zgx3Y=*;s44%wh9VlZMuQ0&8jua)QmkQ8O*uC$W=gE|@icwNCZSzHCw7CWmZvV4`IK
zK4@YC8&0cDwGOAXHgE~<Y6CzWU9p{wz14vf1_{A|u*06Z8L|PenRj`x>OGRJUOAA7
z9k>uwq2zY6?(qifSPRv(PczKI1<S@;h9cOL*16dso1w*qpfR+2h(pF3gM!aYrUedN
zfTjA&`Uyr4UNH)hQ{$$Fjy2#Nce9DWA`Py)Qky)_9ao|m(`%0jc4Sm!?&2)<d@&QN
zL5ejXk0Am`Xm&X#4%>!0w!769PC%Sx2Zl<TA(0GVC|DuUL?+UB%5DTpOBye8Alquv
z9*$6>l)@e+DW#6124s8WU@6>cL8A8+7nW#SGonmVY@^uW2=Tx~<Bhpp$x>5pzRo7F
zm4y{0uhOOz%L;K}3T^UL$b>9fS|p83=4%tOK&p*dw6QeR`^q>Y?ESoz&-mLq0~FNR
zlufE5EE_qE%&}kYiq|G+BI^LjmD7eXkqt$MKx0k&e8nD|sb+_=6>4!tfFFr54ad-i
z2giokti`x9S?}-x16Il0d^UVDK%j!h3_&>Jcu<438NzT3{2&rq(C>OhVF3(kYoSAY
zVNb<*P^>NtW{kC473W4RgI$Ht%3xP;C7FY()N)hS51QBJ)O4dzYBR<*da2DKqw1&y
z$6vvwLyt~-IKnkTojNB*0@^pCjvAan1t2mU!yMuBnI&yYky!eFl@J$EkCViW?0h3b
zUWcjo`Ha?EON=+`Th#_^@ne>)ZBJ$;xEw;#WOEujzhDAo6U##bF~95HVQ>Q~)Z;{l
z?NDX0rPy(k?8;(~K%)sFzC=xCOtCd?W$KdF%-zh*&0mL3Sft)TFv4Yur_LG6E*lG-
zia8l8V@aG_J94dK*r-;QRCS!)J|E|-G>X#}HcHg($Oh0hI@KiS!+~eM2U|1p5X(F6
zt~g6&v-2>{{8G4`jv}M94?>cLxE$;Of+K&FZMYksB<huKVpzUHXgF;0xN?1Vdw2vy
zK6@lSTF4vNQWSzRN#$V|*E@q+Yy=zPd_GN&ox&}gZ&D6|z&@jeq}W2>Q`;x5?Q#E2
zjLj)67x}85%#&8fvRKrUIno*&7t$ozZl8suh^@Y!Oo?&(eArTb68j`Ioqe>yoe60@
z85G0L2kb1<rr#q5pUyfmEHHqv)hoMW*hi)Ie!Xq|u0p@e17B;$^`!ik-7?70ne48<
z)uGlC?8cJjh~NzN?VIH*zz4+GdeW11AM}UOp)o9ts}5~t4q<&LcMVyWxAt~LymO=?
z{_ZwKTr<)ot{$a`t47@>t{iF*SBy}^$`R$_^5N6Ois6d5ELjnkrW_HMq$uLzVROVq
z!;XjxhbiKMVFScFhIJL^4^hN<iHcaBctk8qQpD21idZs85sL@y7K;Xzi=KgsSU9js
zoSUGCa}u_Svj-^RtawG78K;N^{f~(5{)(92-zv`Nr-;-0Dq>!r-ePW_0b-70j+pIG
z#4N{dG1IAt)0|b})ZU6XMT!$AOS{EMk|Iu&ri&9mkME_3<Lru<VXqL=V-<01Y=xL6
zDq?ESt>T!Tis<U0h@)c^@wSm$UEhkMMh+223=I{BCs&9m$<xGP$-Ttnp<BhIM3*>t
zP=%N<aH1I3-zE0xCWuZ)U(u0d>o%)*_efFFb?-K-S2snBwcjS%Q@Tda61xr%dv;O8
z9?^;z6KxP}N!?;*b{!HOGqXFZbz!xrZnsD8D(EygGB09qcwVGC+-)6V$<qxH@+@w_
zEedl5E=*W2Tom}QIiY#xAt8B&A^JQznB;}JL)?1zdOc0hPtz~a^P}~1_3QOKaVHR(
zK$eh;gf|T_=J7+gJfoX)i`-m}3***v7df7HxpcIiJ}BqLO{zC2*^^{b=1iGxk{vnh
zj*mF9ev?e{3TEclQF_07!+rOW9;uV$2XpfG;ESCe_!y7R?OFMC0)M}Ic_oP>adC0%
zxx8`(BN(YMSWTm8T>FbDQ1)gbR8Vl&THRD_WvWUYwX`-W`$ip2GcK+xen}uC3g1h0
zW|uI6eJ`ne-+BcKm22Qff&PvV@;W&{p1^A#zNvc@-~BRbBiT=OgYy{qn7l}K(6jjU
zf>F;=GpQzjBYz~D$;0GTeD~LdYz6;LaxZy`oL2cyke7p2o`IdGVdrJ?CR$gM`=R+X
z*#nyoksai(u>1!72lcDA$C2&mSF^u^`~j9_;w2kkcN^+^(Y_1GB*kPkSx0KXeGvLj
z!;??QY3fA(_rQ-Q$WHPSzI|oCN)R%b%Vyug2`1F%;L_?8zr@T5);SVN?g-ZT4t$|Q
zT}PbgQ){ayG2}_DjxRkd@JZ!UN<zrtV4Va1!(g4qcaA56bpdm5E?Cz=|9Y^lZ})*3
zh=p=NzLA8}&|uv}jI?L49zr59Uaem<385*$dS?<tQ-k#=(w7FuNTW$lx-rP_LVD3>
zg7vP%PFsEMMtalpL4J1<!-WLvHsa)3`-&kwxyeDklSFdCxY0hu!mSPR`;riDQ?Ndk
z*tspidOC^c_5|x0q!)KOSRY56SX0_q#*^NBYhM#cUw&ecKatq^ieP;b>Cd;?oJ@N0
z`-A)`B$02mIhEWlga`T4$Pi&_u%1a$gz8{DizExJbC*p<2$zEV9FnN(AFSt+QMy^d
zdL9{~+fLGuS(cJDq=L*R<zybI#5cQ%_{C{3UUo7L(k0+8B&DDxkj232K-9*7vk=eh
zwpPnks+25;W(B@EFU2ou10i2Rif~op$_B5TtUx;tG^VS1%h7%btlCKuv<Klegp35m
zJYZMH_5*IRFas7^eV&0@33{0aA1h&hA?RX~3wl1RrvvMi=+i?cx3y@mO;LTF56>2n
z9Ml&<Cly{TgvHipyM<OxsydEhvOtaCV(6BlCpP*L_}|(yi|);`c3bT}+)D4iOK*(k
zt=e}S*RA9?kM&kMt)sn_tbH8+P3ynKX)2;qfq1j|Vl&NZi*K0ocJ6?-n0CZOM|rzH
z?UDN>-Cx(ZF}}ZKr(=wNN$2J`|B_y76n{zHKE7YmY>)Xb+4}i>wj%bow`lk0*Q5FK
z{{BC0e%qY<yszIfOFwV*Tj%ZPEq`r(e%_)zmjCy*?X%5x9knQTAPe29Q2csgBu4yR
z7lvP0coG>@iotUbWE3yGdS{l{i9@?6YV5M8_rB2N2tIwgz|u<mJQt2w2N=QhASLuC
zzgiC=y^+g>u^E$d$-v?@6${D0@`}<0WZ*(i<zi%gu6QZ_5~S;b(u&2TCt6}}M+Rku
zSz>qgV$bf78u7$Q5F=3g096JVhZE0OJXaGRehbo}MwDwf)o4%lxS=SQZy<l2V6kGc
zV|QJ!rpK?tjHd^e`NBNZBFKI<W)zE|_6sSgVl=@C>DOYBxV)HjUA}x!@~_51i%HK8
zvEVSDJp9qAy@spzcE7bTzzKG4CdXMtEzA!4WtWgbTuX3mV517oCP-FXcy%nA^v3&H
zD73b^2@fnnJP{t%F-WiwwgyO0ias4^X(9}C`gShSDWwmLv^H|e`p1(kO`MYb@@LjY
zL0R`{zmR55sc1ACS`;O>$!uz7K)|um7}dE`gbHWYfl(b#XW*5Pc*3nJsho%NELl}P
zuM!VBztXc1XHpJGipRiM?puqq_cQoX;C*tITv8n&)JZ0xJ-cS$VlHzy8M2kdX!d0D
zO(?I{8I8Y&3i1T<Zjf$j<LPKT>Y#Cs)$};3rw?j0eXC8+K(B%an)9{sOx%8r=6-17
zh46OpK=avcJTqUb(d>yR0FzoDtUYLqn)XEv9R#m%#sdN(NhpgC8w>MEZ4V_DJ2eJu
zeC#5WV#HdV>5ioWC^lL~rBkdvb)1aKpnBY4O_hzqX92>-rc&dn5#HwqsR<OHXjC6r
zyNNUe9@vAjN%(xG`NL$BDZ?*n%qu#D;uD|RJENxJlY!Pdqo&a=xU=3Fl}V8|)ZQ7D
zMY{!iXH+)r9_*b_In);Hol&_I*-?!Kqw>_aL7A8s){p1CU-9kkv*-fJ@kp1NZjZ$-
zb(Y1=PD&d3Hy3fCA=6?-rC7{a#=sxJ0i&$kuHGx@Gu&(Ze&I`9rhXPdi}-m5SZlQ{
zvv3wyl^$q~#T-hofxksVh7d?kmyXHR($fX|T025^xs=~og{BuGzdp0|?uQ=w_FM9R
zm*muvoNE4Pa`Mp{(%D6}TF?A*<Ss|kqJp}*>(|LhuS=O$i>sO!wr&+_ggRYl{R=K-
zF89*jzosgA%4%gb_x<<yTB+3gP?$ll2quHUU<$`yzj4IsWkKSrc|WE8ny?l>4Yahh
z_?xdcHX>O!dP$&`1gd#15a4RUc#1!N;uNGLy&i2jFS%Aru2u82v60rO<1E2AOE6A`
z>^T@`VTW-RbQou%|M}-XAj2k4p4|WYgWI-=;=woHJn+_AZ=DEOTdr<zu}vy3FP|La
z@7-H>_Tx`ZojUdJi{w+U#pyhF@Zgb45&g5~&6`(iz{lyZu<*zzZ>JqQcI-ZO;Sv;}
zasJ$Y{^!EgmfFM!v-$h)j=lQotM7h!wWQ?m;j89^2{UHQD0dIQpAA^9AFZpaJA669
z?>`@wk~MYe)QJPhK(FPkx2#rc)8~g@`uzhBJWy+BX}Em(%Kv=zgSXSNWy|IaiEKO$
zFRj*Zt}E0mD7Cs>7cai}WOb@i$zG=FKfdzacUP~zvh$v?$_izH`dX>KXZxQoUikC2
zvC1lCp88s;-?Hod_qT1^FjiTt6soTZx&;$d<bBDi*XfJ~0Y#5L|1)@d>5Zlk6eIW?
zE*&Jipr@4a&1Q25KB#*!8vzu>%X1KKz*65B=J)#p3PGM_GE}@&QEIKwYVkAOfWO7>
z_x5UO)`~yiS2R8(ens)OXp$Dv<h3XYjNtDuAo2S*!Va_Ljo?u@Bxw8v5tFiBt1S3h
z3yOgN>zDJgW;MD1phS6Z2ozDEPiZYtYAr1-ki%;8^@fIqjXEX_1iYP0CX+z`A3)@Q
zHq~;iwvKXvuRP$Z82HKqzNU1*S9S+{^~*nc^zR>CY|uw^MTy`qoc`zGqet^+3~D%i
zeBU4MN7;G!{Ke)3H-^Vwym<2KYD3GluTMH`7NI&STI$keSOFk5cgj%5$wSZn9`Jhl
z?=}6l4jwKE%7xEAJc{zk$@AZEy@w_}{M4(*zcG!PTY=(9>#BSrKSj)5zGu&HuG-F-
zqGQi|3#?Fj?W>a~-+gBD=FPhfpE(oTb<p&cD_71;tVvVmDARE*w{CfE|EZrazq*D~
z`=8sAt}IvPs*+M=6=eH9yTpQj@w0u;Z5;z3l~%cwT(6g2y;g1b>HG(WMkm@rs;SxP
zrB-vbA;gwA`q0sH*Q)8&%Qa5Hq8AK07Eu(1(;19{V8IE;Xwd6*KpBcor>9<G@`eTi
z4UN!h`l(s4Mur=zqadKHfnbj8WEEN(t^+R(4K@7&O-;=}5+)Xf058o=O-*PCSg9}p
znBXsP(Cp=z$_A>?jh)pgW&;Tj3TSEws`1ihe|0aWr528BX`-aX&#T~oG6M~#v;f0k
z`ITxz)8$K7%weH$kAa&i@QE6&<|~&Q6a<heH8-MVIM9*_wB&R^OJ+y3<Q@C)$QPHJ
zO`W=-bTVA~=3hrXJeHR|h<tPE;IogS?Ec5sm+7EfBt-tgg)e`oHuxL9ITPC@gs+Z@
z=-IVvQjW*t$xDroJ@aAxvrj(x<nH%t`aPPEZ07<OzBu*)%JI|ZzvZOF!H@0S|Jk>u
z6!(0Tg3(<9$6wm1p(RvBOO*ZWcPd)0o;!8w^*=oP@WVUb`1GtjcG&cV3m4`Mu1Qta
zC`*+JUG1M<dH1VpHM*a^dbj>h8`6{taMvhzhWU2Z|NZpE>nImbAAV)$y)NZW;H1L4
zyB}u?F#!V<3s+r?g5DTn;&?TgFwp6cRCGF?BL;vf5U3HLhE*DcjL&Imm_@cc+2koT
z7K9x6BfyYNskb|(9dp3&rD?DkW~vHl(Wbu!FhYBxR7WunS|OrP6$8j4HC1qqa@1==
zN?`?=qq?)A0ZauMYYwDoC_q{f(AFQQjbg@{*_a#Q5k{dm8j(P?{iqcAq73<h?bo?L
zKye2I%;|uDq~?A5PH=<L)6)mEeERs~qWI~@?;l2{|M*9t`KRZbqtj;3o;|i(bB`W|
z{~Z75^Ups&@#Q79A@%M1(MKPhr7?pui;9YB4V>N@5gyqo(%T6bsQcHCjh*^3jjI<g
zUb))n-;fkxGFh9CzxLW||I$0>&OLlsu#K3KmzP&OeV~O4v0Oj4ckkZ!u0#X^=R=dH
zVQZY|a*%#r%b`OSi^c!%4_^Nh@K9?Av@|t0e}C==Z|4OI7R(vdo%`Yt)A;84^`A&{
zlfO1@@0F_uUwFjl^F1mbx^(IK^+PW`es6Vk_2wsc*I)gy{@Djmzwep7pMJV)*NzPg
zP<ZjxTc5}Fv(CFW3Hyr<FBBcpgQ6IWNXJOX00`Bo`JN)i3f7qcaYm%^1+sUe4%3Cj
zyaBU}c>^K@6(^fGOyDMm3W_#p;Gm&xE^H%$Tq{WYW}ryjbz1z$8rXGUh;1$mEZXjX
zxwmxKb<hv%i_i^K9Co5wla`Ixj)6^w<rv;8uzmwxBhmy?4oVHqEtckHw(}_d=0@PA
z)}XoI4|uIAb~x$>nz8qIdA3_^(6R~p*4qv&;gpF>AU!%@spA<g?1_!Wz{}AsUvA%4
zS9j$KdE86z{}J)k{Hf8SPt}C|wDQc`L*GoiR5JbaX@`R(<Mft@(;MXc-o1Q{a7Z8a
z_I?+RY_GlbnoC(C+;`uPKVojyv$LB{;Y~=^Cac*D_bnLtCLVjQQe$oj;NXVL+tS$F
zT#Zc)+bh-@kEKj&!q`gTkbfzs!_2XB+tpff1yZC<ZJn@h=sg(Q=wPOt++l1TGi8s|
zS6<w6=){S0mzo(w{6Btu?%2M%ms4-+?LT+)Sznq4CuNPP>cMCKe&Ry++sVspfBo`8
zwNY;l3*nS&m#<exhsSj3GB^(#Z0?Y7g}e6I{$1E%pF3LPQts$%FgBb%_U?fLZyiQ?
z|Kl%CH2{5Ml!eN&@a_LN6&RFVjFLIn{ME6)ZA5CTBA>C%mNrxyG2y(aA;5Fh(JdEF
zp8Ury9N?aL=bHvobmEj^oZe=qV7Hy2OjWX!GTl8-?fLNQh8p3@=Py6yOIOOloC;xq
zvM}`Cr(XKxI~+(FE}s2o-BX*#D2tSt$fDWazsBi9L#-i5F6s#<pzv4&=1?o!Kn-j&
zWlsZJ7FZNkFAsDpcLQ@9%s?qt4GwM`&P|5a>{ny-H#Ta!Xl)NLTbdgi8-aD4dyvW0
z!m2GT*ml^W!WOD*GBK>G=~MBVFr#ca;K)^D1fbcJaCAcq%h?d9kJcN{vN(=rf)^ZG
ft7l6ES8WtlM@u6{d%YRCmc#$Xu+=Wq00{pJonEOq

literal 0
HcmV?d00001

diff --git a/test/fuzzing/hb-subset-fuzzer.cc b/test/fuzzing/hb-subset-fuzzer.cc
index f883a3d3c..52dc343dd 100644
--- a/test/fuzzing/hb-subset-fuzzer.cc
+++ b/test/fuzzing/hb-subset-fuzzer.cc
@@ -11,9 +11,9 @@ static void
 trySubset (hb_face_t *face,
 	   const hb_codepoint_t text[],
 	   int text_length,
-           unsigned flag_bits)
+           unsigned flag_bits,
+           hb_subset_input_t *input)
 {
-  hb_subset_input_t *input = hb_subset_input_create_or_fail ();
   if (!input) return;
 
   hb_subset_input_set_flags (input, (hb_subset_flags_t) flag_bits);
@@ -63,20 +63,53 @@ extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
 	'3', '@', '_', '%', '&', ')', '*', '$', '!'
       };
 
-  trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags);
+  hb_subset_input_t *input = hb_subset_input_create_or_fail ();
+  trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags, input);
 
+  unsigned num_axes;
   hb_codepoint_t text_from_data[16];
-  if (size > sizeof (text_from_data) + sizeof (flags)) {
+  if (size > sizeof (text_from_data) + sizeof (flags) + sizeof(num_axes)) {
+    hb_subset_input_t *input = hb_subset_input_create_or_fail ();
+    size -= sizeof (text_from_data);
     memcpy (text_from_data,
-	    data + size - sizeof (text_from_data),
+	    data + size,
 	    sizeof (text_from_data));
 
+    size -= sizeof (flags);
     memcpy (&flags,
-	    data + size - sizeof (text_from_data) - sizeof (flags),
+	    data + size,
 	    sizeof (flags));
-    unsigned int text_size = sizeof (text_from_data) / sizeof (hb_codepoint_t);
 
-    trySubset (face, text_from_data, text_size, flags);
+    size -= sizeof (num_axes);
+    memcpy (&num_axes,
+	    data + size,
+	    sizeof (num_axes));
+
+    if (num_axes > 0 && size > num_axes * (sizeof(hb_tag_t) + sizeof(float)))
+    {
+      for (unsigned i = 0; i < num_axes; i++) {
+        hb_tag_t tag;
+        int value;
+        size -= sizeof (tag);
+        memcpy (&tag,
+                data + size,
+                sizeof (tag));
+        size -= sizeof (value);
+        memcpy (&value,
+                data + size,
+                sizeof (value));
+
+        hb_subset_input_pin_axis_location(input,
+                                          face,
+                                          tag,
+                                          (float) value);
+      }
+    }
+
+
+
+    unsigned int text_size = sizeof (text_from_data) / sizeof (hb_codepoint_t);
+    trySubset (face, text_from_data, text_size, flags, input);
   }
 
   hb_face_destroy (face);