walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix fuzzer crash testcase 

Add a check for stringOffSet(uint16) overflow,
return early if overflow happens
This commit is contained in:
Qunxin Liu 2019-05-24 10:58:52 -07:00 committed by Behdad Esfahbod
parent d100ccad02
commit e1a5ce6aa6
3 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/hb-ot-name-table.hh
View File

@ -186,7 +186,7 @@ struct name
auto snap = c->snapshot (); auto snap = c->snapshot ();
this->nameRecordZ.serialize (c, this->count); this->nameRecordZ.serialize (c, this->count);
this->stringOffset = c->length (); if (unlikely (!c->check_assign (this->stringOffset, c->length ()))) return_trace (false);
c->revert (snap); c->revert (snap);
const void *dst_string_pool = &(this + this->stringOffset); const void *dst_string_pool = &(this + this->stringOffset);

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5077547978588160 Normal file
View File

Binary file not shown.

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5761434614497280 Normal file
View File

Binary file not shown.