[subset] fix fuzzer found null deref.

https://oss-fuzz.com/testcase-detail/5844352760152064
This commit is contained in:
Garret Rieger 2023-03-20 18:39:49 +00:00 committed by Behdad Esfahbod
parent 79233a1492
commit f0f7f22525
2 changed files with 7 additions and 2 deletions

View File

@ -346,7 +346,8 @@ _get_hb_font_with_variations (const hb_subset_plan_t *plan)
hb_font_t *font = hb_font_create (plan->source); hb_font_t *font = hb_font_create (plan->source);
hb_vector_t<hb_variation_t> vars; hb_vector_t<hb_variation_t> vars;
vars.alloc (plan->user_axes_location.get_population ()); if (!vars.alloc (plan->user_axes_location.get_population ()))
return nullptr;
for (auto _ : plan->user_axes_location) for (auto _ : plan->user_axes_location)
{ {
@ -382,7 +383,9 @@ _collect_layout_variation_indices (hb_subset_plan_t* plan)
bool collect_delta = plan->pinned_at_default ? false : true; bool collect_delta = plan->pinned_at_default ? false : true;
if (collect_delta) if (collect_delta)
{ {
font = _get_hb_font_with_variations (plan); if (unlikely (!plan->check_success (font = _get_hb_font_with_variations (plan))))
return;
if (gdef->has_var_store ()) if (gdef->has_var_store ())
{ {
var_store = &(gdef->get_var_store ()); var_store = &(gdef->get_var_store ());
@ -905,6 +908,8 @@ hb_subset_plan_t::hb_subset_plan_t (hb_face_t *face,
_populate_unicodes_to_retain (input->sets.unicodes, input->sets.glyphs, this); _populate_unicodes_to_retain (input->sets.unicodes, input->sets.glyphs, this);
_populate_gids_to_retain (this, input->sets.drop_tables); _populate_gids_to_retain (this, input->sets.drop_tables);
if (unlikely (in_error ()))
return;
_create_old_gid_to_new_gid_map (face, _create_old_gid_to_new_gid_map (face,
input->flags & HB_SUBSET_FLAGS_RETAIN_GIDS, input->flags & HB_SUBSET_FLAGS_RETAIN_GIDS,