From f41945e313ca053253bfd339186b87c977da3bf3 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Mon, 21 Mar 2022 18:24:30 -0600
Subject: [PATCH] [cmap] In collect_unicodes() of format 12/13, limit to max
 Unicode

Fixes fuzzer timeout:
https://oss-fuzz.com/testcase-detail/5062368881672192
---
 src/hb-ot-cmap-table.hh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/hb-ot-cmap-table.hh b/src/hb-ot-cmap-table.hh
index fde57cdc5..a8747ee5a 100644
--- a/src/hb-ot-cmap-table.hh
+++ b/src/hb-ot-cmap-table.hh
@@ -714,7 +714,7 @@ struct CmapSubtableLongSegmented
       if (unlikely ((unsigned int) (gid + end - start) >= num_glyphs))
 	end = start + (hb_codepoint_t) num_glyphs - gid;
 
-      out->add_range (start, end);
+      out->add_range (start, hb_min (end, 0x10FFFFu));
     }
   }
 
@@ -883,7 +883,7 @@ struct DefaultUVS : SortedArray32Of<UnicodeValueRange>
       hb_codepoint_t first = arrayZ[i].startUnicodeValue;
       hb_codepoint_t last = hb_min ((hb_codepoint_t) (first + arrayZ[i].additionalCount),
 				    (hb_codepoint_t) HB_UNICODE_MAX);
-      out->add_range (first, last);
+      out->add_range (first, hb_min (last, 0x10FFFFu));
     }
   }