From fb07f8f8761b12dadaa18bb42d09706bb69c56e3 Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Mon, 23 Aug 2021 15:33:57 -0700
Subject: [PATCH] During subset input creation check for set alloc failures and
 fail if encountered.

---
 src/hb-subset-input.cc                              |  12 ++++++++++++
 ...minimized-hb-subset-fuzzer-5141317848530944.fuzz | Bin 0 -> 8 bytes
 2 files changed, 12 insertions(+)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5141317848530944.fuzz

diff --git a/src/hb-subset-input.cc b/src/hb-subset-input.cc
index 3eaee46c7..e2c6d9cab 100644
--- a/src/hb-subset-input.cc
+++ b/src/hb-subset-input.cc
@@ -55,6 +55,18 @@ hb_subset_input_create_or_fail (void)
   input->drop_tables = hb_set_create ();
   input->no_subset_tables = hb_set_create ();
 
+  if (unlikely (input->unicodes->in_error ()
+                || input->glyphs->in_error ()
+                || input->name_ids->in_error ()
+                || input->name_languages->in_error ()
+                || input->layout_features->in_error ()
+                || input->drop_tables->in_error ()
+                || input->no_subset_tables->in_error ()))
+  {
+    hb_subset_input_destroy (input);
+    return nullptr;
+  }
+
   input->flags = HB_SUBSET_FLAGS_DEFAULT;
 
   hb_tag_t default_drop_tables[] = {
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5141317848530944.fuzz b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5141317848530944.fuzz
new file mode 100644
index 0000000000000000000000000000000000000000..df578c755fb7c1cf73bd3b59d7d00d289dab015a
GIT binary patch
literal 8
PcmZQzWME)m4b%ew0PX;W

literal 0
HcmV?d00001