walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[glyf] Guard all the public APIs against null pool runs 

Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737
This commit is contained in:
Ebrahim Byagowi 2020-08-08 13:17:34 +04:30 committed by Ebrahim Byagowi
parent 01ac32aab2
commit ffe06c8f04
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/hb-ot-glyf-table.hh
View File

@ -839,10 +839,10 @@ struct glyf
loca_table = nullptr; loca_table = nullptr;
glyf_table = nullptr; glyf_table = nullptr;
#ifndef HB_NO_VAR #ifndef HB_NO_VAR
gvar = &Null (gvar_accelerator_t); gvar = nullptr;
#endif #endif
hmtx = &Null (hmtx_accelerator_t); hmtx = nullptr;
vmtx = &Null (vmtx_accelerator_t); vmtx = nullptr;
face = face_; face = face_;
const OT::head &head = *face->table.head; const OT::head &head = *face->table.head;
if (head.indexToLocFormat > 1 || head.glyphDataFormat > 0) if (head.indexToLocFormat > 1 || head.glyphDataFormat > 0)
@ -901,7 +901,6 @@ struct glyf
return true; return true;
} }
public:
#ifndef HB_NO_VAR #ifndef HB_NO_VAR
struct points_aggregator_t struct points_aggregator_t
{ {
@ -960,9 +959,12 @@ struct glyf
contour_point_t *get_phantoms_sink () { return phantoms; } contour_point_t *get_phantoms_sink () { return phantoms; }
}; };
public:
unsigned unsigned
get_advance_var (hb_font_t *font, hb_codepoint_t gid, bool is_vertical) const get_advance_var (hb_font_t *font, hb_codepoint_t gid, bool is_vertical) const
{ {
if (unlikely (gid >= num_glyphs)) return 0;
bool success = false; bool success = false;
contour_point_t phantoms[PHANTOM_COUNT]; contour_point_t phantoms[PHANTOM_COUNT];
@ -980,6 +982,8 @@ struct glyf
int get_side_bearing_var (hb_font_t *font, hb_codepoint_t gid, bool is_vertical) const int get_side_bearing_var (hb_font_t *font, hb_codepoint_t gid, bool is_vertical) const
{ {
if (unlikely (gid >= num_glyphs)) return 0;
hb_glyph_extents_t extents; hb_glyph_extents_t extents;
contour_point_t phantoms[PHANTOM_COUNT]; contour_point_t phantoms[PHANTOM_COUNT];
@ -992,9 +996,11 @@ struct glyf
} }
#endif #endif
public:
bool get_extents (hb_font_t *font, hb_codepoint_t gid, hb_glyph_extents_t *extents) const bool get_extents (hb_font_t *font, hb_codepoint_t gid, hb_glyph_extents_t *extents) const
{ {
if (unlikely (gid >= num_glyphs)) return false; if (unlikely (gid >= num_glyphs)) return false;
#ifndef HB_NO_VAR #ifndef HB_NO_VAR
if (font->num_coords && font->num_coords == gvar->get_axis_count ()) if (font->num_coords && font->num_coords == gvar->get_axis_count ())
return get_points (font, gid, points_aggregator_t (font, this, extents, nullptr)); return get_points (font, gid, points_aggregator_t (font, this, extents, nullptr));
@ -1005,9 +1011,10 @@ struct glyf
const Glyph const Glyph
glyph_for_gid (hb_codepoint_t gid, bool needs_padding_removal = false) const glyph_for_gid (hb_codepoint_t gid, bool needs_padding_removal = false) const
{ {
unsigned int start_offset, end_offset;
if (unlikely (gid >= num_glyphs)) return Glyph (); if (unlikely (gid >= num_glyphs)) return Glyph ();
unsigned int start_offset, end_offset;
if (short_offset) if (short_offset)
{ {
const HBUINT16 *offsets = (const HBUINT16 *) loca_table->dataZ.arrayZ; const HBUINT16 *offsets = (const HBUINT16 *) loca_table->dataZ.arrayZ;

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-draw-fuzzer-5103082208493568 Normal file
View File

Binary file not shown.

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-draw-fuzzer-5641612227772416 Normal file
View File

Binary file not shown.