| commit | 0a7563a53ffedd735cb41c03f697269ef48f0ec2 | [log] [tgz] |
|---|---|---|
| author | Qunxin Liu <qxliu@google.com> | Mon Nov 01 14:56:14 2021 -0700 |
| committer | Behdad Esfahbod <behdad@behdad.org> | Tue Nov 02 15:25:18 2021 -0700 |
| tree | b1f4f6175fd3662721420046f6a0e02d65492f90 | |
| parent | 364b6b3989e9df6335711e282e3250534d88299a [diff] |
[subset] fuzzer fix: https://oss-fuzz.com/testcase?key=6254792024915968 Make sure input is valid, each gid has a corresponding offset value in the map
diff --git a/src/hb-ot-color-colr-table.hh b/src/hb-ot-color-colr-table.hh index 936ea0b..03476fa 100644 --- a/src/hb-ot-color-colr-table.hh +++ b/src/hb-ot-color-colr-table.hh
@@ -971,7 +971,10 @@ const hb_map_t& gid_offset_map) const { TRACE_SERIALIZE (this); - if (gids.is_empty ()) return_trace (0); + if (gids.is_empty () || + gid_offset_map.get_population () != gids.get_population ()) + return_trace (0); + unsigned count = 0; hb_codepoint_t start_gid= gids.get_min ();
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6254792024915968 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6254792024915968 new file mode 100644 index 0000000..9debc1d --- /dev/null +++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6254792024915968 Binary files differ