commit 7416faceeb7a875ba7316cee124edee2d59ea8d0
author Qunxin Liu <qxliu@google.com> Wed Jul 07 11:27:49 2021 -0700
committer Behdad Esfahbod <behdad@behdad.org> Thu Jul 08 09:09:30 2021 -0700
tree 745d718d855bc00a52ad26682169007fe3623392
parent 895acdf7c7ac128cc1540fa251f772323f0042e8

[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/5715464591376384

src/hb-ot-color-cpal-table.hh

diff --git a/src/hb-ot-color-cpal-table.hh b/src/hb-ot-color-cpal-table.hh
index a59b46b..9ee4baf 100644
--- a/src/hb-ot-color-cpal-table.hh
+++ b/src/hb-ot-color-cpal-table.hh
@@ -83,45 +83,26 @@
     auto *out = c->allocate_size<CPALV1Tail> (static_size);
     if (unlikely (!out)) return_trace (false);
 
-    const hb_array_t<const HBUINT32> paletteFlags = (base+paletteFlagsZ).as_array (palette_count);
-    const hb_array_t<const NameID> paletteLabels = (base+paletteLabelsZ).as_array (palette_count);
+    out->paletteFlagsZ.serialize_copy (c, paletteFlagsZ, base, 0, hb_serialize_context_t::Head, palette_count);
+    out->paletteLabelsZ.serialize_copy (c, paletteLabelsZ, base, 0, hb_serialize_context_t::Head, palette_count);
+
     const hb_array_t<const NameID> colorLabels = (base+colorLabelsZ).as_array (color_count);
-
-    c->push ();
-    for (const auto _ : paletteFlags)
+    if (colorLabelsZ)
     {
-      if (!c->copy<HBUINT32> (_))
+      c->push ();
+      for (const auto _ : colorLabels)
       {
-        c->pop_discard ();
-        return_trace (false);
+        if (!color_index_map->has (_)) continue;
+        NameID new_color_idx;
+        new_color_idx = color_index_map->get (_);
+        if (!c->copy<NameID> (new_color_idx))
+        {
+          c->pop_discard ();
+          return_trace (false);
+        }
       }
+      c->add_link (out->colorLabelsZ, c->pop_pack ());
     }
-    c->add_link (out->paletteFlagsZ, c->pop_pack ());
-
-    c->push ();
-    for (const auto _ : paletteLabels)
-    {
-      if (!c->copy<NameID> (_))
-      {
-        c->pop_discard ();
-        return_trace (false);
-      }
-    }
-    c->add_link (out->paletteLabelsZ, c->pop_pack ());
-
-    c->push ();
-    for (const auto _ : colorLabels)
-    {
-      if (!color_index_map->has (_)) continue;
-      NameID new_color_idx;
-      new_color_idx = color_index_map->get (_);
-      if (!c->copy<NameID> (new_color_idx))
-      {
-        c->pop_discard ();
-        return_trace (false);
-      }
-    }
-    c->add_link (out->colorLabelsZ, c->pop_pack ());
     return_trace (true);
   }
 

test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5715464591376384

diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5715464591376384 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5715464591376384
new file mode 100644
index 0000000..63faabe
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5715464591376384
Binary files differ