Merge pull request #1747 from harfbuzz/cff2-fdselect-fix
fixed faulty FDSelect::sanitize
diff --git a/src/hb-ot-cff-common.hh b/src/hb-ot-cff-common.hh
index ddec517..55ae10e 100644
--- a/src/hb-ot-cff-common.hh
+++ b/src/hb-ot-cff-common.hh
@@ -655,9 +655,9 @@
TRACE_SANITIZE (this);
return_trace (likely (c->check_struct (this) && (format == 0 || format == 3) &&
- (format == 0)?
+ ((format == 0)?
u.format0.sanitize (c, fdcount):
- u.format3.sanitize (c, fdcount)));
+ u.format3.sanitize (c, fdcount))));
}
bool serialize (hb_serialize_context_t *c, const FDSelect &src, unsigned int num_glyphs)
diff --git a/src/hb-ot-cff2-table.hh b/src/hb-ot-cff2-table.hh
index a7b0ba9..74acc77 100644
--- a/src/hb-ot-cff2-table.hh
+++ b/src/hb-ot-cff2-table.hh
@@ -56,11 +56,11 @@
TRACE_SANITIZE (this);
return_trace (likely (c->check_struct (this) && (format == 0 || format == 3 || format == 4) &&
- (format == 0)?
+ ((format == 0)?
u.format0.sanitize (c, fdcount):
((format == 3)?
u.format3.sanitize (c, fdcount):
- u.format4.sanitize (c, fdcount))));
+ u.format4.sanitize (c, fdcount)))));
}
bool serialize (hb_serialize_context_t *c, const CFF2FDSelect &src, unsigned int num_glyphs)
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-6252118652092416 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-6252118652092416
new file mode 100644
index 0000000..e2dd6a3
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-6252118652092416
Binary files differ
