From 1ab3924b3171b408438f5df6a4d48124d9d1bd68 Mon Sep 17 00:00:00 2001 From: ariza Date: Wed, 22 Jan 2020 11:20:56 -0800 Subject: [PATCH] refix PR #2087 subset PairPos1 also added oss-fuzz 20211 data fixed by this --- src/hb-ot-layout-gpos-table.hh | 10 ++++------ ...e-minimized-hb-subset-fuzzer-5206191479455744 | Bin 0 -> 3558 bytes 2 files changed, 4 insertions(+), 6 deletions(-) create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5206191479455744 diff --git a/src/hb-ot-layout-gpos-table.hh b/src/hb-ot-layout-gpos-table.hh index e9cf0435a..eb4b8894b 100644 --- a/src/hb-ot-layout-gpos-table.hh +++ b/src/hb-ot-layout-gpos-table.hh @@ -944,8 +944,8 @@ struct PairSet unsigned count = len, num = 0; for (unsigned i = 0; i < count; i++) { - if (!glyphset.has (record->secondGlyph)) continue; - if (record->serialize (c->serializer, &closure)) num++; + if (glyphset.has (record->secondGlyph) + && record->serialize (c->serializer, &closure)) num++; record = &StructAtOffset (record, record_size); } @@ -956,7 +956,6 @@ struct PairSet struct sanitize_closure_t { - const void *base; const ValueFormat *valueFormats; unsigned int len1; /* valueFormats[0].get_len() */ unsigned int stride; /* 1 + len1 + len2 */ @@ -973,8 +972,8 @@ struct PairSet unsigned int count = len; const PairValueRecord *record = &firstPairValueRecord; - return_trace (closure->valueFormats[0].sanitize_values_stride_unsafe (c, closure->base, &record->values[0], count, closure->stride) && - closure->valueFormats[1].sanitize_values_stride_unsafe (c, closure->base, &record->values[closure->len1], count, closure->stride)); + return_trace (closure->valueFormats[0].sanitize_values_stride_unsafe (c, this, &record->values[0], count, closure->stride) && + closure->valueFormats[1].sanitize_values_stride_unsafe (c, this, &record->values[closure->len1], count, closure->stride)); } protected: @@ -1078,7 +1077,6 @@ struct PairPosFormat1 unsigned int len2 = valueFormat[1].get_len (); PairSet::sanitize_closure_t closure = { - &pairSet, valueFormat, len1, 1 + len1 + len2 diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5206191479455744 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5206191479455744 new file mode 100644 index 0000000000000000000000000000000000000000..e82995e532ff165aee7fd01eb64286dccc900655 GIT binary patch literal 3558 zcmdT{ZD^HM9RHpBobzm6b-om~G~uE$O%1oZ7xux@l_+ZNE{r89wrB3;n)lf*?aH<+ zoAp5jYa>F&5HYbx`yvJUj!BL^q7z`|7vVzn>!F1rBa^m9~lRaI>L(M`Wx z268t6*RI9ZFNwCkb!i8%GN1CAExwnWym98&fZGPBrHx)ol5^!y|I-jKsWH*sz;UKL zgbJC6r?gJ%?_THFF7}nh&#zZ=KNvixI+|lIZGB;T^Xd!loEQAY&pN}SB|69`3pD0bLVv$5jY2xyrOL$b#qx@;K@mM{>q{m`1S5EXNf z>-V+$liR&yb4$ugr2Is?ZwF^|oOv8*9Zr-GLIm})pguT$%^e7F3%Q-|W_iUp{h9Sg zjKAkwyR+~Y2jOqc4u9$YF8pt3#wZihy9@tPV0T9U!3}>TI}`7JX4=f3fI*#3dpv&T z3L`8_tsFlREs*+f( zs)?jK2e?k%$(2pw^bXGc*PPMbyX>gjH*POi< zcgK!*@7Uf}eC+d6hYRML&6$Lph!`ES!8nJ^)E6QlY4izA#u`C(6q4;iC;fyUMcy#k ziFKpMuC%1QysWmcu&}74wy?yjt1B%njn>xJ7uOXR7nRkOOmtl*SB65e<2}2+*$42l zk9D!i7?uNR?Oy%okAApUovD=ALnE8;8IO0wlB@{G&`O5L9atm>j$oMFkKPu!pRwd# zJVfquZX$PtXm3%rz2lI(HVzD^o{3Gm56C^=?dcqg-1~<3z?rvTh(V3s90tIl_Vpi4 zB1(R%sxbR(T4Dl67`wyzXZ;N~*KdMhZ;L#RW#O_$E)MM9vlqGc+h|D6U|Qxk-Hx<( zlF>j&c*vP=;>+OcI`p|_jU($bLij9o1<#A@>ax65$4(+&YIXp)u0gTly21q1% z5TRMN_X%Ohh9w{$^Jz-N;#k0$#5OaV+#qXYTqb3k?2vn8m+Y2@Yq)JA>*(S3K~x0tFK|&#!-$6g^$ug* z2>sFWfR4>RjF;@ZS(aKWzq)HHN3S-jZ5GY4#6&OCc3FFY2XE*MTgrjfQYJ#S{+C1g z_l)d=Eo2f)yvc2GiCyCCaBxGI!6PaJkF_$)eScH$fxAfV(={^mKF^|X+#w