From 6977a95fed8a35d6e915ed3fc3a3ea8709f3d4a4 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Sat, 27 Apr 2019 10:05:25 -0700 Subject: [PATCH] [subset] Don't crash if subsetting GSUB/GPOS fails Fixes fuzzer issue. --- src/hb-subset.cc | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/src/hb-subset.cc b/src/hb-subset.cc index b40eba361..5f482e18a 100644 --- a/src/hb-subset.cc +++ b/src/hb-subset.cc @@ -68,11 +68,11 @@ template static bool _subset2 (hb_subset_plan_t *plan) { + bool result = true; hb_blob_t *source_blob = hb_sanitize_context_t ().reference_table (plan->source); const TableType *table = source_blob->as (); hb_tag_t tag = TableType::tableTag; - hb_bool_t result = false; if (source_blob->data) { hb_vector_t buf; @@ -87,7 +87,7 @@ _subset2 (hb_subset_plan_t *plan) hb_serialize_context_t serializer ((void *) buf, buf_size); serializer.start_serialize (); hb_subset_context_t c (plan, &serializer); - result = table->subset (&c); + bool needed = table->subset (&c); if (serializer.ran_out_of_room) { buf_size += (buf_size >> 1) + 32; @@ -101,20 +101,21 @@ _subset2 (hb_subset_plan_t *plan) } serializer.end_serialize (); - if (serializer.in_error ()) - abort (); + result = !serializer.in_error (); if (result) { - hb_blob_t *dest_blob = serializer.copy_blob (); - DEBUG_MSG(SUBSET, nullptr, "OT::%c%c%c%c final subset table size: %u bytes.", HB_UNTAG (tag), dest_blob->length); - result = c.plan->add_table (tag, dest_blob); - hb_blob_destroy (dest_blob); - } - else - { - DEBUG_MSG(SUBSET, nullptr, "OT::%c%c%c%c::subset table subsetted to empty.", HB_UNTAG (tag)); - result = true; + if (needed) + { + hb_blob_t *dest_blob = serializer.copy_blob (); + DEBUG_MSG(SUBSET, nullptr, "OT::%c%c%c%c final subset table size: %u bytes.", HB_UNTAG (tag), dest_blob->length); + result = c.plan->add_table (tag, dest_blob); + hb_blob_destroy (dest_blob); + } + else + { + DEBUG_MSG(SUBSET, nullptr, "OT::%c%c%c%c::subset table subsetted to empty.", HB_UNTAG (tag)); + } } } else