organicmaps/harfbuzz
13
Fork 0
mirror of https://github.com/harfbuzz/harfbuzz.git synced 2025-04-14 17:13:40 +00:00
Code Issues 1 Projects Releases Wiki Activity Actions

[serializer] Handle snapshotting when current is nullptr

Browse source 
Happens with memory failure / fuzzing.

Fixes https://oss-fuzz.com/testcase-detail/6292420615340032
This commit is contained in:
Behdad Esfahbod 2023-06-06 14:32:25 -06:00
parent f01ebe97b2
commit a92b288e65
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/hb-serialize.hh
View file

@ -172,8 +172,14 @@ struct hb_serialize_context_t
};
snapshot_t snapshot ()
{ return snapshot_t {
head, tail, current, current->real_links.length, current->virtual_links.length, errors }; }
{
return snapshot_t {
head, tail, current,
current ? current->real_links.length : 0,
current ? current->virtual_links.length : 0,
errors
};
}
hb_serialize_context_t (void *start_, unsigned int size) :
start ((char *) start_),
@ -411,8 +417,11 @@ struct hb_serialize_context_t
// Overflows that happened after the snapshot will be erased by the revert.
if (unlikely (in_error () && !only_overflow ())) return;
assert (snap.current == current);
current->real_links.shrink (snap.num_real_links);
current->virtual_links.shrink (snap.num_virtual_links);
if (current)
{
current->real_links.shrink (snap.num_real_links);
current->virtual_links.shrink (snap.num_virtual_links);
}
errors = snap.errors;
revert (snap.head, snap.tail);
}

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6292420615340032 Normal file
View file

Binary file not shown.