From dbdeb2649d3506b5179ff1bdedf3bc9b5442a038 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 8 Jun 2023 12:08:29 -0600
Subject: [PATCH] [vector] Keep allocated size when in error

---
 src/hb-vector.hh | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/hb-vector.hh b/src/hb-vector.hh
index 626bbef33..e0b793fcc 100644
--- a/src/hb-vector.hh
+++ b/src/hb-vector.hh
@@ -86,7 +86,7 @@ struct hb_vector_t
   ~hb_vector_t () { fini (); }
 
   public:
-  int allocated = 0; /* == -1 means allocation failed. */
+  int allocated = 0; /* < 0 means allocation failed. */
   unsigned int length = 0;
   public:
   Type *arrayZ = nullptr;
@@ -116,11 +116,7 @@ struct hb_vector_t
   void reset ()
   {
     if (unlikely (in_error ()))
-      /* Big Hack! We don't know the true allocated size before
-       * an allocation failure happened. But we know it was at
-       * least as big as length. Restore it to that and continue
-       * as if error did not happen. */
-      allocated = length;
+      allocated = -allocated;
     resize (0);
   }
 
@@ -396,7 +392,7 @@ struct hb_vector_t
 
     if (unlikely (overflows))
     {
-      allocated = -1;
+      allocated = -allocated;
       return false;
     }
 
@@ -407,7 +403,7 @@ struct hb_vector_t
       if (new_allocated <= (unsigned) allocated)
         return true; // shrinking failed; it's okay; happens in our fuzzer
 
-      allocated = -1;
+      allocated = -allocated;
       return false;
     }