From ef1f5c4e0c011fc6f71b02d47b579a3154ca70ec Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Mon, 8 Jan 2024 22:17:55 +0000
Subject: [PATCH] [subset] Re-use common Coverage subsetting function in
 PairPosFormat2.

Was using an identical but less efficient version. Fixes fuzzer test case: https://oss-fuzz.com/testcase-detail/6151390002806784
---
 src/OT/Layout/GPOS/PairPosFormat2.hh             |  13 ++-----------
 ...e-minimized-hb-subset-fuzzer-6151390002806784 | Bin 0 -> 2534 bytes
 2 files changed, 2 insertions(+), 11 deletions(-)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6151390002806784

diff --git a/src/OT/Layout/GPOS/PairPosFormat2.hh b/src/OT/Layout/GPOS/PairPosFormat2.hh
index dd02da887..9c805b39a 100644
--- a/src/OT/Layout/GPOS/PairPosFormat2.hh
+++ b/src/OT/Layout/GPOS/PairPosFormat2.hh
@@ -324,17 +324,8 @@ struct PairPosFormat2_4 : ValueBase
       }
     }
 
-    const hb_set_t &glyphset = *c->plan->glyphset_gsub ();
-    const hb_map_t &glyph_map = *c->plan->glyph_map;
-
-    auto it =
-    + hb_iter (this+coverage)
-    | hb_filter (glyphset)
-    | hb_map_retains_sorting (glyph_map)
-    ;
-
-    out->coverage.serialize_serialize (c->serializer, it);
-    return_trace (out->class1Count && out->class2Count && bool (it));
+    bool ret = out->coverage.serialize_subset(c, coverage, this);
+    return_trace (out->class1Count && out->class2Count && ret);
   }
 
 
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6151390002806784 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6151390002806784
new file mode 100644
index 0000000000000000000000000000000000000000..d80542c1199a32a5c953ba52bce17d6f3d14ed4c
GIT binary patch
literal 2534
zcmd^BU2IfE6#i!J{@iZcZMSr3gEd_iUx@UFVvvMJ$`&bvjk_t^pe9t-^3!Nnu?lGu
zB2{?s9h&e!c=Dk&7>(cq8lC{-12M#(gs8!Un21QC6~iUacKFV{d$&ui!9-0=IPICv
zIdgty&U|xjp#Vf-C5$mW8$Uhs`J{pc+<?g0%+|}Ne%cHu)BycGTl-SU>xhVqF<gD-
ztG4#%TK2a<*JEbp?qtDWZyw@qU828pY-n`%;&a1SDPLZW>9(E?Pj3wGTy+z$Cz$og
z!NFbm%5US_D31bx#~4+IzcJ>DsR(fW<j|`F`Nyx>DWHO4Wn&>fvbQ#>9OjQ`y#4Nb
zUAi^UWZ%ZEsh=G~Ba6HqHn%rPhXk$%fhx|7k<grwz8u3XWrYxM?cAgAL<u|vl^@Q(
zNUh|CX>c7B$JYn;4Mz+4;g|6&7c8g>(JCF|Jb+02fD^<4YHX}^V@8q0DyWxUV2u<`
zWOcGPotBsfSyQ(>+>L6-7oE#BPK0HJ+9Q|9H^|elj@FY`kUPma@(}qj`6&4$`8@f1
z@*l9qtH@2{C&;uNr|mdx$B%dDb-*u%HSmdfeHy{0R4#!o)~h=_G4qj{4NvHF0yrWT
zfp>x<{F9Ko<QWrvqKu+eY7>%xQh_k6q(>ANiN%A-vo{V4Q9-W=!&EYfTv9dVDCHW;
zwUlF&>nJaBHzC_l<N!4e8VqC?nxjGpdJbKyeRQoJ<T7*}&5G#y1m;SgDCf}ib%S%3
zay!05W1$T`x~5eLU6l)=>q7=5x;Wm4u3RSD10P)x?(DD8Wn>?;C`VT#HGe`E4%r~O
ztozW_Q9@TTolW=Z_vtwwT`M8*`nU)$q(5i?rdndi?hxZLBv87;qIsl<2%uS?hNem4
zm3(1WSan`l42*6=m%I!M&2O=;RtK;hr)i{Y_a1BO&?pCrH+hjb29+^O_?NHGUf<=Z
zXXVy3f4v_k=BcSEEqEGtESjcbOSC|Pm#=kBTz%t^2>xM;F~zB9<4s(>UkJXzZdV~@
z;w+E46pxBB9|}fnO1s<hkLWde7n2f{YrMQNE-faVJ72q()lV)bjFK(v_*+dnUTV_F
z_)Qx1(DR!#x3OozCe3H0@TOd4vzwN+e`Jo}EodARIN(P<LwBc?l%o(dV;IO(;aB{I
zDg4d={~6t7LoLxwWOBKTe5%YW8%&Bv2yjalul(O47i)4GDX_V^BuO;Wc#kT@c`@yR
zI`Q@VJv-mi{pffB7amhm-15-6LvPa0>mhjzK5duDXSic*9(bwg&ZK+Ko^NG~11_HV
zVVQhDbH~;_Dl+<wX{|<oaErnl@is=5wkuyh#g-gldzMSJ2)k-lw1(Y2gsOQjoZa^!
Rdf_`C{P_P*FTDKUlzTRRz108!

literal 0
HcmV?d00001