From f60dbd906a4bf89354af1ed0616a61a5099d8c1a Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Sat, 8 Jul 2023 16:21:24 -0600
Subject: [PATCH] Fix thinko

Fixes https://oss-fuzz.com/testcase-detail/4787105656864768
---
 src/hb-open-type.hh                                |   8 ++++----
 ...case-minimized-hb-shape-fuzzer-4787105656864768 | Bin 0 -> 44 bytes
 2 files changed, 4 insertions(+), 4 deletions(-)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-4787105656864768

diff --git a/src/hb-open-type.hh b/src/hb-open-type.hh
index c860bf383..2b48100b2 100644
--- a/src/hb-open-type.hh
+++ b/src/hb-open-type.hh
@@ -542,7 +542,7 @@ struct UnsizedArrayOf
   bool sanitize_shallow (hb_sanitize_context_t *c, unsigned int count) const
   {
     TRACE_SANITIZE (this);
-    return_trace (c->check_array_sized (arrayZ, count, sizeof (Type)));
+    return_trace (c->check_array (arrayZ, count));
   }
 
   public:
@@ -756,7 +756,7 @@ struct ArrayOf
   bool sanitize_shallow (hb_sanitize_context_t *c) const
   {
     TRACE_SANITIZE (this);
-    return_trace (len.sanitize (c) && c->check_array_sized (arrayZ, len, sizeof (Type)));
+    return_trace (len.sanitize (c) && c->check_array_sized (arrayZ, len, sizeof (LenType)));
   }
 
   public:
@@ -899,7 +899,7 @@ struct HeadlessArrayOf
   {
     TRACE_SANITIZE (this);
     return_trace (lenP1.sanitize (c) &&
-		  (!lenP1 || c->check_array_sized (arrayZ, lenP1 - 1, sizeof (Type))));
+		  (!lenP1 || c->check_array_sized (arrayZ, lenP1 - 1, sizeof (LenType))));
   }
 
   public:
@@ -952,7 +952,7 @@ struct ArrayOfM1
   {
     TRACE_SANITIZE (this);
     return_trace (lenM1.sanitize (c) &&
-		  (c->check_array_sized (arrayZ, lenM1 + 1, sizeof (Type))));
+		  (c->check_array_sized (arrayZ, lenM1 + 1, sizeof (LenType))));
   }
 
   public:
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-4787105656864768 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-4787105656864768
new file mode 100644
index 0000000000000000000000000000000000000000..beb40312299a38475a149ad0b6f4a12412aa97a8
GIT binary patch
literal 44
mcmZQzWME)mVqj+A0@7>>Fz~+t$W6{oEKpGRuK;8+fg}KCC<ZtH

literal 0
HcmV?d00001