From 311413f16b92a8d5811897b5793ca8a9f218b779 Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Sat, 11 Jun 2022 01:05:57 +0000
Subject: [PATCH] [subset] Fix fuzzer issue.

Fixes https://oss-fuzz.com/testcase-detail/5693568490012672. new_index should be set from new_index2 when the entry is present in the map.
---
 src/hb-ot-post-table-v2subset.hh                 |   7 ++++---
 ...e-minimized-hb-subset-fuzzer-5693568490012672 | Bin 0 -> 1543 bytes
 2 files changed, 4 insertions(+), 3 deletions(-)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5693568490012672

diff --git a/src/hb-ot-post-table-v2subset.hh b/src/hb-ot-post-table-v2subset.hh
index c8a4429eb..9d651cca8 100644
--- a/src/hb-ot-post-table-v2subset.hh
+++ b/src/hb-ot-post-table-v2subset.hh
@@ -52,11 +52,11 @@ HB_INTERNAL bool postV2Tail::serialize (hb_serialize_context_t *c,
   {
     unsigned glyph_id = _.first;
     unsigned new_index = _.second;
-    
+
     if (new_index < 258) continue;
     if (copied_indices.has (new_index)) continue;
     copied_indices.add (new_index);
-    
+
     hb_bytes_t s = reinterpret_cast<const post::accelerator_t*> (_post)->find_glyph_name (glyph_id);
     HBUINT8 *o = c->allocate_size<HBUINT8> (HBUINT8::static_size * (s.length + 1));
     if (unlikely (!o)) return_trace (false);
@@ -87,9 +87,10 @@ HB_INTERNAL bool postV2Tail::subset (hb_subset_context_t *c) const
     unsigned new_index;
     const unsigned *new_index2;
     if (old_index <= 257) new_index = old_index;
-    else if (!old_new_index_map.has (old_index, &new_index2))
+    else if (old_new_index_map.has (old_index, &new_index2))
     {
       new_index = *new_index2;
+    } else {
       hb_bytes_t s = _post.find_glyph_name (old_gid);
       new_index = glyph_name_to_new_index.get (s);
       if (new_index == (unsigned)-1)
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5693568490012672 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5693568490012672
new file mode 100644
index 0000000000000000000000000000000000000000..19521a101e54e70b03f56d707973edb201f932e1
GIT binary patch
literal 1543
zcmds0OA5j;5Pfa;dI1+Xh<A}vwJs_x=*ByG9d|;U{5qK?LcxOQK<LbymzT*4MFC)?
zL;!`Yn{z#w1SmIx;ET4q9bLal+ghp9q29Yb?kOQfy1uC$Kckn@)zDwAj*qAPy0I;D
zx86Q7TL_}Te4wPeBUFqB1Su3+u?%B>mKk$sRkSqOMs5T{!dG5ckFciHZjglEs_?yW
z$-B`@IfcRVE%JO4Br*x9wNw?&6QxV3f2t!a@ZQZC({tufc|`kgbRr}3Gv4(6`7>(f
Pw9J95mf6FQ`Nt_<uxJ#X

literal 0
HcmV?d00001