[subset] Fix fuzzer timeout.

Fixes https://oss-fuzz.com/testcase-detail/5458896606855168. Limit iteration over coverage in MarkLigPosFormat1 subsetting to the number of glyphs in the liga array.
1 year ago · 333946b00e
parent 9ceb800ac2
commit 333946b00e
2 changed files with 3 additions and 2 deletions
--- a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh
+++ b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh
@ -169,7 +169,7 @@ struct MarkLigPosFormat1_2
  {
    TRACE_SUBSET (this);
    const hb_set_t &glyphset = *c->plan->glyphset_gsub ();
-    const hb_map_t &glyph_map = *c->plan->glyph_map;
+    const hb_map_t &glyph_map = c->plan->glyph_map_gsub;

    auto *out = c->serializer->start_embed (*this);
    if (unlikely (!c->serializer->extend_min (out))) return_trace (false);
@ -202,8 +202,9 @@ struct MarkLigPosFormat1_2

    auto new_ligature_coverage =
    + hb_iter (this + ligatureCoverage)
-    | hb_filter (glyphset)
+    | hb_take ((this + ligatureArray).len)
    | hb_map_retains_sorting (glyph_map)
+    | hb_filter ([] (hb_codepoint_t glyph) { return glyph != HB_MAP_VALUE_INVALID; })
    ;

    if (!out->ligatureCoverage.serialize_serialize (c->serializer, new_ligature_coverage))
--- a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5458896606855168
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5458896606855168