Chiebot-Mirror
/
harfbuzz
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[subset] fixes infinite loop in hb_set_get_max().

Browse Source 
Fixes https://oss-fuzz.com/testcase-detail/5363902507515904
pull/2959/head
Garret Rieger 4 years ago committed by Behdad Esfahbod
parent ec4321068b
commit 425ba1f4ab
3 changed files with 7 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/hb-set.hh
  2. 7
      test/api/test-set.c
  3. BIN
      test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5363902507515904

2
src/hb-set.hh
Unescape View File

@ -832,7 +832,7 @@ struct hb_set_t
hb_codepoint_t get_max () const
{
unsigned int count = pages.length;
for (int i = count - 1; i >= 0; i++)
for (int i = count - 1; i >= 0; i--)
if (!page_at (i).is_empty ())
return page_map[(unsigned) i].major * page_t::PAGE_BITS + page_at (i).get_max ();
return INVALID;

7
test/api/test-set.c
Unescape View File

@ -121,6 +121,11 @@ test_set_basic (void)
hb_set_del (s, 800);
g_assert (!hb_set_has (s, 800));
g_assert_cmpint (hb_set_get_max (s), ==, 799);
hb_set_del_range (s, 0, 799);
g_assert_cmpint (hb_set_get_max (s), ==, HB_SET_VALUE_INVALID);
hb_set_destroy (s);
}
@ -501,7 +506,7 @@ test_set_delrange (void)
for (unsigned i = 0; i < n; i++)
hb_set_del_range (s, ranges[i].b, ranges[i].e);
hb_set_del_range (s, P*13+5, P*15-10); /* Deletion from deleted pages. */
for (unsigned i = 0; i < n; i++)

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5363902507515904
View File

Binary file not shown.
Write Preview
Loading…
Cancel
Save