Chiebot-Mirror
/
harfbuzz
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[subset] fixes infinite loop in hb_set_get_max().

Browse Source 
Fixes https://oss-fuzz.com/testcase-detail/5363902507515904
pull/2959/head
Garret Rieger 4 years ago committed by Behdad Esfahbod
parent ec4321068b
commit 425ba1f4ab
3 changed files with 7 additions and 2 deletions
Split View
  1. 2
      src/hb-set.hh
  2. 5
      test/api/test-set.c
  3. BIN
      test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5363902507515904

2
src/hb-set.hh
Unescape View File

@ -832,7 +832,7 @@ struct hb_set_t
hb_codepoint_t get_max () const
{
unsigned int count = pages.length;
for (int i = count - 1; i >= 0; i++)
for (int i = count - 1; i >= 0; i--)
if (!page_at (i).is_empty ())
return page_map[(unsigned) i].major * page_t::PAGE_BITS + page_at (i).get_max ();
return INVALID;

5
test/api/test-set.c
Unescape View File

@ -121,6 +121,11 @@ test_set_basic (void)
hb_set_del (s, 800);
g_assert (!hb_set_has (s, 800));
g_assert_cmpint (hb_set_get_max (s), ==, 799);
hb_set_del_range (s, 0, 799);
g_assert_cmpint (hb_set_get_max (s), ==, HB_SET_VALUE_INVALID);
hb_set_destroy (s);
}

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5363902507515904
View File

Binary file not shown.
Write Preview
Loading…
Cancel
Save