[ENOMEM] fix access to unitialized memory.

If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688.
4 years ago · 9825e3dd2e
parent 45de128930
commit 9825e3dd2e
2 changed files with 4 additions and 1 deletions
--- a/src/hb-ot-layout-common.hh
+++ b/src/hb-ot-layout-common.hh
@ -2537,7 +2537,10 @@ struct VariationStore

    for (unsigned i = 0; i < inner_maps.length; i++)
      inner_maps[i].fini ();
-    return_trace (bool (varstore_prime->dataSets));
+
+    return_trace (
+        !c->serializer->in_error()
+        && varstore_prime->dataSets);
  }

  unsigned int get_region_index_count (unsigned int ivs) const
--- a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5137462782066688
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5137462782066688