[repacker] don't infinite loop if visited or roots is in error.

Fixes https://oss-fuzz.com/testcase-detail/5205038086094848
3 years ago · c4573c2ec7
parent 449c4296a1
commit c4573c2ec7
2 changed files with 7 additions and 0 deletions
--- a/src/hb-repacker.hh
+++ b/src/hb-repacker.hh
@ -402,11 +402,15 @@ struct graph_t
    while (roots)
    {
      unsigned next = HB_SET_VALUE_INVALID;
+      if (unlikely (!check_success (!roots.in_error ()))) break;
      if (!roots.next (&next)) break;

      hb_set_t connected_roots;
      find_connected_nodes (next, roots, visited, connected_roots);
+      if (unlikely (!check_success (!connected_roots.in_error ()))) break;
+
      isolate_subgraph (connected_roots);
+      if (unlikely (!check_success (!connected_roots.in_error ()))) break;

      unsigned next_space = this->next_space ();
      num_roots_for_space_.push (0);
@ -423,6 +427,8 @@ struct graph_t
      //                into the 32 bit space as needed, instead of using isolation.
    }

+
+
    return true;
  }

@ -1074,6 +1080,7 @@ struct graph_t
                             hb_set_t& visited,
                             hb_set_t& connected)
  {
+    if (unlikely (!check_success (!visited.in_error ()))) return;
    if (visited.has (start_idx)) return;
    visited.add (start_idx);

--- a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5205038086094848
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5205038086094848