[repacker] fix fuzzer timeout.

Corrects some mistakes in the handling of incoming_edges_ when memory allocation failures happen.
2 years ago · ca906e8747
parent c7f2d440f4
commit ca906e8747
2 changed files with 9 additions and 2 deletions
--- a/src/graph/graph.hh
+++ b/src/graph/graph.hh
@ -290,7 +290,7 @@ struct graph_t
 	new_parents.set (id_map[_.first], _.second);
      }

-      if (new_parents.in_error ())
+      if (parents.in_error() || new_parents.in_error ())
        return false;

      parents = std::move (new_parents);
@ -310,8 +310,15 @@ struct graph_t
      if (parents.has (old_index, &pv))
      {
        unsigned v = *pv;
-	parents.set (new_index, v);
+	if (!parents.set (new_index, v))
+          incoming_edges_ -= v;
 	parents.del (old_index);
+
+        if (incoming_edges_ == 1)
+	{
+	  single_parent = *parents.keys ();
+	  parents.reset ();
+	}
      }
    }

--- a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-repacker-fuzzer-6697168080338944
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-repacker-fuzzer-6697168080338944