From f3929abafe3b64f15d0dc2d21ad7b493eeb92dfe Mon Sep 17 00:00:00 2001 From: Garret Rieger Date: Tue, 15 Sep 2020 13:06:36 -0700 Subject: [PATCH] [ENOMEM] don't perform set process operations if the other set is in an error state. Running a process while the other set is in an error state can potentially corrupt this sets map map (for example by overwritting all of the major values with 0). --- src/hb-set.hh | 1 + ...e-minimized-hb-subset-fuzzer-5345734743031808 | Bin 0 -> 1240 bytes 2 files changed, 1 insertion(+) create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5345734743031808 diff --git a/src/hb-set.hh b/src/hb-set.hh index b6e2086a2..81cd2b524 100644 --- a/src/hb-set.hh +++ b/src/hb-set.hh @@ -544,6 +544,7 @@ struct hb_set_t void process (const Op& op, const hb_set_t *other) { if (unlikely (!successful)) return; + if (unlikely (!other->successful)) return; dirty (); diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5345734743031808 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5345734743031808 new file mode 100644 index 0000000000000000000000000000000000000000..193cf8958b98f570c5693f7636363c2e97151d5e GIT binary patch literal 1240 zcmd5*%S%*o6#nj=M_17@7g0ltTUtJ9AtEV3G3v}n_#~Z$q2SoOlDXqFkJL?R5iY_= zbYT!dw2F%81%VJD{R4p{gkXp+f`YI>k(v4R{btOR1ZmfSANRb!a}M`|0zl7-SS7^K0JR?A*MpN z#JFO9&ptg}h9`38bx}TGDF!Zv43-8rIVE7)8e<0wAMMM$> zv}IfigogZ;EtkJgM-F^TL7&H)Oe`n{wpQrwC#ZD zUC6}+MiMnZjOogv;Teo56;y%3>H-hKy5V~e=!{vBFv~MgGuF}_bhxyZ^gOpMELE(XpzdQ=xWnvU!Z#p7Ys2Gdst1ejVX z({tWFUO*u|qLThUxWiDtwMBQrm1z{k1c^%=iM!6X6}OtW*MH-NZE>Dq6IY0`t++xs zoz2bN-Q8U~42*39hZ9DxFB-cP$P8@Fj3JB8<2zJGV^fEDW#WD^9@e?f8jun&+n_Nm zoy#nxzP3uoLG&UGp}=g;)>lD=rV6oY&P7e?G%Y)7xlG>g8y2Aqiq~(%*(y_m61)*V zh4>)^lxW28!^-wqQ7{h+dsyM+X@-vTF30xZpm4d%)l1<1!A~Ni~s-t literal 0 HcmV?d00001