Chiebot-Mirror
/
harfbuzz
mirror of https://github.com/harfbuzz/harfbuzz.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

[glyf] Guard all the public APIs against null pool runs

Browse Source 
Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737
pull/2628/head
Ebrahim Byagowi 4 years ago committed by Ebrahim Byagowi
parent 01ac32aab2
commit ffe06c8f04
3 changed files with 12 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 17
      src/hb-ot-glyf-table.hh
  2. BIN
      test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-draw-fuzzer-5103082208493568
  3. BIN
      test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-draw-fuzzer-5641612227772416

17
src/hb-ot-glyf-table.hh
Unescape View File

@ -839,10 +839,10 @@ struct glyf
loca_table = nullptr;
glyf_table = nullptr;
#ifndef HB_NO_VAR
gvar = &Null (gvar_accelerator_t);
gvar = nullptr;
#endif
hmtx = &Null (hmtx_accelerator_t);
vmtx = &Null (vmtx_accelerator_t);
hmtx = nullptr;
vmtx = nullptr;
face = face_;
const OT::head &head = *face->table.head;
if (head.indexToLocFormat > 1 || head.glyphDataFormat > 0)
@ -901,7 +901,6 @@ struct glyf
return true;
}
public:
#ifndef HB_NO_VAR
struct points_aggregator_t
{
@ -960,9 +959,12 @@ struct glyf
contour_point_t *get_phantoms_sink () { return phantoms; }
};
public:
unsigned
get_advance_var (hb_font_t *font, hb_codepoint_t gid, bool is_vertical) const
{
if (unlikely (gid >= num_glyphs)) return 0;
bool success = false;
contour_point_t phantoms[PHANTOM_COUNT];
@ -980,6 +982,8 @@ struct glyf
int get_side_bearing_var (hb_font_t *font, hb_codepoint_t gid, bool is_vertical) const
{
if (unlikely (gid >= num_glyphs)) return 0;
hb_glyph_extents_t extents;
contour_point_t phantoms[PHANTOM_COUNT];
@ -992,9 +996,11 @@ struct glyf
}
#endif
public:
bool get_extents (hb_font_t *font, hb_codepoint_t gid, hb_glyph_extents_t *extents) const
{
if (unlikely (gid >= num_glyphs)) return false;
#ifndef HB_NO_VAR
if (font->num_coords && font->num_coords == gvar->get_axis_count ())
return get_points (font, gid, points_aggregator_t (font, this, extents, nullptr));
@ -1005,9 +1011,10 @@ struct glyf
const Glyph
glyph_for_gid (hb_codepoint_t gid, bool needs_padding_removal = false) const
{
unsigned int start_offset, end_offset;
if (unlikely (gid >= num_glyphs)) return Glyph ();
unsigned int start_offset, end_offset;
if (short_offset)
{
const HBUINT16 *offsets = (const HBUINT16 *) loca_table->dataZ.arrayZ;

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-draw-fuzzer-5103082208493568
View File

Binary file not shown.

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-draw-fuzzer-5641612227772416
View File

Binary file not shown.
Write Preview
Loading…
Cancel
Save