src/hb-cff-interp-common.hh | 18 ++++++++-- test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536 |binary 2 files changed, 16 insertions(+), 2 deletions(-)
New commits: commit 81cfd3c775dbc470f57d7fe2775cc068ffa367b6 Merge: 8394a6cb 6708c559 Author: Behdad Esfahbod <beh...@behdad.org> Date: Wed Dec 5 15:37:15 2018 -0800 Merge pull request #1455 from harfbuzz/cff-strinc_assert [CFF] fix oss-fuzz issue 11675 (ASSERT: count <= str.len) commit 6708c5595fc6babdae0132f8a23cbe3558a58703 Author: Michiharu Ariza <ar...@adobe.com> Date: Wed Dec 5 12:51:18 2018 -0800 fix oss-fuzz issue 11675 (ASSERT: count <= str.len) Also added an additional error check to avail () diff --git a/src/hb-cff-interp-common.hh b/src/hb-cff-interp-common.hh index f2ccc2bd..9b595ff1 100644 --- a/src/hb-cff-interp-common.hh +++ b/src/hb-cff-interp-common.hh @@ -391,8 +391,22 @@ struct SubByteStr inline operator ByteStr (void) const { return ByteStr (str, offset, str.len - offset); } - inline bool avail (unsigned int count=1) const { return str.check_limit (offset, count); } - inline void inc (unsigned int count=1) { offset += count; assert (count <= str.len); } + inline bool avail (unsigned int count=1) const + { + return (!in_error () && str.check_limit (offset, count)); + } + inline void inc (unsigned int count=1) + { + if (likely (!in_error () && (offset <= str.len) && (offset + count <= str.len))) + { + offset += count; + } + else + { + offset = str.len; + set_error (); + } + } inline void set_error (void) { error = true; } inline bool in_error (void) const { return error; } diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536 new file mode 100644 index 00000000..858604d7 Binary files /dev/null and b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536 differ _______________________________________________ HarfBuzz mailing list HarfBuzz@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/harfbuzz