diff options
| author | Garret Rieger <grieger@google.com> | 2023-09-28 19:02:37 +0000 |
|---|---|---|
| committer | Garret Rieger <grieger@google.com> | 2023-09-28 14:22:51 -0600 |
| commit | 333946b00e849ff6722781bc5e46bd9fcc83311a (patch) | |
| tree | a449991e429c347cfad29ade35051ea7a4b53897 | |
| parent | 9ceb800ac26fd81a5eaf27ef366d5fce47e80447 (diff) | |
| download | harfbuzz_ng-333946b00e849ff6722781bc5e46bd9fcc83311a.tar.gz | |
[subset] Fix fuzzer timeout.
Fixes https://oss-fuzz.com/testcase-detail/5458896606855168. Limit iteration over coverage in MarkLigPosFormat1 subsetting to the number of glyphs in the liga array.
| -rw-r--r-- | src/OT/Layout/GPOS/MarkLigPosFormat1.hh | 5 | ||||
| -rw-r--r-- | test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5458896606855168 | bin | 0 -> 2410 bytes |
2 files changed, 3 insertions, 2 deletions
diff --git a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh index af8b4723a..d6bee277c 100644 --- a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh +++ b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh @@ -169,7 +169,7 @@ struct MarkLigPosFormat1_2 { TRACE_SUBSET (this); const hb_set_t &glyphset = *c->plan->glyphset_gsub (); - const hb_map_t &glyph_map = *c->plan->glyph_map; + const hb_map_t &glyph_map = c->plan->glyph_map_gsub; auto *out = c->serializer->start_embed (*this); if (unlikely (!c->serializer->extend_min (out))) return_trace (false); @@ -202,8 +202,9 @@ struct MarkLigPosFormat1_2 auto new_ligature_coverage = + hb_iter (this + ligatureCoverage) - | hb_filter (glyphset) + | hb_take ((this + ligatureArray).len) | hb_map_retains_sorting (glyph_map) + | hb_filter ([] (hb_codepoint_t glyph) { return glyph != HB_MAP_VALUE_INVALID; }) ; if (!out->ligatureCoverage.serialize_serialize (c->serializer, new_ligature_coverage)) diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5458896606855168 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5458896606855168 Binary files differnew file mode 100644 index 000000000..213b60fc2 --- /dev/null +++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5458896606855168 |