Merge pull request #1455 from harfbuzz/cff-strinc_assert
[CFF] fix oss-fuzz issue 11675 (ASSERT: count <= str.len)
diff --git a/src/hb-cff-interp-common.hh b/src/hb-cff-interp-common.hh
index f2ccc2b..9b595ff 100644
--- a/src/hb-cff-interp-common.hh
+++ b/src/hb-cff-interp-common.hh
@@ -391,8 +391,22 @@
inline operator ByteStr (void) const { return ByteStr (str, offset, str.len - offset); }
- inline bool avail (unsigned int count=1) const { return str.check_limit (offset, count); }
- inline void inc (unsigned int count=1) { offset += count; assert (count <= str.len); }
+ inline bool avail (unsigned int count=1) const
+ {
+ return (!in_error () && str.check_limit (offset, count));
+ }
+ inline void inc (unsigned int count=1)
+ {
+ if (likely (!in_error () && (offset <= str.len) && (offset + count <= str.len)))
+ {
+ offset += count;
+ }
+ else
+ {
+ offset = str.len;
+ set_error ();
+ }
+ }
inline void set_error (void) { error = true; }
inline bool in_error (void) const { return error; }
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536
new file mode 100644
index 0000000..858604d
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536
Binary files differ