cff2 subset fuzzer issues (#1619)
* add check to FDArray::serialize
* add test files
* fix off by one
diff --git a/src/hb-ot-cff-common.hh b/src/hb-ot-cff-common.hh
index c645953..61e615c 100644
--- a/src/hb-ot-cff-common.hh
+++ b/src/hb-ot-cff-common.hh
@@ -525,6 +525,7 @@
for (unsigned i = 0; i < fontDicts.length; i++)
if (fdmap.includes (i))
{
+ if (unlikely (fid >= fdCount)) return_trace (false);
CFFIndexOf<COUNT, FontDict>::set_offset_at (fid++, offset);
offset += FontDict::calculate_serialized_size (fontDicts[i], opszr);
}
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5739000398086144 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5739000398086144
new file mode 100644
index 0000000..0dec23f
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5739000398086144
Binary files differ
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5760768497156096 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5760768497156096
new file mode 100644
index 0000000..063aab2
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5760768497156096
Binary files differ
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5764268627066880 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5764268627066880
new file mode 100644
index 0000000..2b49553
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5764268627066880
Binary files differ
