Merge pull request #1457 from harfbuzz/cff-varstore-sanitize [CFF] oss-fuzz issue 11713 (CFF2VariationStore::serialize)

commit: f95324a3351c1f699214ad84d073268218ea83a3 [log] [tgz]
author: Ebrahim Byagowi <ebrahim@gnu.org> Thu Dec 06 08:33:44 2018 +0330
committer: GitHub <noreply@github.com> Thu Dec 06 08:33:44 2018 +0330
tree: aa19c13192c9aa92f38a0a9ce943f7acb9f0932d
parent: 6727c4b6f0356b08803b4d5cde608ec004e3533f [diff]
parent: 9d8f3b0dfbf39f5dfa25d52f47e8af6ad318eb17 [diff]
diff --git a/src/hb-ot-cff2-table.hh b/src/hb-ot-cff2-table.hh
index 5b8e6c7..72a127b 100644
--- a/src/hb-ot-cff2-table.hh
+++ b/src/hb-ot-cff2-table.hh

@@ -115,7 +115,7 @@
   inline bool sanitize (hb_sanitize_context_t *c) const
   {
     TRACE_SANITIZE (this);
-    return_trace (likely (c->check_struct (this)) && varStore.sanitize (c));
+    return_trace (likely (c->check_struct (this)) && c->check_range (&varStore, size) && varStore.sanitize (c));
   }
 
   inline bool serialize (hb_serialize_context_t *c, const CFF2VariationStore *varStore)

diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5660711141769216 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5660711141769216
new file mode 100644
index 0000000..302a1c4
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5660711141769216
Binary files differ
commit	f95324a3351c1f699214ad84d073268218ea83a3	[log] [tgz]
author	Ebrahim Byagowi <ebrahim@gnu.org>	Thu Dec 06 08:33:44 2018 +0330
committer	GitHub <noreply@github.com>	Thu Dec 06 08:33:44 2018 +0330
tree	aa19c13192c9aa92f38a0a9ce943f7acb9f0932d
parent	6727c4b6f0356b08803b4d5cde608ec004e3533f [diff]
parent	9d8f3b0dfbf39f5dfa25d52f47e8af6ad318eb17 [diff]