[subset] Raise the bar in new vs old table size

https://crbug.com/oss-fuzz/16740 This is actually an interesting thing that {h,v}mtx allocates as much as a font pretends to have glyphs but the solution is not that obvious as regular fonts can have less than actually containing metrics in their {h,v}mtx. This change raises the bar to consider this hmtx 4 byte for every glyph case. Initially we wanted to just find things allocating crazy amount of memory but having the assert has led to interesting findings also so let's don't remove the assert and see what we can find elsewhere.
2019-08-25 20:37:00 +04:30 · 2019-08-25 20:37:00 +04:30 · 269a120f13
commit 269a120f13
parent 2f8e823331
2 changed files with 1 additions and 1 deletions
--- a/src/hb-subset.cc
+++ b/src/hb-subset.cc
@ -92,8 +92,8 @@ _subset2 (hb_subset_plan_t *plan)
    bool needed = table->subset (&c);
    if (serializer.ran_out_of_room)
    {
+      assert (buf_size <= (source_blob->length + plan->num_output_glyphs ()) * 16 + 4096);
      buf_size += (buf_size >> 1) + 32;
-      assert (buf_size <= source_blob->length * 16 + 4096);
      DEBUG_MSG(SUBSET, nullptr, "OT::%c%c%c%c ran out of room; reallocating to %u bytes.", HB_UNTAG (tag), buf_size);
      if (unlikely (!buf.alloc (buf_size)))
      {
--- a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5667673584697344
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5667673584697344