[cff] Check for scalars array resize result

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504
2020-07-31 08:58:53 +04:30 · 2020-07-31 08:58:53 +04:30 · efd716de3f
commit efd716de3f
parent 040ed094ef
2 changed files with 5 additions and 3 deletions
--- a/src/hb-cff2-interp-cs.hh
+++ b/src/hb-cff2-interp-cs.hh
@ -133,9 +133,11 @@ struct cff2_cs_interp_env_t : cs_interp_env_t<blend_arg_t, CFF2Subrs>
      region_count = varStore->varStore.get_region_index_count (get_ivs ());
      if (do_blend)
      {
-	scalars.resize (region_count);
-	varStore->varStore.get_scalars (get_ivs (), coords, num_coords,
-					&scalars[0], region_count);
+	if (unlikely (!scalars.resize (region_count)))
+	  set_error ();
+	else
+	  varStore->varStore.get_scalars (get_ivs (), coords, num_coords,
+					  &scalars[0], region_count);
      }
      seen_blend = true;
    }
--- a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-draw-fuzzer-6231698648596480
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-draw-fuzzer-6231698648596480