[ENOMEM] unchecked resize in CFF2.

commit: 7f358a55f4b3c0eb6654be9e8c31ece29965b4d6 [log] [tgz]
author: Garret Rieger <grieger@google.com> Thu Jul 30 13:57:30 2020 -0700
committer: Ebrahim Byagowi <ebrahim@gnu.org> Fri Jul 31 02:04:06 2020 +0430
tree: 8fbf822331e3d8b05d9ef9d599f50cf876067001
parent: 32f052b033f12fbeb8741c9616860743b1f567c4 [diff]
diff --git a/src/hb-ot-cff2-table.hh b/src/hb-ot-cff2-table.hh
index 075a0d4..829217f 100644
--- a/src/hb-ot-cff2-table.hh
+++ b/src/hb-ot-cff2-table.hh

@@ -441,7 +441,8 @@
       { fini (); return; }
 
       fdCount = fdArray->count;
-      privateDicts.resize (fdCount);
+      if (!privateDicts.resize (fdCount))
+      { fini (); return; }
 
       /* parse font dicts and gather private dicts */
       for (unsigned int i = 0; i < fdCount; i++)

diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5181909018345472 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5181909018345472
new file mode 100644
index 0000000..250710b
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5181909018345472
Binary files differ
commit	7f358a55f4b3c0eb6654be9e8c31ece29965b4d6	[log] [tgz]
author	Garret Rieger <grieger@google.com>	Thu Jul 30 13:57:30 2020 -0700
committer	Ebrahim Byagowi <ebrahim@gnu.org>	Fri Jul 31 02:04:06 2020 +0430
tree	8fbf822331e3d8b05d9ef9d599f50cf876067001
parent	32f052b033f12fbeb8741c9616860743b1f567c4 [diff]