From 68af14d5cc666ebf0596766cbed87cc9404fd50f Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 9 Aug 2017 17:09:21 -0700
Subject: [PATCH] Protect against div-by-zero in CBDT extent code

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1452#c5

CC https://github.com/behdad/harfbuzz/issues/139
---
 src/hb-ft.cc         | 4 ++--
 src/hb-ot-font.cc    | 6 +++---
 src/hb-shape-plan.cc | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/hb-ft.cc b/src/hb-ft.cc
index 48d6a0ef..2a1868d0 100644
--- a/src/hb-ft.cc
+++ b/src/hb-ft.cc
@@ -493,7 +493,7 @@ reference_table  (hb_face_t *face HB_UNUSED, hb_tag_t tag, void *user_data)
     return NULL;
 
   buffer = (FT_Byte *) malloc (length);
-  if (buffer == NULL)
+  if (!buffer)
     return NULL;
 
   error = FT_Load_Sfnt_Table (ft_face, tag, 0, buffer, &length);
@@ -521,7 +521,7 @@ hb_ft_face_create (FT_Face           ft_face,
 {
   hb_face_t *face;
 
-  if (ft_face->stream->read == NULL) {
+  if (!ft_face->stream->read) {
     hb_blob_t *blob;
 
     blob = hb_blob_create ((const char *) ft_face->stream->base,
diff --git a/src/hb-ot-font.cc b/src/hb-ot-font.cc
index 2ce29cdf..d3251caf 100644
--- a/src/hb-ot-font.cc
+++ b/src/hb-ot-font.cc
@@ -224,7 +224,7 @@ struct hb_ot_face_cbdt_accelerator_t
   const OT::CBDT *cbdt;
 
   unsigned int cbdt_len;
-  float upem;
+  unsigned int upem;
 
   inline void init (hb_face_t *face)
   {
@@ -254,11 +254,11 @@ struct hb_ot_face_cbdt_accelerator_t
   {
     unsigned int x_ppem = upem, y_ppem = upem; /* TODO Use font ppem if available. */
 
-    if (cblc == NULL)
+    if (!cblc)
       return false;  // Not a color bitmap font.
 
     const OT::IndexSubtableRecord *subtable_record = this->cblc->find_table(glyph, &x_ppem, &y_ppem);
-    if (subtable_record == NULL)
+    if (!subtable_record || !x_ppem || !y_ppem)
       return false;
 
     if (subtable_record->get_extents (extents))
diff --git a/src/hb-shape-plan.cc b/src/hb-shape-plan.cc
index 61737669..3abf555c 100644
--- a/src/hb-shape-plan.cc
+++ b/src/hb-shape-plan.cc
@@ -160,7 +160,7 @@ hb_shape_plan_create2 (hb_face_t                     *face,
   assert (props->direction != HB_DIRECTION_INVALID);
 
   hb_face_make_immutable (face);
-  shape_plan->default_shaper_list = shaper_list == NULL;
+  shape_plan->default_shaper_list = !shaper_list;
   shape_plan->face_unsafe = face;
   shape_plan->props = *props;
   shape_plan->num_user_features = num_user_features;
@@ -423,7 +423,7 @@ hb_shape_plan_matches (const hb_shape_plan_t          *shape_plan,
   return hb_segment_properties_equal (&shape_plan->props, &proposal->props) &&
 	 hb_shape_plan_user_features_match (shape_plan, proposal) &&
 	 hb_shape_plan_coords_match (shape_plan, proposal) &&
-	 ((shape_plan->default_shaper_list && proposal->shaper_list == NULL) ||
+	 ((shape_plan->default_shaper_list && !proposal->shaper_list) ||
 	  (shape_plan->shaper_func == proposal->shaper_func));
 }
 
-- 
GitLab