From 060de189ecdf2327c6583b97f02c33c21889ca15 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 19 Aug 2021 00:58:34 -0600
Subject: [PATCH] [bit-page] Fix sanitizer error

This essentially reverts 9449cfeefd7e3b761c8035c45330abd7a5201604

Problem was dereferencing pointer at end of array...
---
 src/hb-bit-page.hh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/hb-bit-page.hh b/src/hb-bit-page.hh
index 80aeee0c9..edacb5292 100644
--- a/src/hb-bit-page.hh
+++ b/src/hb-bit-page.hh
@@ -118,14 +118,17 @@ struct hb_bit_page_t
     unsigned int j = m & ELT_MASK;
 
     const elt_t vv = v[i] & ~((elt_t (1) << j) - 1);
-    for (elt_t p = elt_maybe_invert (vv, inverted);
+    for (const elt_t *pp = &vv;
 	 i < len ();
-	 p = elt_maybe_invert (v[++i], inverted))
+	 pp = &v[++i])
+    {
+      const elt_t p = elt_maybe_invert (*pp, inverted);
       if (p)
       {
 	*codepoint = i * ELT_BITS + elt_get_min (p);
 	return true;
       }
+    }
 
     *codepoint = INVALID;
     return false;
@@ -146,16 +149,17 @@ struct hb_bit_page_t
 		       ((elt_t (1) << (j + 1)) - 1) :
 		       (elt_t) -1;
     const elt_t vv = v[i] & mask;
-    elt_t p = elt_maybe_invert (vv, inverted);
+    const elt_t *pp = &vv;
     while (true)
     {
+      const elt_t p = elt_maybe_invert (*pp, inverted);
       if (p)
       {
 	*codepoint = i * ELT_BITS + elt_get_max (p);
 	return true;
       }
       if ((int) i <= 0) break;
-      p = elt_maybe_invert (v[--i], inverted);
+      pp = &v[--i];
     }
 
     *codepoint = INVALID;