[buffer] When shifting forward, leave no gap

Trying to see if this fixes the fuzzer issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36236
2021-07-29 17:49:10 -06:00 · 2021-07-29 17:49:10 -06:00 · 09c3b82f5e
parent 5086e10538
commit 09c3b82f5e
1 changed files with 4 additions and 5 deletions
--- a/src/hb-buffer.cc
+++ b/src/hb-buffer.cc
@ -359,12 +359,11 @@ hb_buffer_t::move_to (unsigned int i)
    /* This will blow in our face if memory allocation fails later
     * in this same lookup...
     *
-     * We used to shift with extra 32 items, instead of the 0 below.
+     * We used to shift with extra 32 items.
     * But that would leave empty slots in the buffer in case of allocation
-     * failures.  Setting to zero for now to avoid other problems (see
-     * comments in shift_forward().  This can cause O(N^2) behavior more
-     * severely than adding 32 empty slots can... */
-    if (unlikely (idx < count && !shift_forward (count + 0))) return false;
+     * failures.  See comments in shift_forward().  This can cause O(N^2)
+     * behavior more severely than adding 32 empty slots can... */
+    if (unlikely (idx < count && !shift_forward (count - idx))) return false;

    assert (idx >= count);