walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[morx] Another end-of-text corner case 

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10990
This commit is contained in:
Behdad Esfahbod 2018-10-15 11:15:54 -07:00
parent 55d5ea666c
commit 0f85edb778
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/hb-aat-layout-morx-table.hh
View File

@ -412,6 +412,8 @@ struct LigatureSubtable
if (uoffset & 0x20000000) if (uoffset & 0x20000000)
uoffset += 0xC0000000; uoffset += 0xC0000000;
int32_t offset = (int32_t) uoffset; int32_t offset = (int32_t) uoffset;
if (buffer->idx >= buffer->len)
return false; // TODO Work on previous instead?
unsigned int component_idx = buffer->cur().codepoint + offset; unsigned int component_idx = buffer->cur().codepoint + offset;
const HBUINT16 &componentData = component[component_idx]; const HBUINT16 &componentData = component[component_idx];