[kerx] Fix Format1 sanitize

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10948
2018-10-14 14:56:32 -07:00 · 2018-10-14 14:56:32 -07:00 · 40f2b9355c
parent 44af1f93ee
commit 40f2b9355c
1 changed files with 5 additions and 5 deletions
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@ -212,7 +212,9 @@ struct KerxSubTableFormat1
  inline bool sanitize (hb_sanitize_context_t *c) const
  {
    TRACE_SANITIZE (this);
-    return_trace (likely (machine.sanitize (c)));
+    /* The rest of array sanitizations are done at run-time. */
+    return_trace (likely (c->check_struct (this) &&
+			  machine.sanitize (c)));
  }

  protected:
@ -444,11 +446,9 @@ struct KerxSubTableFormat4
  inline bool sanitize (hb_sanitize_context_t *c) const
  {
    TRACE_SANITIZE (this);
-
    /* The rest of array sanitizations are done at run-time. */
-    return_trace (c->check_struct (this) &&
-		  machine.sanitize (c) &&
-		  flags.sanitize (c));
+    return_trace (likely (c->check_struct (this) &&
+			  machine.sanitize (c)));
  }

  protected: