From 823f32a0e2f242ba02fcf1db95361051ac374a49 Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Wed, 15 Jun 2022 18:50:45 +0000
Subject: [PATCH] [subset] Fix potential out of bounds write setting overlap
 flag on composite glyphs.

---
 src/hb-ot-glyf-table.hh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/hb-ot-glyf-table.hh b/src/hb-ot-glyf-table.hh
index 866bb7e04..31dc46cee 100644
--- a/src/hb-ot-glyf-table.hh
+++ b/src/hb-ot-glyf-table.hh
@@ -714,8 +714,11 @@ struct glyf
 
       void set_overlaps_flag ()
       {
-        const_cast<CompositeGlyphChain &> (StructAfter<CompositeGlyphChain, GlyphHeader> (header))
-                .set_overlaps_flag ();
+        CompositeGlyphChain& glyph_chain = const_cast<CompositeGlyphChain &> (
+            StructAfter<CompositeGlyphChain, GlyphHeader> (header));
+        if (!bytes.check_range(&glyph_chain, CompositeGlyphChain::min_size))
+          return;
+        glyph_chain.set_overlaps_flag ();
       }
     };