From 8b427c78efa988ed27a2a394146d73f59688707b Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Mon, 22 Jul 2013 10:57:05 -0400
Subject: [PATCH] [uniscribe] Sanitize font file

---
 src/hb-uniscribe.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/hb-uniscribe.cc b/src/hb-uniscribe.cc
index 27112a5f9..5176abd7f 100644
--- a/src/hb-uniscribe.cc
+++ b/src/hb-uniscribe.cc
@@ -314,6 +314,8 @@ _hb_rename_font (hb_blob_t *blob, wchar_t *new_name)
    * full, PS. All of them point to the same name data with our unique name.
    */
 
+  blob = OT::Sanitizer<OT::OpenTypeFontFile>::sanitize (blob);
+
   unsigned int length, new_length, name_str_len;
   const char *orig_sfnt_data = hb_blob_get_data (blob, &length);
 
@@ -364,6 +366,8 @@ _hb_rename_font (hb_blob_t *blob, wchar_t *new_name)
   unsigned int face_count = file.get_face_count ();
   for (unsigned int face_index = 0; face_index < face_count; face_index++)
   {
+    /* Note: doing multiple edits (ie. TTC) can be unsafe.  There may be
+     * toe-stepping.  But we don't really care. */
     const OT::OpenTypeFontFace &face = file.get_face (face_index);
     unsigned int index;
     if (face.find_table_index (HB_OT_TAG_name, &index))