From c521e793bd6c1dafacb94253a45b9c70ab38525e Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 18 Jan 2012 21:51:05 -0500
Subject: [PATCH] Fix OOB in replace_glyph()

Patch from Kenichi Ishibashi.
---
 src/hb-buffer.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/hb-buffer.cc b/src/hb-buffer.cc
index 3e25b1573..e8bdfb1c6 100644
--- a/src/hb-buffer.cc
+++ b/src/hb-buffer.cc
@@ -317,6 +317,8 @@ hb_buffer_t::copy_glyph (void)
 void
 hb_buffer_t::replace_glyph (hb_codepoint_t glyph_index)
 {
+  if (!make_room_for (1, 1)) return;
+
   out_info[out_len] = info[idx];
   out_info[out_len].codepoint = glyph_index;