diff --git a/src/hb-aat-layout-ankr-table.hh b/src/hb-aat-layout-ankr-table.hh
index 2e3ed2758..5f7656d2a 100644
--- a/src/hb-aat-layout-ankr-table.hh
+++ b/src/hb-aat-layout-ankr-table.hh
@@ -63,8 +63,10 @@ struct ankr
 				   unsigned int num_glyphs,
 				   const char *end) const
   {
-    unsigned int offset = (this+lookupTable).get_value_or_null (glyph_id, num_glyphs);
-    const GlyphAnchors &anchors = StructAtOffset<GlyphAnchors> (&(this+anchorData), offset);
+    const Offset<HBUINT16, false> *offset = (this+lookupTable).get_value (glyph_id, num_glyphs);
+    if (!offset)
+      return Null(Anchor);
+    const GlyphAnchors &anchors = StructAtOffset<GlyphAnchors> (&(this+anchorData), *offset);
     /* TODO Use sanitizer; to avoid overflows and more. */
     if (unlikely ((const char *) &anchors + anchors.get_size () > end))
       return Null(Anchor);
diff --git a/src/hb-aat-layout-common.hh b/src/hb-aat-layout-common.hh
index 89ed91f28..60724c180 100644
--- a/src/hb-aat-layout-common.hh
+++ b/src/hb-aat-layout-common.hh
@@ -246,6 +246,48 @@ struct LookupFormat8
   DEFINE_SIZE_ARRAY (6, valueArrayZ);
 };
 
+template <typename T>
+struct LookupFormat10
+{
+  friend struct Lookup<T>;
+
+  private:
+  inline const typename T::type get_value_or_null (hb_codepoint_t glyph_id) const
+  {
+    if (!(firstGlyph <= glyph_id && glyph_id - firstGlyph < glyphCount))
+      return Null(T);
+
+    const HBUINT8 *p = &valueArrayZ[(glyph_id - firstGlyph) * valueSize];
+
+    unsigned int v = 0;
+    unsigned int count = valueSize;
+    for (unsigned int i = 0; i < count; i++)
+      v = (v << 8) | *p++;
+
+    return v;
+  }
+
+  inline bool sanitize (hb_sanitize_context_t *c) const
+  {
+    TRACE_SANITIZE (this);
+    return_trace (c->check_struct (this) &&
+		  valueSize <= 4 &&
+		  valueArrayZ.sanitize (c, glyphCount * valueSize));
+  }
+
+  protected:
+  HBUINT16	format;		/* Format identifier--format = 8 */
+  HBUINT16	valueSize;	/* Byte size of each value. */
+  GlyphID	firstGlyph;	/* First glyph index included in the trimmed array. */
+  HBUINT16	glyphCount;	/* Total number of glyphs (equivalent to the last
+				 * glyph minus the value of firstGlyph plus 1). */
+  UnsizedArrayOf<HBUINT8>
+		valueArrayZ;	/* The lookup values (indexed by the glyph index
+				 * minus the value of firstGlyph). */
+  public:
+  DEFINE_SIZE_ARRAY (6, valueArrayZ);
+};
+
 template <typename T>
 struct Lookup
 {
@@ -261,10 +303,15 @@ struct Lookup
     }
   }
 
-  inline const T& get_value_or_null (hb_codepoint_t glyph_id, unsigned int num_glyphs) const
+  inline const typename T::type get_value_or_null (hb_codepoint_t glyph_id, unsigned int num_glyphs) const
   {
-    const T *v = get_value (glyph_id, num_glyphs);
-    return v ? *v : Null(T);
+    switch (u.format) {
+      /* Format 10 cannot return a pointer. */
+      case 10: return u.format10.get_value_or_null (glyph_id);
+      default:
+      const T *v = get_value (glyph_id, num_glyphs);
+      return v ? *v : Null(T);
+    }
   }
 
   inline bool sanitize (hb_sanitize_context_t *c) const
@@ -277,6 +324,7 @@ struct Lookup
     case 4: return_trace (u.format4.sanitize (c));
     case 6: return_trace (u.format6.sanitize (c));
     case 8: return_trace (u.format8.sanitize (c));
+    case 10: return_trace (u.format10.sanitize (c));
     default:return_trace (true);
     }
   }
@@ -289,6 +337,7 @@ struct Lookup
   LookupFormat4<T>	format4;
   LookupFormat6<T>	format6;
   LookupFormat8<T>	format8;
+  LookupFormat10<T>	format10;
   } u;
   public:
   DEFINE_SIZE_UNION (2, format);
diff --git a/src/hb-machinery.hh b/src/hb-machinery.hh
index 717abea91..ae34c92f4 100644
--- a/src/hb-machinery.hh
+++ b/src/hb-machinery.hh
@@ -652,6 +652,7 @@ template <typename Type>
 struct BEInt<Type, 1>
 {
   public:
+  typedef Type type;
   inline void set (Type V)
   {
     v = V;
@@ -666,6 +667,7 @@ template <typename Type>
 struct BEInt<Type, 2>
 {
   public:
+  typedef Type type;
   inline void set (Type V)
   {
     v[0] = (V >>  8) & 0xFF;
@@ -682,6 +684,7 @@ template <typename Type>
 struct BEInt<Type, 3>
 {
   public:
+  typedef Type type;
   inline void set (Type V)
   {
     v[0] = (V >> 16) & 0xFF;
@@ -700,6 +703,7 @@ template <typename Type>
 struct BEInt<Type, 4>
 {
   public:
+  typedef Type type;
   inline void set (Type V)
   {
     v[0] = (V >> 24) & 0xFF;
diff --git a/src/hb-open-type.hh b/src/hb-open-type.hh
index 9d2e1fa7c..08e72064a 100644
--- a/src/hb-open-type.hh
+++ b/src/hb-open-type.hh
@@ -56,6 +56,7 @@ namespace OT {
 template <typename Type, unsigned int Size>
 struct IntType
 {
+  typedef Type type;
   inline void set (Type i) { v.set (i); }
   inline operator Type(void) const { return v; }
   inline bool operator == (const IntType<Type,Size> &o) const { return (Type) v == (Type) o.v; }
@@ -161,6 +162,8 @@ DECLARE_NULL_NAMESPACE_BYTES (OT, Index);
 template <typename Type, bool has_null=true>
 struct Offset : Type
 {
+  typedef Type type;
+
   inline bool is_null (void) const { return has_null && 0 == *this; }
 
   inline void *serialize (hb_serialize_context_t *c, const void *base)