From 26ba4d1e1fb8949632fe08e6a7600badfba4f142 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Fri, 2 Oct 2015 07:25:52 +0100
Subject: Fix segfault with empty buffer in hb_shape_plan_execute()

Move the empty-buffer check from hb_shape_full() to hb_shape_plan_execute().

Reported by Simon Cozens.
---
 src/hb-shape-plan.cc | 9 +++++++--
 src/hb-shape.cc      | 5 -----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/hb-shape-plan.cc b/src/hb-shape-plan.cc
index d2f293d6..1d94c520 100644
--- a/src/hb-shape-plan.cc
+++ b/src/hb-shape-plan.cc
@@ -293,8 +293,13 @@ hb_shape_plan_execute (hb_shape_plan_t    *shape_plan,
 		  num_features,
 		  shape_plan->shaper_func);
 
-  if (unlikely (hb_object_is_inert (shape_plan) ||
-		hb_object_is_inert (buffer)))
+  if (unlikely (!buffer->len))
+    return true;
+
+  assert (!hb_object_is_inert (buffer));
+  assert (buffer->content_type == HB_BUFFER_CONTENT_TYPE_UNICODE);
+
+  if (unlikely (hb_object_is_inert (shape_plan)))
     return false;
 
   assert (shape_plan->face_unsafe == font->face);
diff --git a/src/hb-shape.cc b/src/hb-shape.cc
index c06b9a46..8a985839 100644
--- a/src/hb-shape.cc
+++ b/src/hb-shape.cc
@@ -371,11 +371,6 @@ hb_shape_full (hb_font_t          *font,
 	       unsigned int        num_features,
 	       const char * const *shaper_list)
 {
-  if (unlikely (!buffer->len))
-    return true;
-
-  assert (buffer->content_type == HB_BUFFER_CONTENT_TYPE_UNICODE);
-
   hb_shape_plan_t *shape_plan = hb_shape_plan_create_cached (font->face, &buffer->props, features, num_features, shaper_list);
   hb_bool_t res = hb_shape_plan_execute (shape_plan, font, buffer, features, num_features);
   hb_shape_plan_destroy (shape_plan);
-- 
cgit v1.2.3