Avoid buffer->move_to() in case of buffer error

Fixes https://github.com/behdad/harfbuzz/issues/223 Right now we cannot test this because it has to be tested using hb-fuzzer. We should move all fuzzing tests from test/shaping/tests/fuzzed.tests to test/fuzzing/ and have its own test runner. At that point, should add test from this issue as well.
author: Behdad Esfahbod <behdad@behdad.org> 2016-02-19 14:52:31 +0700
committer: Behdad Esfahbod <behdad@behdad.org> 2016-02-19 14:52:31 +0700
commit: b87e36f6f119fac80b8fd55f3abae563c2c5b798 (patch)
tree: 255d7ca6b0fb354e3439cacbc33bab60c3082d39
parent: 7e76bbabbaa56af314abff8ddba8866c634919cd (diff)
2 files changed, 3 insertions, 1 deletions
diff --git a/src/hb-buffer.cc b/src/hb-buffer.cc
index c731ed18..5f320bd7 100644
--- a/src/hb-buffer.cc
+++ b/src/hb-buffer.cc
@@ -407,6 +407,8 @@ hb_buffer_t::move_to (unsigned int i)
     idx = i;
     return true;
   }
+  if (unlikely (in_error))
+    return false;
 
   assert (i <= out_len + (len - idx));
 
diff --git a/src/hb-ot-layout-gsubgpos-private.hh b/src/hb-ot-layout-gsubgpos-private.hh
index d6db0056..3f9d9ca9 100644
--- a/src/hb-ot-layout-gsubgpos-private.hh
+++ b/src/hb-ot-layout-gsubgpos-private.hh
@@ -971,7 +971,7 @@ static inline bool apply_lookup (hb_apply_context_t *c,
       match_positions[j] += delta;
   }
 
-  for (unsigned int i = 0; i < lookupCount; i++)
+  for (unsigned int i = 0; i < lookupCount && !buffer->in_error; i++)
   {
     unsigned int idx = lookupRecord[i].sequenceIndex;
     if (idx >= count)
author	Behdad Esfahbod <behdad@behdad.org>	2016-02-19 14:52:31 +0700
committer	Behdad Esfahbod <behdad@behdad.org>	2016-02-19 14:52:31 +0700
commit	b87e36f6f119fac80b8fd55f3abae563c2c5b798 (patch)
tree	255d7ca6b0fb354e3439cacbc33bab60c3082d39
parent	7e76bbabbaa56af314abff8ddba8866c634919cd (diff)