diff options
author | Behdad Esfahbod <behdad@behdad.org> | 2015-10-13 00:30:50 -0400 |
---|---|---|
committer | Behdad Esfahbod <behdad@behdad.org> | 2015-10-13 00:30:50 -0400 |
commit | f96664974774bfeb237a7274f512f64aaafb201e (patch) | |
tree | e7cd6355cc54ac1a5ff733fa6453e6c75c61af28 | |
parent | c1a5dc46c2231f7b62421e06b9766ccfebaf3ef5 (diff) |
Fix another memory access issue discovered by libFuzzer
Fixes https://github.com/behdad/harfbuzz/issues/139#issuecomment-146984679
-rw-r--r-- | src/hb-ot-layout-gpos-table.hh | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/hb-ot-layout-gpos-table.hh b/src/hb-ot-layout-gpos-table.hh index ca98cb7a..568b5f63 100644 --- a/src/hb-ot-layout-gpos-table.hh +++ b/src/hb-ot-layout-gpos-table.hh @@ -704,6 +704,8 @@ struct PairPosFormat1 { TRACE_SANITIZE (this); + if (!c->check_struct (this)) return_trace (false); + unsigned int len1 = valueFormat1.get_len (); unsigned int len2 = valueFormat2.get_len (); PairSet::sanitize_closure_t closure = { @@ -713,7 +715,7 @@ struct PairPosFormat1 1 + len1 + len2 }; - return_trace (c->check_struct (this) && coverage.sanitize (c, this) && pairSet.sanitize (c, this, &closure)); + return_trace (coverage.sanitize (c, this) && pairSet.sanitize (c, this, &closure)); } protected: |