diff options
author | Behdad Esfahbod <behdad@behdad.org> | 2018-10-14 14:56:32 -0700 |
---|---|---|
committer | Behdad Esfahbod <behdad@behdad.org> | 2018-10-14 14:56:32 -0700 |
commit | 40f2b9355cf827c7b82ea5e55b112ce0032a9abf (patch) | |
tree | b669c6c084aa8ea8ee1f590407af761be5d6251a | |
parent | 44af1f93ee32e236a5c14085c72d3fa102a14f5e (diff) |
[kerx] Fix Format1 sanitize
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10948
-rw-r--r-- | src/hb-aat-layout-kerx-table.hh | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh index 52923a8d..ae11963a 100644 --- a/src/hb-aat-layout-kerx-table.hh +++ b/src/hb-aat-layout-kerx-table.hh @@ -212,7 +212,9 @@ struct KerxSubTableFormat1 inline bool sanitize (hb_sanitize_context_t *c) const { TRACE_SANITIZE (this); - return_trace (likely (machine.sanitize (c))); + /* The rest of array sanitizations are done at run-time. */ + return_trace (likely (c->check_struct (this) && + machine.sanitize (c))); } protected: @@ -444,11 +446,9 @@ struct KerxSubTableFormat4 inline bool sanitize (hb_sanitize_context_t *c) const { TRACE_SANITIZE (this); - /* The rest of array sanitizations are done at run-time. */ - return_trace (c->check_struct (this) && - machine.sanitize (c) && - flags.sanitize (c)); + return_trace (likely (c->check_struct (this) && + machine.sanitize (c))); } protected: |