[kerx] Fix Format1 sanitize

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10948
author: Behdad Esfahbod <behdad@behdad.org> 2018-10-14 14:56:32 -0700
committer: Behdad Esfahbod <behdad@behdad.org> 2018-10-14 14:56:32 -0700
commit: 40f2b9355cf827c7b82ea5e55b112ce0032a9abf (patch)
tree: b669c6c084aa8ea8ee1f590407af761be5d6251a
parent: 44af1f93ee32e236a5c14085c72d3fa102a14f5e (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index 52923a8d..ae11963a 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -212,7 +212,9 @@ struct KerxSubTableFormat1
   inline bool sanitize (hb_sanitize_context_t *c) const
   {
     TRACE_SANITIZE (this);
-    return_trace (likely (machine.sanitize (c)));
+    /* The rest of array sanitizations are done at run-time. */
+    return_trace (likely (c->check_struct (this) &&
+			  machine.sanitize (c)));
   }
 
   protected:
@@ -444,11 +446,9 @@ struct KerxSubTableFormat4
   inline bool sanitize (hb_sanitize_context_t *c) const
   {
     TRACE_SANITIZE (this);
-
     /* The rest of array sanitizations are done at run-time. */
-    return_trace (c->check_struct (this) &&
-		  machine.sanitize (c) &&
-		  flags.sanitize (c));
+    return_trace (likely (c->check_struct (this) &&
+			  machine.sanitize (c)));
   }
 
   protected:
author	Behdad Esfahbod <behdad@behdad.org>	2018-10-14 14:56:32 -0700
committer	Behdad Esfahbod <behdad@behdad.org>	2018-10-14 14:56:32 -0700
commit	40f2b9355cf827c7b82ea5e55b112ce0032a9abf (patch)
tree	b669c6c084aa8ea8ee1f590407af761be5d6251a
parent	44af1f93ee32e236a5c14085c72d3fa102a14f5e (diff)