[buffer] Fix output_glyph at end of buffer

Part of https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10955

1 files changed, 4 insertions, 1 deletions

diff --git a/src/hb-buffer.hh b/src/hb-buffer.hh
index 9628ddae..0d888e1e 100644
--- a/src/hb-buffer.hh
+++ b/src/hb-buffer.hh
@@ -229,7 +229,10 @@ struct hb_buffer_t
   {
     if (unlikely (!make_room_for (0, 1))) return Crap(hb_glyph_info_t);
 
-    out_info[out_len] = info[idx];
+    if (unlikely (idx == len && !out_len))
+      return Crap(hb_glyph_info_t);
+
+    out_info[out_len] = idx < len ? info[idx] : out_info[out_len - 1];
     out_info[out_len].codepoint = glyph_index;
 
     out_len++;