commit f96664974774bfeb237a7274f512f64aaafb201e
author Behdad Esfahbod <behdad@behdad.org> Tue Oct 13 00:30:50 2015 -0400
committer Behdad Esfahbod <behdad@behdad.org> Tue Oct 13 00:30:50 2015 -0400
tree e7cd6355cc54ac1a5ff733fa6453e6c75c61af28
parent c1a5dc46c2231f7b62421e06b9766ccfebaf3ef5

Fix another memory access issue discovered by libFuzzer

Fixes https://github.com/behdad/harfbuzz/issues/139#issuecomment-146984679

src/hb-ot-layout-gpos-table.hh

diff --git a/src/hb-ot-layout-gpos-table.hh b/src/hb-ot-layout-gpos-table.hh
index ca98cb7..568b5f6 100644
--- a/src/hb-ot-layout-gpos-table.hh
+++ b/src/hb-ot-layout-gpos-table.hh
@@ -704,6 +704,8 @@
   {
     TRACE_SANITIZE (this);
 
+    if (!c->check_struct (this)) return_trace (false);
+
     unsigned int len1 = valueFormat1.get_len ();
     unsigned int len2 = valueFormat2.get_len ();
     PairSet::sanitize_closure_t closure = {
@@ -713,7 +715,7 @@
       1 + len1 + len2
     };
 
-    return_trace (c->check_struct (this) && coverage.sanitize (c, this) && pairSet.sanitize (c, this, &closure));
+    return_trace (coverage.sanitize (c, this) && pairSet.sanitize (c, this, &closure));
   }
 
   protected: