Mozilla Bug 618592 - freeze on typekit

author Behdad Esfahbod <behdad@behdad.org>

Mon, 13 Dec 2010 19:13:35 +0000 (14:13 -0500)

committer Behdad Esfahbod <behdad@behdad.org>

Mon, 13 Dec 2010 19:13:35 +0000 (14:13 -0500)
author Behdad Esfahbod <behdad@behdad.org>
Mon, 13 Dec 2010 19:13:35 +0000 (14:13 -0500)
committer Behdad Esfahbod <behdad@behdad.org>
Mon, 13 Dec 2010 19:13:35 +0000 (14:13 -0500)
diff --git a/src/hb-ot-layout-gsubgpos-private.hh b/src/hb-ot-layout-gsubgpos-private.hh

index ae5416b..c2b2eea 100644 (file)
--- a/src/hb-ot-layout-gsubgpos-private.hh
+++ b/src/hb-ot-layout-gsubgpos-private.hh
@@ -230,13 +230,13 @@ static inline bool apply_lookup (hb_apply_context_t *c,
                                  apply_lookup_func_t apply_func)
  {
    unsigned int end = MIN (c->buffer->len, c->buffer->i + c->context_length);
-  if (unlikely (c->buffer->i + count > end))
+  if (unlikely (count == 0 || c->buffer->i + count > end))
      return false;
  
    /* TODO We don't support lookupRecord arrays that are not increasing:
     *      Should be easy for in_place ones at least. */
  
-  /* Note: If sublookup is reverse, i will underflow after the first loop
+  /* Note: If sublookup is reverse, it will underflow after the first loop
     * and we jump out of it.  Not entirely disastrous.  So we don't check
     * for reverse lookup here.
     */
author	Behdad Esfahbod <behdad@behdad.org>
	Mon, 13 Dec 2010 19:13:35 +0000 (14:13 -0500)
committer	Behdad Esfahbod <behdad@behdad.org>
	Mon, 13 Dec 2010 19:13:35 +0000 (14:13 -0500)