Fix another sanitize bug

Also discovered by "libFuzzer".

diff --git a/src/hb-open-type-private.hh b/src/hb-open-type-private.hh
index aeb3302..e55d2e1 100644 (file)
--- a/src/hb-open-type-private.hh
+++ b/src/hb-open-type-private.hh
@@ -920,7 +920,7 @@ struct ArrayOf
   inline bool sanitize_shallow (hb_sanitize_context_t *c) const
   {
     TRACE_SANITIZE (this);
-    return_trace (c->check_struct (this) && c->check_array (this, Type::static_size, len));
+    return_trace (c->check_struct (this) && c->check_array (array, Type::static_size, len));
   }
 
   public: