From 079dc40112d3908ff7b7028ea3019bfe82bf606d Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 22 Apr 2010 10:47:12 -0400
Subject: [PATCH] Avoid overflow in TableDirectory sanitize

---
 src/hb-open-file-private.hh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/hb-open-file-private.hh b/src/hb-open-file-private.hh
index 091d994..bd8a022 100644
--- a/src/hb-open-file-private.hh
+++ b/src/hb-open-file-private.hh
@@ -111,7 +111,7 @@ typedef struct OffsetTable
   public:
   inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
     TRACE_SANITIZE ();
-    if (!(SANITIZE_SELF () && SANITIZE_MEM (tableDir, tableDir[0].get_size () * numTables))) return false;
+    if (!(SANITIZE_SELF () && SANITIZE_ARRAY (tableDir, TableDirectory::get_size (), numTables))) return false;
     unsigned int count = numTables;
     for (unsigned int i = 0; i < count; i++)
       if (!SANITIZE_BASE (tableDir[i], base))
-- 
2.7.4