From 7eb875118dc31e9fb0e23c45985396a8bfe977e3 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Mon, 13 Dec 2010 14:13:35 -0500
Subject: [PATCH] Mozilla Bug 618592 - freeze on typekit

Fix apply_lookup() for zero-input broken fonts.
---
 src/hb-ot-layout-gsubgpos-private.hh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/hb-ot-layout-gsubgpos-private.hh b/src/hb-ot-layout-gsubgpos-private.hh
index ae5416b..c2b2eea 100644
--- a/src/hb-ot-layout-gsubgpos-private.hh
+++ b/src/hb-ot-layout-gsubgpos-private.hh
@@ -230,13 +230,13 @@ static inline bool apply_lookup (hb_apply_context_t *c,
 				 apply_lookup_func_t apply_func)
 {
   unsigned int end = MIN (c->buffer->len, c->buffer->i + c->context_length);
-  if (unlikely (c->buffer->i + count > end))
+  if (unlikely (count == 0 || c->buffer->i + count > end))
     return false;
 
   /* TODO We don't support lookupRecord arrays that are not increasing:
    *      Should be easy for in_place ones at least. */
 
-  /* Note: If sublookup is reverse, i will underflow after the first loop
+  /* Note: If sublookup is reverse, it will underflow after the first loop
    * and we jump out of it.  Not entirely disastrous.  So we don't check
    * for reverse lookup here.
    */
-- 
2.7.4