From 84efe0438e1cfc5b070e114b70e8c070be6119ca Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Sun, 2 Dec 2018 12:38:53 -0500
Subject: [PATCH] [aat] Fix division sign fallout

Happened after 11d2f49af8f53340134c844173f4d8655b00dea3
since now nClasses is unsigned int...
---
 src/hb-aat-layout-common.hh                               |   2 +-
 ...zz-testcase-minimized-hb-shape-fuzzer-5768046065483776 | Bin 0 -> 342 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5768046065483776

diff --git a/src/hb-aat-layout-common.hh b/src/hb-aat-layout-common.hh
index 588dbdf..57228c4 100644
--- a/src/hb-aat-layout-common.hh
+++ b/src/hb-aat-layout-common.hh
@@ -504,7 +504,7 @@ struct StateTable
   };
 
   inline int new_state (unsigned int newState) const
-  { return Types::extended ? newState : ((int) newState - (int) stateArrayTable) / nClasses; }
+  { return Types::extended ? newState : ((int) newState - (int) stateArrayTable) / (int) nClasses; }
 
   inline unsigned int get_class (hb_codepoint_t glyph_id, unsigned int num_glyphs) const
   {
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5768046065483776 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5768046065483776
new file mode 100644
index 0000000000000000000000000000000000000000..0ab144701f1e6d76fd291dc968089e7e900e0567
GIT binary patch
literal 342
zcmZQzWME+6Rv;MwbtwRm0;8A$>wlnb1||kZAOwm)0D`5U0Fp-mNCHSqppyR(09Blu
hUsM8O0`1a)3Xw#?%!bhfHU9@W0ICW`<JN>n1pp_HIcNX?

literal 0
HcmV?d00001

-- 
2.7.4