From 9ac7dc73bc24b6dafb94df5de9cbf8fa0c82d5bc Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 22 Apr 2010 13:50:22 -0400
Subject: [PATCH] Check for (impossible) overflow

---
 src/hb-ot-layout-gpos-private.hh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/hb-ot-layout-gpos-private.hh b/src/hb-ot-layout-gpos-private.hh
index 494f599..895bdca 100644
--- a/src/hb-ot-layout-gpos-private.hh
+++ b/src/hb-ot-layout-gpos-private.hh
@@ -322,6 +322,7 @@ struct AnchorMatrix
   inline bool sanitize (SANITIZE_ARG_DEF, unsigned int cols) {
     TRACE_SANITIZE ();
     if (!SANITIZE_SELF ()) return false;
+    if (HB_UNLIKELY (cols >= ((unsigned int) -1) / rows)) return false;
     unsigned int count = rows * cols;
     if (!SANITIZE_ARRAY (matrix, matrix[0].get_size (), count)) return false;
     for (unsigned int i = 0; i < count; i++)
-- 
2.7.4