From 9fc8684fd85ef6ec82b3b54323761bbdd4c3d891 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 22 Apr 2010 13:37:58 -0400
Subject: [PATCH] Cleanup ContextFormat3 sanitize

---
 src/hb-ot-layout-gsubgpos-private.hh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/hb-ot-layout-gsubgpos-private.hh b/src/hb-ot-layout-gsubgpos-private.hh
index a68e5a4..c5639bb 100644
--- a/src/hb-ot-layout-gsubgpos-private.hh
+++ b/src/hb-ot-layout-gsubgpos-private.hh
@@ -463,10 +463,11 @@ struct ContextFormat3
     TRACE_SANITIZE ();
     if (!SANITIZE_SELF ()) return false;
     unsigned int count = glyphCount;
+    if (!SANITIZE_ARRAY (coverage, OffsetTo<Coverage>::get_size (), glyphCount)) return false;
     for (unsigned int i = 0; i < count; i++)
       if (!SANITIZE_THIS (coverage[i])) return false;
-    LookupRecord *lookupRecord = &CAST(LookupRecord, coverage, coverage[0].get_size () * glyphCount);
-    return SANITIZE_MEM (lookupRecord, lookupRecord[0].get_size () * lookupCount);
+    LookupRecord *lookupRecord = &CAST(LookupRecord, coverage, OffsetTo<Coverage>::get_size () * glyphCount);
+    return SANITIZE_ARRAY (lookupRecord, LookupRecord::get_size (), lookupCount);
   }
 
   private:
-- 
2.7.4