Avoid buffer->move_to() in case of buffer error Fixes https://github.com/behdad/harfbuzz/issues/223 Right now we cannot test this because it has to be tested using hb-fuzzer. We should move all fuzzing tests from test/shaping/tests/fuzzed.tests to test/fuzzing/ and have its own test runner. At that point, should add test from this issue as well.

commit: b87e36f6f119fac80b8fd55f3abae563c2c5b798 [log] [tgz]
author: Behdad Esfahbod <behdad@behdad.org> Fri Feb 19 14:52:31 2016 +0700
committer: Behdad Esfahbod <behdad@behdad.org> Fri Feb 19 14:52:31 2016 +0700
tree: 255d7ca6b0fb354e3439cacbc33bab60c3082d39
parent: 7e76bbabbaa56af314abff8ddba8866c634919cd [diff]
diff --git a/src/hb-buffer.cc b/src/hb-buffer.cc
index c731ed1..5f320bd 100644
--- a/src/hb-buffer.cc
+++ b/src/hb-buffer.cc

@@ -407,6 +407,8 @@
     idx = i;
     return true;
   }
+  if (unlikely (in_error))
+    return false;
 
   assert (i <= out_len + (len - idx));
 

diff --git a/src/hb-ot-layout-gsubgpos-private.hh b/src/hb-ot-layout-gsubgpos-private.hh
index d6db005..3f9d9ca 100644
--- a/src/hb-ot-layout-gsubgpos-private.hh
+++ b/src/hb-ot-layout-gsubgpos-private.hh

@@ -971,7 +971,7 @@
       match_positions[j] += delta;
   }
 
-  for (unsigned int i = 0; i < lookupCount; i++)
+  for (unsigned int i = 0; i < lookupCount && !buffer->in_error; i++)
   {
     unsigned int idx = lookupRecord[i].sequenceIndex;
     if (idx >= count)
commit	b87e36f6f119fac80b8fd55f3abae563c2c5b798	[log] [tgz]
author	Behdad Esfahbod <behdad@behdad.org>	Fri Feb 19 14:52:31 2016 +0700
committer	Behdad Esfahbod <behdad@behdad.org>	Fri Feb 19 14:52:31 2016 +0700
tree	255d7ca6b0fb354e3439cacbc33bab60c3082d39
parent	7e76bbabbaa56af314abff8ddba8866c634919cd [diff]