[HarfBuzz] harfbuzz: Branch 'master' - 2 commits

[Behdad Esfahbod]

 src/hb-aat-layout-common.hh     |    5 +++--
 src/hb-aat-layout-kerx-table.hh |   10 +++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

New commits:
commit 40f2b9355cf827c7b82ea5e55b112ce0032a9abf
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Sun Oct 14 14:56:32 2018 -0700

    [kerx] Fix Format1 sanitize
    
    Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10948

diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index 52923a8d..ae11963a 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -212,7 +212,9 @@ struct KerxSubTableFormat1
   inline bool sanitize (hb_sanitize_context_t *c) const
   {
     TRACE_SANITIZE (this);
-    return_trace (likely (machine.sanitize (c)));
+    /* The rest of array sanitizations are done at run-time. */
+    return_trace (likely (c->check_struct (this) &&
+			  machine.sanitize (c)));
   }
 
   protected:
@@ -444,11 +446,9 @@ struct KerxSubTableFormat4
   inline bool sanitize (hb_sanitize_context_t *c) const
   {
     TRACE_SANITIZE (this);
-
     /* The rest of array sanitizations are done at run-time. */
-    return_trace (c->check_struct (this) &&
-		  machine.sanitize (c) &&
-		  flags.sanitize (c));
+    return_trace (likely (c->check_struct (this) &&
+			  machine.sanitize (c)));
   }
 
   protected:
commit 44af1f93ee32e236a5c14085c72d3fa102a14f5e
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Sun Oct 14 14:52:17 2018 -0700

    [aat] Whitespace

diff --git a/src/hb-aat-layout-common.hh b/src/hb-aat-layout-common.hh
index 4e3e4d17..eda5151c 100644
--- a/src/hb-aat-layout-common.hh
+++ b/src/hb-aat-layout-common.hh
@@ -224,7 +224,8 @@ struct LookupFormat8
   private:
   inline const T* get_value (hb_codepoint_t glyph_id) const
   {
-    return firstGlyph <= glyph_id && glyph_id - firstGlyph < glyphCount ? &valueArrayZ[glyph_id - firstGlyph] : nullptr;
+    return firstGlyph <= glyph_id && glyph_id - firstGlyph < glyphCount ?
+	   &valueArrayZ[glyph_id - firstGlyph] : nullptr;
   }
 
   inline bool sanitize (hb_sanitize_context_t *c) const
@@ -234,7 +235,7 @@ struct LookupFormat8
   }
 
   protected:
-  HBUINT16	format;		/* Format identifier--format = 6 */
+  HBUINT16	format;		/* Format identifier--format = 8 */
   GlyphID	firstGlyph;	/* First glyph index included in the trimmed array. */
   HBUINT16	glyphCount;	/* Total number of glyphs (equivalent to the last
 				 * glyph minus the value of firstGlyph plus 1). */