File harfbuzz-error-check.patch of Package harfbuzz

From b87e36f6f119fac80b8fd55f3abae563c2c5b798 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Fri, 19 Feb 2016 14:52:31 +0700
Subject: [PATCH] Avoid buffer->move_to() in case of buffer error

Fixes https://github.com/behdad/harfbuzz/issues/223

Right now we cannot test this because it has to be tested using hb-fuzzer.
We should move all fuzzing tests from test/shaping/tests/fuzzed.tests to
test/fuzzing/ and have its own test runner.  At that point, should add
test from this issue as well.
---
 src/hb-buffer.cc                     | 2 ++
 src/hb-ot-layout-gsubgpos-private.hh | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/hb-buffer.cc b/src/hb-buffer.cc
index c731ed1..5f320bd 100644
--- a/src/hb-buffer.cc
+++ b/src/hb-buffer.cc
@@ -407,6 +407,8 @@ hb_buffer_t::move_to (unsigned int i)
     idx = i;
     return true;
   }
+  if (unlikely (in_error))
+    return false;
 
   assert (i <= out_len + (len - idx));
 
diff --git a/src/hb-ot-layout-gsubgpos-private.hh b/src/hb-ot-layout-gsubgpos-private.hh
index d6db005..3f9d9ca 100644
--- a/src/hb-ot-layout-gsubgpos-private.hh
+++ b/src/hb-ot-layout-gsubgpos-private.hh
@@ -971,7 +971,7 @@ static inline bool apply_lookup (hb_apply_context_t *c,
       match_positions[j] += delta;
   }
 
-  for (unsigned int i = 0; i < lookupCount; i++)
+  for (unsigned int i = 0; i < lookupCount && !buffer->in_error; i++)
   {
     unsigned int idx = lookupRecord[i].sequenceIndex;
     if (idx >= count)
-- 
2.6.6