Fix Savannah bug #41869.

This works around a problem with HarfBuzz (<= 0.9.26), which doesn't
validate glyph indices returned by
`hb_ot_layout_lookup_collect_glyphs'.

* src/autofit/hbshim.c (af_get_coverage): Guard `idx'.

* docs/CHANGES: Updated.

ChangeLog

@@ -1,3 +1,15 @@
+2014-03-17  Werner Lemberg  <wl@gnu.org>
+
+	Fix Savannah bug #41869.
+
+	This works around a problem with HarfBuzz (<= 0.9.26), which doesn't
+	validate glyph indices returned by
+	`hb_ot_layout_lookup_collect_glyphs'.
+
+	* src/autofit/hbshim.c (af_get_coverage): Guard `idx'.
+
+	* docs/CHANGES: Updated.
+
 2014-03-14  Werner Lemberg  <wl@gnu.org>
 
 	* builds/unix/configure.raw: Don't show error messages of `which'.

docs/CHANGES

@@ -1,11 +1,20 @@
+CHANGES BETWEEN 2.5.3 and 2.5.4
+
+  I. IMPORTANT BUG FIXES
+
+    - The new auto-hinter code using HarfBuzz crashed for some invalid
+      fonts.
+
+
+======================================================================
 
 CHANGES BETWEEN 2.5.2 and 2.5.3
 
   I. IMPORTANT BUG FIXES
 
-    - A vulnerability was  identified and fixed in the  new CFF driver
-      (cf. http://savannah.nongnu.org/bugs/?41697;  it doesn't  have a
-      CVE number yet).  All users should upgrade.
+    - A vulnerability (CVE-2014-2240) was  identified and fixed in the
+      new  CFF  driver  (cf.  http://savannah.nongnu.org/bugs/?41697).
+      All users should upgrade.
 
     - More  bug  fixes related  to  correct  positioning of  composite
       glyphs.

src/autofit/hbshim.c

@@ -347,6 +347,11 @@
       count++;
 #endif
 
+      /* HarfBuzz 0.9.26 and older doesn't validate glyph indices */
+      /* returned by `hb_ot_layout_lookup_collect_glyphs'...      */
+      if ( idx >= (hb_codepoint_t)globals->glyph_count )
+        continue;
+
       if ( gstyles[idx] == AF_STYLE_UNASSIGNED )
         gstyles[idx] = (FT_Byte)style_class->style;
 #ifdef FT_DEBUG_LEVEL_TRACE