From a9e0bdc35dfcbead7d4b6fa249d60ebedd7d43ca Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 22 Nov 2018 21:30:04 -0500
Subject: [PATCH] [GSUB] Don't flush glyphset during recursion in closure()

See comment.

Supercedes https://github.com/harfbuzz/harfbuzz/pull/1401
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11366
---
 src/hb-ot-layout-gsub-table.hh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/hb-ot-layout-gsub-table.hh b/src/hb-ot-layout-gsub-table.hh
index 715317b59..501f2308c 100644
--- a/src/hb-ot-layout-gsub-table.hh
+++ b/src/hb-ot-layout-gsub-table.hh
@@ -1449,7 +1449,10 @@ struct SubstLookup : Lookup
 
     hb_closure_context_t::return_t ret = dispatch_recurse_func (c, lookup_index);
 
-    c->flush ();
+    /* While in theory we should flush here, it will cause timeouts because a recursive
+     * lookup can keep growing the glyph set.  Skip, and outer loop will retry up to
+     * HB_CLOSURE_MAX_STAGES time, which should be enough for every realistic font. */
+    //c->flush ();
 
     return ret;
   }