--- old/src/java.desktop/share/native/libfontmanager/harfbuzz/hb-ot-layout-common-private.hh	2018-07-05 09:24:19.849223110 -0700
+++ new/src/java.desktop/share/native/libfontmanager/harfbuzz/hb-ot-layout-common-private.hh	2018-07-05 09:24:19.713223115 -0700
@@ -832,7 +832,12 @@
       c = &c_;
       coverage = 0;
       i = 0;
-      j = c->rangeRecord.len ? c_.rangeRecord[0].start : 0;
+      j = c->rangeRecord.len ? c->rangeRecord[0].start : 0;
+      if (unlikely (c->rangeRecord[0].start > c->rangeRecord[0].end))
+      {
+        /* Broken table. Skip. */
+        i = c->rangeRecord.len;
+      }
     }
     inline bool more (void) { return i < c->rangeRecord.len; }
     inline void next (void)
@@ -842,7 +847,14 @@
         i++;
         if (more ())
         {
+          hb_codepoint_t old = j;
           j = c->rangeRecord[i].start;
+          if (unlikely (j <= old))
+          {
+            /* Broken table. Skip. Important to avoid DoS. */
+           i = c->rangeRecord.len;
+           return;
+          }
           coverage = c->rangeRecord[i].value;
         }
         return;
@@ -855,7 +867,8 @@
 
     private:
     const struct CoverageFormat2 *c;
-    unsigned int i, j, coverage;
+    unsigned int i, coverage;
+    hb_codepoint_t j;
   };
   private: