FcFontSetMatchInternal can go out of bounds for a bad priority if PRI_MAX gets broken

[Artoria2e5]

In the current version:

static const FcMatcher _FcMatchers [] = {
    { FC_INVALID_OBJECT, NULL, NULL, -1, -1 },
#include "fcobjs.h"
};
/* ... */

// Find the matcher for given priority
const FcMatcher *matcher = NULL;
for (matcher = &_FcMatchers[0]; matcher->weak != priority && matcher->strong != priority; matcher++);
assert(matcher); // The assertion will do nothing as the loop will always set a nice value. 

With a bad priority the loop might just go on indefinitely since it doesn't check for an end. This generally won't happen unless someone made the priorities inconsistent with fcobj.h.

An extra check likely(matcher - _FcMatchers <= FC_MAX_BASE_OBJECT) can be added to catch this problem for debug builds.

[michalsrb]

The assumption is of course that the _FcMatchers and _FcMatcherPriority match together. As long as they do, no external input can break it. But a debug assert to catch mistakes during development would be nice.