timeout in insert_dotted_circles

[kcc]

Found by the libFuzzer bot, see #139
timeout-2f2466faea618e6494c58380a38ca4148bf5d2ea.pdf

Feed the attached input to the test/fuzzing/hb-fuzzer.cc, it will run for a long time
(libFuzzer kills it after 120 seconds).

#5 0x575439 in hb_buffer_t::next_glyph() src/./hb-buffer-private.hh:181:11
#6 0x575439 in insert_dotted_circles(hb_ot_shape_plan_t const*, hb_font_t*, hb_buffer_t*) src/hb-ot-shape-complex-indic.cc:1252
#7 0x575439 in initial_reordering(hb_ot_shape_plan_t const*, hb_font_t*, hb_buffer_t*) src/hb-ot-shape-complex-indic.cc:1269
#8 0x5f0cdd in void hb_ot_map_t::apply<GSUBProxy>(GSUBProxy const&, hb_ot_shape_plan_t const*, hb_font_t*, hb_buffer_t*) const src/hb-ot-layout.cc:1087:7
#9 0x5ddfed in hb_ot_map_t::substitute(hb_ot_shape_plan_t const*, hb_font_t*, hb_buffer_t*) const src/hb-ot-layout.cc:1095:3
#10 0x5396b4 in hb_ot_shape_plan_t::substitute(hb_font_t*, hb_buffer_t*) const src/./hb-ot-shape-private.hh:59:73
#11 0x5396b4 in hb_ot_substitute_complex(hb_ot_shape_context_t*) src/hb-ot-shape.cc:585
#12 0x5396b4 in hb_ot_substitute(hb_ot_shape_context_t*) src/hb-ot-shape.cc:599
#13 0x5396b4 in hb_ot_shape_internal(hb_ot_shape_context_t*) src/hb-ot-shape.cc:826
#14 0x5396b4 in _hb_ot_shape src/hb-ot-shape.cc:851
#15 0x51ab1c in hb_shape_plan_execute src/./hb-shaper-list.hh:43:1
#16 0x518460 in hb_shape_full src/hb-shape.cc:377:19
#17 0x518460 in hb_shape src/hb-shape.cc:407
#18 0x4dede6 in LLVMFuzzerTestOneInput