[Pkg-javascript-commits] [pdf.js] 67/161: Prevent infinite loop in CFFParser_parseHeader
David Prévot
taffit at moszumanska.debian.org
Sat Apr 19 14:16:25 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository pdf.js.
commit 5f021b067c1228f3c74b26373415d3f31ce1643c
Author: Jonas Jenwald <jonas.jenwald at gmail.com>
Date: Thu Mar 13 12:33:42 2014 +0100
Prevent infinite loop in CFFParser_parseHeader
---
src/core/fonts.js | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/core/fonts.js b/src/core/fonts.js
index 25dfca0..ec9f842 100644
--- a/src/core/fonts.js
+++ b/src/core/fonts.js
@@ -5628,12 +5628,17 @@ var CFFParser = (function CFFParserClosure() {
},
parseHeader: function CFFParser_parseHeader() {
var bytes = this.bytes;
+ var bytesLength = bytes.length;
var offset = 0;
- while (bytes[offset] != 1)
+ // Prevent an infinite loop, by checking that the offset is within the
+ // bounds of the bytes array. Necessary in empty, or invalid, font files.
+ while (offset < bytesLength && bytes[offset] !== 1) {
++offset;
-
- if (offset !== 0) {
+ }
+ if (offset >= bytesLength) {
+ error('Invalid CFF header');
+ } else if (offset !== 0) {
info('cff data is shifted');
bytes = bytes.subarray(offset);
this.bytes = bytes;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/pdf.js.git
More information about the Pkg-javascript-commits
mailing list