[Pkg-javascript-commits] [pdf.js] 248/414: Avoid accidentally getting the entire font file in `readNameTable` (issue 7020)

David Prévot taffit at moszumanska.debian.org
Tue Jun 28 17:12:27 UTC 2016 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository pdf.js.

commit 505f15f2219251b440830e6c80bd42d29ef3190c
Author: Jonas Jenwald <jonas.jenwald at gmail.com>
Date:   Tue Mar 1 21:39:33 2016 +0100

    Avoid accidentally getting the entire font file in `readNameTable` (issue 7020)
    
    In the PDF file in question, some of the 'name' table entries have `record.length === 0`. This becomes problematic in the non-unicode case, since `font.getBytes(0)` will fetch the *entire* stream.
    Given that OTS rejects 'name' entries larger than `2^16`, this thus explain the sanitizer errors.
    
    Fixes 7020.
---
 src/core/fonts.js       |   3 +++
 test/pdfs/.gitignore    |   1 +
 test/pdfs/issue7020.pdf | Bin 0 -> 17014 bytes
 test/test_manifest.json |   7 +++++++
 4 files changed, 11 insertions(+)

diff --git a/src/core/fonts.js b/src/core/fonts.js
index 0c511f8..5017d1b 100644
--- a/src/core/fonts.js
+++ b/src/core/fonts.js
@@ -1832,6 +1832,9 @@ var Font = (function FontClosure() {
         }
         for (i = 0, ii = records.length; i < ii; i++) {
           var record = records[i];
+          if (record.length <= 0) {
+            continue; // Nothing to process, ignoring.
+          }
           var pos = start + stringsStart + record.offset;
           if (pos + record.length > end) {
             continue; // outside of name table, ignoring
diff --git a/test/pdfs/.gitignore b/test/pdfs/.gitignore
index a771174..106de2c 100644
--- a/test/pdfs/.gitignore
+++ b/test/pdfs/.gitignore
@@ -19,6 +19,7 @@
 !issue5874.pdf
 !issue6782.pdf
 !issue6961.pdf
+!issue7020.pdf
 !filled-background.pdf
 !ArabicCIDTrueType.pdf
 !ThuluthFeatures.pdf
diff --git a/test/pdfs/issue7020.pdf b/test/pdfs/issue7020.pdf
new file mode 100644
index 0000000..e9ee3bc
Binary files /dev/null and b/test/pdfs/issue7020.pdf differ
diff --git a/test/test_manifest.json b/test/test_manifest.json
index edb7abf..c8095cb 100644
--- a/test/test_manifest.json
+++ b/test/test_manifest.json
@@ -1217,6 +1217,13 @@
        "lastPage": 1,
        "type": "load"
     },
+    {  "id": "issue7020",
+       "file": "pdfs/issue7020.pdf",
+       "md5": "93b464e21c649e64ae92eeafe99fc31b",
+       "link": false,
+       "rounds": 1,
+       "type": "eq"
+    },
     {  "id": "pr4606",
        "file": "pdfs/pr4606.pdf",
        "md5": "6574fde2314648600056bd0e229df98c",

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/pdf.js.git

More information about the Pkg-javascript-commits mailing list