Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #16450 from calixteman/issue16300

Browse Source 
Sanitize the glyph bounding box
This commit is contained in:
calixteman 2023-05-21 17:40:36 +02:00 committed by GitHub
commit 1c4e4b4092
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 55 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/core/fonts.js
View File

@ -1859,16 +1859,41 @@ class Font {
length: 0, length: 0,
sizeOfInstructions: 0, sizeOfInstructions: 0,
}; };
if (sourceEnd - sourceStart <= 12) { if (
// glyph with data less than 12 is invalid one sourceStart < 0 ||
sourceStart >= source.length ||
sourceEnd > source.length ||
sourceEnd - sourceStart <= 12
) {
// If the offsets are wrong or the glyph is too small, remove it.
return glyphProfile; return glyphProfile;
} }
const glyf = source.subarray(sourceStart, sourceEnd); const glyf = source.subarray(sourceStart, sourceEnd);
let contoursCount = signedInt16(glyf[0], glyf[1]);
// Sanitize the glyph bounding box.
const xMin = signedInt16(glyf[2], glyf[3]);
const yMin = signedInt16(glyf[4], glyf[5]);
const xMax = signedInt16(glyf[6], glyf[7]);
const yMax = signedInt16(glyf[8], glyf[9]);
if (xMin > xMax) {
writeSignedInt16(glyf, 2, xMax);
writeSignedInt16(glyf, 6, xMin);
}
if (yMin > yMax) {
writeSignedInt16(glyf, 4, yMax);
writeSignedInt16(glyf, 8, yMin);
}
const contoursCount = signedInt16(glyf[0], glyf[1]);
if (contoursCount < 0) { if (contoursCount < 0) {
// OTS doesn't like contour count to be less than -1. if (contoursCount < -1) {
contoursCount = -1; // OTS doesn't like contour count to be less than -1.
writeSignedInt16(glyf, 0, contoursCount); // The glyph data offsets are very likely wrong and
// having something lower than -1, very likely, implies
// to have some garbage data.
return glyphProfile;
}
// complex glyph, writing as is // complex glyph, writing as is
dest.set(glyf, destStart); dest.set(glyf, destStart);
glyphProfile.length = glyf.length; glyphProfile.length = glyf.length;
@ -1913,6 +1938,10 @@ class Font {
coordinatesLength += xyLength; coordinatesLength += xyLength;
if (flag & 8) { if (flag & 8) {
const repeat = glyf[j++]; const repeat = glyf[j++];
if (repeat === 0) {
// The repeat count should be non-zero when the repeat flag is set.
glyf[j - 1] ^= 8;
}
i += repeat; i += repeat;
coordinatesLength += repeat * xyLength; coordinatesLength += repeat * xyLength;
} }
@ -2763,7 +2792,7 @@ class Font {
// hhea tables; yMin and descent value are always negative. // hhea tables; yMin and descent value are always negative.
const metricsOverride = { const metricsOverride = {
unitsPerEm: int16(tables.head.data[18], tables.head.data[19]), unitsPerEm: int16(tables.head.data[18], tables.head.data[19]),
yMax: int16(tables.head.data[42], tables.head.data[43]), yMax: signedInt16(tables.head.data[42], tables.head.data[43]),
yMin: signedInt16(tables.head.data[38], tables.head.data[39]), yMin: signedInt16(tables.head.data[38], tables.head.data[39]),
ascent: signedInt16(tables.hhea.data[4], tables.hhea.data[5]), ascent: signedInt16(tables.hhea.data[4], tables.hhea.data[5]),
descent: signedInt16(tables.hhea.data[6], tables.hhea.data[7]), descent: signedInt16(tables.hhea.data[6], tables.hhea.data[7]),

1
test/pdfs/issue15813.pdf.link Normal file
View File

@ -0,0 +1 @@
https://github.com/mozilla/pdf.js/files/10209039/aaa.pdf

1
test/pdfs/issue16300.pdf.link Normal file
View File

@ -0,0 +1 @@
https://github.com/mozilla/pdf.js/files/11242244/PDF.TEST.pdf

17
test/test_manifest.json
View File

@ -7608,5 +7608,22 @@
"value": "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz" "value": "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\nabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz"
} }
} }
},
{
"id": "issue16300",
"file": "pdfs/issue16300.pdf",
"md5": "45ac5cd3a159a4e9152bc1fdb685750d",
"rounds": 1,
"link": true,
"type": "eq"
},
{
"id": "issue15813",
"file": "pdfs/issue15813.pdf",
"md5": "af5124ee1dbc39c679a903690958c5b2",
"rounds": 1,
"link": true,
"print": true,
"type": "eq"
} }
] ]