Avoid accidentally getting the entire font file in readNameTable (issue 7020)

In the PDF file in question, some of the 'name' table entries have `record.length === 0`. This becomes problematic in the non-unicode case, since `font.getBytes(0)` will fetch the *entire* stream. Given that OTS rejects 'name' entries larger than `2^16`, this thus explain the sanitizer errors. Fixes 7020.
2016-03-01 21:39:33 +01:00 · 2016-03-01 21:39:33 +01:00 · 505f15f221
commit 505f15f221
parent 22341c0761
4 changed files with 11 additions and 0 deletions
--- a/src/core/fonts.js
+++ b/src/core/fonts.js
@ -1832,6 +1832,9 @@ var Font = (function FontClosure() {
        }
        for (i = 0, ii = records.length; i < ii; i++) {
          var record = records[i];
+          if (record.length <= 0) {
+            continue; // Nothing to process, ignoring.
+          }
          var pos = start + stringsStart + record.offset;
          if (pos + record.length > end) {
            continue; // outside of name table, ignoring
--- a/test/pdfs/.gitignore
+++ b/test/pdfs/.gitignore
@ -19,6 +19,7 @@
 !issue5874.pdf
 !issue6782.pdf
 !issue6961.pdf
+!issue7020.pdf
 !filled-background.pdf
 !ArabicCIDTrueType.pdf
 !ThuluthFeatures.pdf
--- a/test/pdfs/issue7020.pdf
+++ b/test/pdfs/issue7020.pdf
--- a/test/test_manifest.json
+++ b/test/test_manifest.json
@ -1217,6 +1217,13 @@
       "lastPage": 1,
       "type": "load"
    },
+    {  "id": "issue7020",
+       "file": "pdfs/issue7020.pdf",
+       "md5": "93b464e21c649e64ae92eeafe99fc31b",
+       "link": false,
+       "rounds": 1,
+       "type": "eq"
+    },
    {  "id": "pr4606",
       "file": "pdfs/pr4606.pdf",
       "md5": "6574fde2314648600056bd0e229df98c",