Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ignore reserved commands when parsing operands in CFFParser_parseDict, instead of just rejecting the entire font (bug 1308536)

Browse Source 
According to the CFF specification, see http://partners.adobe.com/public/developer/en/font/5176.CFF.pdf#page=11, certain commands are currently reserved.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1308536.
This commit is contained in:
Jonas Jenwald 2016-10-07 20:51:02 +02:00
parent 9f8d67475e
commit 9dc6463933
5 changed files with 50 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/core/cff_parser.js
View File

@ -349,9 +349,9 @@ var CFFParser = (function CFFParserClosure() {
} else if (value >= 251 && value <= 254) {
return -((value - 251) * 256) - dict[pos++] - 108;
} else {
error('255 is not a valid DICT command');
warn('CFFParser_parseDict: "' + value + '" is a reserved command.');
return NaN;
}
return -1;
}
function parseFloatOperand() {
@ -1000,19 +1000,22 @@ var CFFDict = (function CFFDictClosure() {
if (!(key in this.keyToNameMap)) {
return false;
}
var valueLength = value.length;
// ignore empty values
if (value.length === 0) {
if (valueLength === 0) {
return true;
}
// Ignore invalid values (fixes bug1068432.pdf and bug1308536.pdf).
for (var i = 0; i < valueLength; i++) {
if (isNaN(value[i])) {
warn('Invalid CFFDict value: "' + value + '" for key "' + key + '".');
return true;
}
}
var type = this.types[key];
// remove the array wrapping these types of values
if (type === 'num' || type === 'sid' || type === 'offset') {
value = value[0];
// Ignore invalid values (fixes bug 1068432).
if (isNaN(value)) {
warn('Invalid CFFDict value: ' + value + ', for key: ' + key + '.');
return true;
}
}
this.values[key] = value;
return true;

1
test/pdfs/.gitignore vendored
View File

@ -54,6 +54,7 @@
!bug1068432.pdf
!bug1146106.pdf
!bug1252420.pdf
!bug1308536.pdf
!issue5564_reduced.pdf
!canvas.pdf
!bug1132849.pdf

BIN
test/pdfs/bug1308536.pdf Normal file
View File

Binary file not shown.

7
test/test_manifest.json
View File

@ -784,6 +784,13 @@
"link": false,
"type": "load"
},
{ "id": "bug1308536",
"file": "pdfs/bug1308536.pdf",
"md5": "cc2258981e33ad8d96acbf87318716d5",
"rounds": 1,
"link": false,
"type": "eq"
},
{ "id": "bug1252420",
"file": "pdfs/bug1252420.pdf",
"md5": "f21c911b9b655972b06ef782a1fa6a17",

35
test/unit/cff_parser_spec.js
View File

@ -1,5 +1,6 @@
/* globals describe, it, expect, beforeAll, afterAll, Stream, CFFParser,
SEAC_ANALYSIS_ENABLED, CFFIndex, CFFStrings, CFFCompiler */
/* globals describe, it, expect, beforeAll, afterAll, beforeEach, afterEach,
Stream, CFFParser, SEAC_ANALYSIS_ENABLED, CFFIndex, CFFStrings,
CFFCompiler */
'use strict';
@ -33,14 +34,22 @@ describe('CFFParser', function() {
fontArr.push(parseInt(hex, 16));
}
fontData = new Stream(fontArr);
done();
});
afterAll(function () {
fontData = null;
});
beforeEach(function (done) {
parser = new CFFParser(fontData, {}, SEAC_ANALYSIS_ENABLED);
cff = parser.parse();
done();
});
afterAll(function () {
fontData = parser = cff = null;
afterEach(function (done) {
parser = cff = null;
done();
});
it('parses header', function() {
@ -104,6 +113,24 @@ describe('CFFParser', function() {
expect(topDict.getByName('UnderlinePosition')).toEqual(defaultValue);
});
it('ignores reserved commands in parseDict, and refuses to add privateDict ' +
'keys with invalid values (bug 1308536)', function () {
var bytes = new Uint8Array([
64, 39, 31, 30, 252, 114, 137, 115, 79, 30, 197, 119, 2, 99, 127, 6
]);
parser.bytes = bytes;
var topDict = cff.topDict;
topDict.setByName('Private', [bytes.length, 0]);
var parsePrivateDict = function () {
parser.parsePrivateDict(topDict);
};
expect(parsePrivateDict).not.toThrow();
var privateDict = topDict.privateDict;
expect(privateDict.getByName('BlueValues')).toBeNull();
});
it('parses a CharString having cntrmask', function() {
var bytes = new Uint8Array([0, 1, // count
1, // offsetSize