From c9b6de3b16d9ebecd7caf27b606cfc9eb45d086d Mon Sep 17 00:00:00 2001 From: Jonas Jenwald Date: Sat, 7 May 2016 18:23:47 +0200 Subject: [PATCH] Prevent adding invalid values in `CFFDict_setByKey` (bug 1068432) In the font in question, there are a couple of `topDict` entries that have invalid values (`0xF 0xF`, i.e. just eof markers without any actual numbers). This causes the `parseFloatOperand` function, inside `CFFParser_parseDict`, to return `NaN`. Currently we pass this broken font onto the browser, which OTS unsurprisingly rejects. Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1068432. --- src/core/cff_parser.js | 5 +++++ test/pdfs/.gitignore | 1 + test/pdfs/bug1068432.pdf | Bin 0 -> 2360 bytes test/test_manifest.json | 7 +++++++ test/unit/cff_parser_spec.js | 9 +++++++++ 5 files changed, 22 insertions(+) create mode 100644 test/pdfs/bug1068432.pdf diff --git a/src/core/cff_parser.js b/src/core/cff_parser.js index d2beed37c..2a9f3cb0e 100644 --- a/src/core/cff_parser.js +++ b/src/core/cff_parser.js @@ -995,6 +995,11 @@ var CFFDict = (function CFFDictClosure() { // remove the array wrapping these types of values if (type === 'num' || type === 'sid' || type === 'offset') { value = value[0]; + // Ignore invalid values (fixes bug 1068432). + if (isNaN(value)) { + warn('Invalid CFFDict value: ' + value + ', for key: ' + key + '.'); + return true; + } } this.values[key] = value; return true; diff --git a/test/pdfs/.gitignore b/test/pdfs/.gitignore index 82bc7d131..496abf638 100644 --- a/test/pdfs/.gitignore +++ b/test/pdfs/.gitignore @@ -35,6 +35,7 @@ !bug1020858.pdf !bug1050040.pdf !bug1200096.pdf +!bug1068432.pdf !issue5564_reduced.pdf !canvas.pdf !bug1132849.pdf diff --git a/test/pdfs/bug1068432.pdf b/test/pdfs/bug1068432.pdf new file mode 100644 index 0000000000000000000000000000000000000000..da128bbab63170793c2a85b47657e2672398f188 GIT binary patch literal 2360 zcmaJ@3se+k6c&l%j66J)$Ldi0_`o%RnSHUlf^0l39xJernh?&iv&+!33p2C8DoWHz zJw}B+ND`q;ds&)1d?Y5c(sF#@F)WeH%?F{TsA(kf>i>5c7V^~WnX~`g@8193``tTp z|G6o#@gc%c8K#f}0+=*;SVRPdr&|grfX9#=X)x(AJcZO#EKn$*Mj93wiBU!^(sT$W zn>aKvJektcWVERStbis25D^5B5+Do1V@zfv2ZR`&NNZV$3LyeFg^+7or|iLfQ5*~f z&Bp@4(i6u>y+ zX@=!ua!CddJT1r(hDVbu<#35dp-Z(OSsj%ugi1&lOR+f&UBH zfjrD9NH=8|X(*$BT;`M{kz=kz(D71Q%jF`9WHJO35OL=t#Q=Y#Y-EG`{Ye#~f$Jx6-{ z=7=XX#Q_1%7MfwLaIMBbGK{I%Trj@W78~codXNRrQM5jnL$s`4Hh7XGaD!dxpoUdZt+5EHuC zQD&YP=ljIBfU|k{Cjd)rj54w`FMwgwIvoXD9kn)kgU0C8nm8clA5fLXNi`R^){x*y z^>=g^9|$CuqZojw;HX#%wI7C$^@Ipkz||BbHCZW9c~)Y2^Rz$LFA7=@6tppVdfL>; z?IGsDDa&6x`06sh`qEoB4_5v1*s98+s;y7xKFGe-+kMb$D8!?4<+={bmI5!e$TOtB zqv6_=pR0#D-?w`$6sa!io)-Hw-JJTa-@R~eTaB)(Hb1w}cJJl-%{4d4K?_~fvSt1c z;XYTyo+(&xk(TSc9p~%W+}_``B= ziM##wTl*8bJ4&xM2KH^*ADu$huX<)PcA<0Ql04zS4t#B+IO3fT=g-BK`>1~mIZ$J> z-Oy}!_RF3KrZ z_sR`+UwU1Ds6wf&UfV7lovz1B)Hxyavo>txonYNzTZ*0MyLaf-quY+(t?=`B zQ=9A&lbFapk!k0>ws zeuivA<;%1xFSU@QHK}>RJo!R`GsX?IY>Ojt9>=+R}BR%i1-~Cup5u-PMZY z6>-YmBGbtE(Z5#Pbw60Q9Nt$te7?DQK!0tC$El2`hR-r(wGBOu#oA+|1J>GK&wLl( zXH)N$u359QXS9CgUf}&peRU_x`s&w|{XM+l%EpUr7E2qv-*{u`SIe49UiS}Z|1F>{ z>eG?^iC=CiRqh_~S#hhg@TcP20~PiKvNC&9^?+?KKpE#dSR=?xJ-KJ&qN2Ah{oK{N zytcfx-x7MP)K{04wD<3~?+Pxqlgj3To82eE(bFv z*1f~Gdv2`mb<6V4e6qUQ-`2YH+gr9Dzp&5HHw>#j>!Al2Qe{zfiS65ECo7m41Uvv-aI0e!Fh!)V1$U& zg$TvOL?q0G5OOITS>rac35Y@g$03ivBZtcmLBQk1IHH({gu!vgBj|A8G7?HAI6{Nm z1&O5aK;yC!O@JhFI1zb>V@Nn~7{{?kO|PPW0>jfx@Js7B5IK%JEJre&gE0{yR$z1I I#x05e2g+wi&;S4c literal 0 HcmV?d00001 diff --git a/test/test_manifest.json b/test/test_manifest.json index 68f6e4557..adea6848a 100644 --- a/test/test_manifest.json +++ b/test/test_manifest.json @@ -203,6 +203,13 @@ "lastPage": 1, "type": "eq" }, + { "id": "bug1068432", + "file": "pdfs/bug1068432.pdf", + "md5": "b76ac8d7d0ef471f28535c881f421e33", + "rounds": 1, + "link": false, + "type": "eq" + }, { "id": "issue1512", "file": "pdfs/issue1512r.pdf", "md5": "af48ede2658d99cca423147085c6609b", diff --git a/test/unit/cff_parser_spec.js b/test/unit/cff_parser_spec.js index a0e8cf2be..67594d3f3 100644 --- a/test/unit/cff_parser_spec.js +++ b/test/unit/cff_parser_spec.js @@ -95,6 +95,15 @@ describe('CFFParser', function() { expect(topDict.getByName('Private')).toEqual([45, 102]); }); + it('refuses to add topDict key with invalid value (bug 1068432)', + function () { + var topDict = cff.topDict; + var defaultValue = topDict.getByName('UnderlinePosition'); + + topDict.setByKey(/* [12, 3] = */ 3075, [NaN]); + expect(topDict.getByName('UnderlinePosition')).toEqual(defaultValue); + }); + it('parses a CharString having cntrmask', function() { var bytes = new Uint8Array([0, 1, // count 1, // offsetSize