Handle cff fonts with erroneous stackSize

src/core/cff_parser.js

@@ -475,7 +475,7 @@ var CFFParser = (function CFFParserClosure() {
     parseCharString: function CFFParser_parseCharString(state, data,
                                                         localSubrIndex,
                                                         globalSubrIndex) {
-      if (state.callDepth > MAX_SUBR_NESTING) {
+      if (!data || state.callDepth > MAX_SUBR_NESTING) {
         return false;
       }
       var stackSize = state.stackSize;
@@ -552,7 +552,8 @@ var CFFParser = (function CFFParserClosure() {
             bias = 1131;
           }
           var subrNumber = stack[--stackSize] + bias;
-          if (subrNumber < 0 || subrNumber >= subrsIndex.count) {
+          if (subrNumber < 0 || subrNumber >= subrsIndex.count ||
+              isNaN(subrNumber)) {
             validationCommand = CharstringValidationData[value];
             warn('Out of bounds subrIndex for ' + validationCommand.id);
             return false;

test/pdfs/.gitignore

@@ -276,3 +276,4 @@
 !operator-in-TJ-array.pdf
 !issue7878.pdf
 !font_ascent_descent.pdf
+!issue8097_reduced.pdf

test/test_manifest.json

@@ -3403,5 +3403,11 @@
        "md5": "c0048a7735010002b998c112335e47bf",
        "rounds": 1,
        "type": "eq"
+    },
+    {  "id": "issue8097",
+       "file": "pdfs/issue8097_reduced.pdf",
+       "md5": "ced0e2d88cfd5b4d3a55d937ea288af1",
+       "rounds": 1,
+       "type": "eq"
     }
 ]