mirrors/pdf.js
1
0
Fork 0
mirror of https://github.com/mozilla/pdf.js.git synced 2025-04-25 17:48:07 +02:00
Code Activity

Handle cff fonts with erroneous stackSize

Browse source
This commit is contained in:
Jason O. Jensen 2017-03-06 19:17:27 -05:00
parent 754c4bd0ab
commit d230784ac3
4 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/core/cff_parser.js
View file

@ -475,7 +475,7 @@ var CFFParser = (function CFFParserClosure() {
parseCharString: function CFFParser_parseCharString(state, data,
localSubrIndex,
globalSubrIndex) {
if (state.callDepth > MAX_SUBR_NESTING) {
if (!data || state.callDepth > MAX_SUBR_NESTING) {
return false;
}
var stackSize = state.stackSize;
@ -552,7 +552,8 @@ var CFFParser = (function CFFParserClosure() {
bias = 1131;
}
var subrNumber = stack[--stackSize] + bias;
if (subrNumber < 0 || subrNumber >= subrsIndex.count) {
if (subrNumber < 0 || subrNumber >= subrsIndex.count ||
isNaN(subrNumber)) {
validationCommand = CharstringValidationData[value];
warn('Out of bounds subrIndex for ' + validationCommand.id);
return false;