[poppler] 2 commits - fofi/FoFiTrueType.cc poppler/Parser.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Thu Dec 28 20:16:19 UTC 2017
fofi/FoFiTrueType.cc | 30 +++++++++++-------------------
poppler/Parser.cc | 3 ++-
2 files changed, 13 insertions(+), 20 deletions(-)
New commits:
commit 9b981f9123fe8c3c8662015de341cff76aa28b07
Author: Thomas Freitag <Thomas.Freitag at alfa.de>
Date: Thu Dec 28 00:55:39 2017 +0100
FoFiTrueType::readPostTable() from xpdf 4.00
Bug #102880
diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc
index 2bbf0468..c663249d 100644
--- a/fofi/FoFiTrueType.cc
+++ b/fofi/FoFiTrueType.cc
@@ -1451,7 +1451,7 @@ void FoFiTrueType::parse() {
void FoFiTrueType::readPostTable() {
GooString *name;
- int tablePos, postFmt, stringIdx, stringPos, savedStringIdx;
+ int tablePos, postFmt, stringIdx, stringPos;
GBool ok;
int i, j, n, m;
@@ -1481,38 +1481,30 @@ void FoFiTrueType::readPostTable() {
stringIdx = 0;
stringPos = tablePos + 34 + 2*n;
for (i = 0; i < n; ++i) {
+ ok = gTrue;
j = getU16BE(tablePos + 34 + 2*i, &ok);
if (j < 258) {
nameToGID->removeInt(macGlyphNames[j]);
nameToGID->add(new GooString(macGlyphNames[j]), i);
} else {
- savedStringIdx = stringIdx;
j -= 258;
if (j != stringIdx) {
for (stringIdx = 0, stringPos = tablePos + 34 + 2*n;
stringIdx < j;
++stringIdx, stringPos += 1 + getU8(stringPos, &ok)) ;
if (!ok) {
- goto err;
+ continue;
}
}
m = getU8(stringPos, &ok);
if (!ok || !checkRegion(stringPos + 1, m)) {
- stringIdx = savedStringIdx;
- if (j < 258) {
- ok = gTrue;
- nameToGID->removeInt(macGlyphNames[j]);
- nameToGID->add(new GooString(macGlyphNames[0]), i);
- } else {
- goto err;
- }
- } else {
- name = new GooString((char *)&file[stringPos + 1], m);
- nameToGID->removeInt(name);
- nameToGID->add(name, i);
- ++stringIdx;
- stringPos += 1 + m;
- }
+ continue;
+ }
+ name = new GooString((char *)&file[stringPos + 1], m);
+ nameToGID->removeInt(name);
+ nameToGID->add(name, i);
+ ++stringIdx;
+ stringPos += 1 + m;
}
}
} else if (postFmt == 0x00028000) {
@@ -1520,7 +1512,7 @@ void FoFiTrueType::readPostTable() {
for (i = 0; i < nGlyphs; ++i) {
j = getU8(tablePos + 32 + i, &ok);
if (!ok) {
- goto err;
+ continue;
}
if (j < 258) {
nameToGID->removeInt(macGlyphNames[j]);
commit 00fc829352716b04d9ab59552daefffed20e2852
Author: Thomas Freitag <Thomas.Freitag at alfa.de>
Date: Thu Dec 28 00:55:00 2017 +0100
Break loop if recursionLimit is reached
diff --git a/poppler/Parser.cc b/poppler/Parser.cc
index 4b399028..3aee5f0d 100644
--- a/poppler/Parser.cc
+++ b/poppler/Parser.cc
@@ -89,10 +89,11 @@ Object Parser::getObj(GBool simpleOnly,
if (!simpleOnly && buf1.isCmd("[")) {
shift();
obj = Object(new Array(xref));
- while (!buf1.isCmd("]") && !buf1.isEOF()) {
+ while (!buf1.isCmd("]") && !buf1.isEOF() && recursion + 1 < recursionLimit) {
Object obj2 = getObj(gFalse, fileKey, encAlgorithm, keyLength, objNum, objGen, recursion + 1);
obj.arrayAdd(std::move(obj2));
}
+ if (recursion + 1 >= recursionLimit && strict) goto err;
if (buf1.isEOF()) {
error(errSyntaxError, getPos(), "End of file inside array");
if (strict) goto err;
More information about the poppler
mailing list