diff --git a/src/fonts.js b/src/fonts.js index 542c33f55..809e1e235 100644 --- a/src/fonts.js +++ b/src/fonts.js @@ -1621,12 +1621,20 @@ var Font = (function FontClosure() { var locaData = loca.data; // removing the invalid glyphs var oldGlyfData = glyf.data; - var newGlyfData = new Uint8Array(oldGlyfData.length); + var oldGlyfDataLength = oldGlyfData.length; + var newGlyfData = new Uint8Array(oldGlyfDataLength); var startOffset = itemDecode(locaData, 0); var writeOffset = 0; itemEncode(locaData, 0, writeOffset); for (var i = 0, j = itemSize; i < numGlyphs; i++, j += itemSize) { var endOffset = itemDecode(locaData, j); + if (endOffset > oldGlyfDataLength) { + // glyph end offset points outside glyf data, rejecting the glyph + itemEncode(locaData, j, writeOffset); + startOffset = endOffset; + continue; + } + var newLength = sanitizeGlyph(oldGlyfData, startOffset, endOffset, newGlyfData, writeOffset); writeOffset += newLength; diff --git a/test/pdfs/.gitignore b/test/pdfs/.gitignore index 9460cfbec..81b63290d 100644 --- a/test/pdfs/.gitignore +++ b/test/pdfs/.gitignore @@ -20,6 +20,7 @@ !scan-bad.pdf !freeculture.pdf !issue918.pdf +!issue1249.pdf !smaskdim.pdf !type4psfunc.pdf !S2.pdf diff --git a/test/pdfs/issue1249.pdf b/test/pdfs/issue1249.pdf new file mode 100644 index 000000000..f7bacda02 Binary files /dev/null and b/test/pdfs/issue1249.pdf differ diff --git a/test/test_manifest.json b/test/test_manifest.json index 23a0f8ed9..c2cbaa415 100644 --- a/test/test_manifest.json +++ b/test/test_manifest.json @@ -417,6 +417,12 @@ "link": true, "type": "eq" }, + { "id": "issue1249-load", + "file": "pdfs/issue1249.pdf", + "md5": "4f81339fa09422a7db980f34ea963609", + "rounds": 1, + "type": "load" + }, { "id": "liveprogramming", "file": "pdfs/liveprogramming.pdf", "md5": "7bd4dad1188232ef597d36fd72c33e52",