Add non-PRODUCTION/TESTING overflow asserts to various string helpe…

…r-functions (issue 6759)
fragdenstaat · Jun 27, 2021 · 273d8cb · 273d8cb
1 parent d644b66
commit 273d8cb
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 4 deletions.
diff --git a/src/core/evaluator.js b/src/core/evaluator.js
@@ -3788,6 +3788,9 @@ class PartialEvaluator {
           firstChar,
           lastChar,
           toUnicode,
+          xHeight: 0,
+          capHeight: 0,
+          italicAngle: 0,
           isType3Font,
         };
         const widths = dict.get("Widths");
@@ -3919,10 +3922,10 @@ class PartialEvaluator {
       bbox: descriptor.getArray("FontBBox") || dict.getArray("FontBBox"),
       ascent: descriptor.get("Ascent"),
       descent: descriptor.get("Descent"),
-      xHeight: descriptor.get("XHeight"),
-      capHeight: descriptor.get("CapHeight"),
+      xHeight: descriptor.get("XHeight") || 0,
+      capHeight: descriptor.get("CapHeight") || 0,
       flags: descriptor.get("Flags"),
-      italicAngle: descriptor.get("ItalicAngle"),
+      italicAngle: descriptor.get("ItalicAngle") || 0,
       isType3Font,
       cssFontInfo,
       scaleFactors: glyphScaleFactors,

diff --git a/src/core/fonts.js b/src/core/fonts.js
@@ -257,10 +257,28 @@ function int32(b0, b1, b2, b3) {
 }
 
 function string16(value) {
+  if (
+    typeof PDFJSDev === "undefined" ||
+    PDFJSDev.test("!PRODUCTION || TESTING")
+  ) {
+    assert(
+      typeof value === "number" && Math.abs(value) < 2 ** 16,
+      `string16: Unexpected input "${value}".`
+    );
+  }
   return String.fromCharCode((value >> 8) & 0xff, value & 0xff);
 }
 
 function safeString16(value) {
+  if (
+    typeof PDFJSDev === "undefined" ||
+    PDFJSDev.test("!PRODUCTION || TESTING")
+  ) {
+    assert(
+      typeof value === "number" && !Number.isNaN(value),
+      `safeString16: Unexpected input "${value}".`
+    );
+  }
   // clamp value to the 16-bit int range
   if (value > 0x7fff) {
     value = 0x7fff;
@@ -751,7 +769,7 @@ function createPostTable(properties) {
     string32(angle) + // italicAngle
     "\x00\x00" + // underlinePosition
     "\x00\x00" + // underlineThickness
-    string32(properties.fixedPitch) + // isFixedPitch
+    string32(properties.fixedPitch ? 1 : 0) + // isFixedPitch
     "\x00\x00\x00\x00" + // minMemType42
     "\x00\x00\x00\x00" + // maxMemType42
     "\x00\x00\x00\x00" + // minMemType1

diff --git a/src/shared/util.js b/src/shared/util.js
@@ -588,6 +588,15 @@ function arraysToBytes(arr) {
 }
 
 function string32(value) {
+  if (
+    typeof PDFJSDev === "undefined" ||
+    PDFJSDev.test("!PRODUCTION || TESTING")
+  ) {
+    assert(
+      typeof value === "number" && Math.abs(value) < 2 ** 32,
+      `string32: Unexpected input "${value}".`
+    );
+  }
   return String.fromCharCode(
     (value >> 24) & 0xff,
     (value >> 16) & 0xff,

diff --git a/test/font/font_fpgm_spec.js b/test/font/font_fpgm_spec.js
diff --git a/test/font/font_os2_spec.js b/test/font/font_os2_spec.js
diff --git a/test/font/font_post_spec.js b/test/font/font_post_spec.js