You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2015/02/26 21:48:31 UTC

svn commit: r1662562 - in /pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff: CFFParser.java DataInput.java

Author: tilman
Date: Thu Feb 26 20:48:31 2015
New Revision: 1662562

URL: http://svn.apache.org/r1662562
Log:
PDFBOX-2693: add plausibility check for offset

Modified:
    pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/CFFParser.java
    pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/DataInput.java

Modified: pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/CFFParser.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/CFFParser.java?rev=1662562&r1=1662561&r2=1662562&view=diff
==============================================================================
--- pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/CFFParser.java (original)
+++ pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/CFFParser.java Thu Feb 26 20:48:31 2015
@@ -40,7 +40,9 @@ public class CFFParser
     private IndexData nameIndex = null;
     private IndexData topDictIndex = null;
     private IndexData stringIndex = null;
-    private String debugFontName; // for debugging only
+    
+    // for debugging only
+    private String debugFontName; 
 
     /**
      * Parsing CFF Font using a byte array as input.
@@ -145,7 +147,12 @@ public class CFFParser
         int offSize = input.readOffSize();
         for (int i = 0; i <= count; i++)
         {
-            index.setOffset(i, input.readOffset(offSize));
+            int offset = input.readOffset(offSize);
+            if (offset > input.length())
+            {
+                throw new IOException("illegal offset value " + offset + " in CFF font");
+            }
+            index.setOffset(i, offset);
         }
         int dataSize = index.getOffset(count) - index.getOffset(0);
         index.initData(dataSize);

Modified: pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/DataInput.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/DataInput.java?rev=1662562&r1=1662561&r2=1662562&view=diff
==============================================================================
--- pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/DataInput.java (original)
+++ pdfbox/trunk/fontbox/src/main/java/org/apache/fontbox/cff/DataInput.java Thu Feb 26 20:48:31 2015
@@ -23,7 +23,6 @@ import java.io.IOException;
  * This class contains some functionality to read a byte buffer.
  * 
  * @author Villu Ruusmann
- * @version $Revision$
  */
 public class DataInput
 {
@@ -203,4 +202,9 @@ public class DataInput
             return -1;
         }
     }
+    
+    public int length()
+    {
+        return inputBuffer.length;
+    }
 }
\ No newline at end of file