From 49275c4b17788f2815aed1f847558172826e4003 Mon Sep 17 00:00:00 2001
From: Nico Weber <thakis@chromium.org>
Date: Fri, 13 Oct 2023 10:32:57 -0400
Subject: [PATCH] LibPDF: Don't overflow SIDs in type 1 charset parsing

first_sid has type SID (aka u16), so don't store it in an u8.

This fixes (among other things) page 24 on the PDF 1.7 spec.
---
 Userland/Libraries/LibPDF/Fonts/CFF.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibPDF/Fonts/CFF.cpp b/Userland/Libraries/LibPDF/Fonts/CFF.cpp
index c9d13a43f2f..e7100fa68c4 100644
--- a/Userland/Libraries/LibPDF/Fonts/CFF.cpp
+++ b/Userland/Libraries/LibPDF/Fonts/CFF.cpp
@@ -631,7 +631,7 @@ PDFErrorOr<Vector<DeprecatedFlyString>> CFF::parse_charset(Reader&& reader, size
         while (names.size() < glyph_count - 1) {
             auto first_sid = TRY(reader.try_read<BigEndian<SID>>());
             int left = TRY(reader.try_read<Card8>());
-            for (u8 sid = first_sid; left >= 0; left--, sid++)
+            for (SID sid = first_sid; left >= 0; left--, sid++)
                 TRY(names.try_append(resolve_sid(sid, strings)));
         }
     }