From 88bd7d83ada16e6ae4a4d0f92648630d7e482cc6 Mon Sep 17 00:00:00 2001 From: Nico Weber Date: Thu, 26 Oct 2023 08:37:41 -0700 Subject: [PATCH] LibGfx: Fix off-by-one in opentype cmap format 6 parsing Fixes asserts when rendering 0000037.pdf, 0000116.pdf, 0000463.pdf, 0000483.pdf, 0000506.pdf, and 0000938.pdf in 0000.zip from the pdfa dataset. --- Userland/Libraries/LibGfx/Font/OpenType/Cmap.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Userland/Libraries/LibGfx/Font/OpenType/Cmap.cpp b/Userland/Libraries/LibGfx/Font/OpenType/Cmap.cpp index 8c71b71e431..7f6b862ccd9 100644 --- a/Userland/Libraries/LibGfx/Font/OpenType/Cmap.cpp +++ b/Userland/Libraries/LibGfx/Font/OpenType/Cmap.cpp @@ -144,7 +144,7 @@ u32 Cmap::Subtable::glyph_id_for_code_point_table_6(u32 code_point) const u32 entry_count = be_u16(m_slice.offset((u32)Table6Offsets::EntryCount)); u32 code_offset = code_point - first_code; - if (code_offset > entry_count) + if (code_offset >= entry_count) return 0; return be_u16(m_slice.offset((u32)Table6Offsets::GlyphIdArray + code_offset * 2));