PDFBOX-4550: add missing check for the start and end values of a bfrange
git-svn-id: https://svn.apache.org/repos/asf/pdfbox/trunk@1859501 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/fontbox/src/main/java/org/apache/fontbox/cmap/CMapParser.java b/fontbox/src/main/java/org/apache/fontbox/cmap/CMapParser.java
index 5216000..1fdea0c 100644
--- a/fontbox/src/main/java/org/apache/fontbox/cmap/CMapParser.java
+++ b/fontbox/src/main/java/org/apache/fontbox/cmap/CMapParser.java
@@ -356,10 +356,10 @@
}
byte[] startCode = (byte[]) nextToken;
byte[] endCode = (byte[]) parseNextToken(cmapStream);
- if (startCode.length != endCode.length)
+ if (!checkBoundaries(startCode, endCode))
{
// PDFBOX-4550: likely corrupt stream
- continue;
+ break;
}
nextToken = parseNextToken(cmapStream);
List<byte[]> array = null;
@@ -412,6 +412,15 @@
}
}
+ private boolean checkBoundaries(byte[] startCode, byte[] endCode)
+ {
+ int start = CMap.toInt(startCode, startCode.length);
+ int end = CMap.toInt(endCode, endCode.length);
+ // end has to be bigger than start or equal
+ // the range can not represent more that 255 values
+ return end >= start && (end - start) < 256;
+ }
+
/**
* Returns an input stream containing the given "use" CMap.
*
@@ -708,7 +717,7 @@
return intValue;
}
- private String createStringFromBytes(byte[] bytes) throws IOException
+ private String createStringFromBytes(byte[] bytes)
{
return new String(bytes, bytes.length == 1 ? Charsets.ISO_8859_1 : Charsets.UTF_16BE);
}
diff --git a/fontbox/src/test/java/org/apache/fontbox/cmap/TestCMapParser.java b/fontbox/src/test/java/org/apache/fontbox/cmap/TestCMapParser.java
index 161a20e..2c783b0 100644
--- a/fontbox/src/test/java/org/apache/fontbox/cmap/TestCMapParser.java
+++ b/fontbox/src/test/java/org/apache/fontbox/cmap/TestCMapParser.java
@@ -110,4 +110,37 @@
assertNotNull("Failed to parse nasty CMap file", cMap);
}
+
+ public void testParserWithMalformedbfrange1() throws IOException
+ {
+ CMap cMap = new CMapParser()
+ .parse(new File("src/test/resources/cmap", "CMapMalformedbfrange1"));
+
+ assertNotNull("Failed to parse malformed CMap file", cMap);
+
+ byte[] bytes1 = { 0, 1 };
+ assertEquals("bytes 00 01 from bfrange <0001> <0009> <0041>", "A",
+ cMap.toUnicode(toInt(bytes1, bytes1.length)));
+
+ byte[] bytes2 = { 1, 00 };
+ assertNull(cMap.toUnicode(toInt(bytes2, bytes2.length)));
+
+ }
+
+ public void testParserWithMalformedbfrange2() throws IOException
+ {
+ CMap cMap = new CMapParser()
+ .parse(new File("src/test/resources/cmap", "CMapMalformedbfrange2"));
+
+ assertNotNull("Failed to parse malformed CMap file", cMap);
+
+ byte[] bytes1 = { 0, 1 };
+ assertEquals("bytes 00 01 from bfrange <0001> <0009> <0041>", "A",
+ cMap.toUnicode(toInt(bytes1, bytes1.length)));
+
+ byte[] bytes2 = { 2, 00 };
+ assertNull(cMap.toUnicode(toInt(bytes2, bytes2.length)));
+
+ }
+
}
diff --git a/fontbox/src/test/resources/cmap/CMapMalformedbfrange1 b/fontbox/src/test/resources/cmap/CMapMalformedbfrange1
new file mode 100644
index 0000000..b918d0d
--- /dev/null
+++ b/fontbox/src/test/resources/cmap/CMapMalformedbfrange1
@@ -0,0 +1,32 @@
+%% Licensed to the Apache Software Foundation (ASF) under one or more
+%% contributor license agreements. See the NOTICE file distributed with
+%% this work for additional information regarding copyright ownership.
+%% The ASF licenses this file to You under the Apache License, Version 2.0
+%% (the "License"); you may not use this file except in compliance with
+%% the License. You may obtain a copy of the License at
+%%
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%
+%% This file isn't a valid CMap file, but it contains everything what
+%% is needed to test the CMapParser
+%%
+%%EndComments
+
+1 begincodespacerange<0000> <02FF>
+endcodespacerange
+
+2 beginbfrange
+<0001> <0009> <0041>
+<0109> <0100> <0030>
+endbfrange
+
+endcmap
+
+%%EndResource
+%%EOF
diff --git a/fontbox/src/test/resources/cmap/CMapMalformedbfrange2 b/fontbox/src/test/resources/cmap/CMapMalformedbfrange2
new file mode 100644
index 0000000..f80cde3
--- /dev/null
+++ b/fontbox/src/test/resources/cmap/CMapMalformedbfrange2
@@ -0,0 +1,32 @@
+%% Licensed to the Apache Software Foundation (ASF) under one or more
+%% contributor license agreements. See the NOTICE file distributed with
+%% this work for additional information regarding copyright ownership.
+%% The ASF licenses this file to You under the Apache License, Version 2.0
+%% (the "License"); you may not use this file except in compliance with
+%% the License. You may obtain a copy of the License at
+%%
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%
+%% This file isn't a valid CMap file, but it contains everything what
+%% is needed to test the CMapParser
+%%
+%%EndComments
+
+1 begincodespacerange<0000> <02FF>
+endcodespacerange
+
+2 beginbfrange
+<0001> <0009> <0041>
+<0200> <0400> <0030>
+endbfrange
+
+endcmap
+
+%%EndResource
+%%EOF