danilevsky / pdfium

Automatically exported from code.google.com/p/pdfium
0 stars 0 forks source link

Resolving substitute font causes a crash fpf_skiafont.cpp #87

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Load a page in document that includes missing font
2. On ARM64/Android (and probably others, even though not as commonly) pdfium 
crashes with the following stack trace

I  #00 pc 00000000000179d4  /system/lib64/libc.so (memcpy+276)
I  #01 pc 0000000000050a80  /system/lib64/libc.so (fread+176)
I  #02 pc 00000000002391b8  <redacted> (FPDFAPI_FT_Stream_ReadAt+80)
I  #03 pc 0000000000236534  <redacted> (FPDFAPI_FT_Load_Sfnt_Table+136)
I  #04 pc 0000000000335314  <redacted> (CFPF_SkiaFont::GetFontData(unsigned 
int, unsigned char*, unsigned int)+36)
I  #05 pc 000000000031f880  <redacted> (CFX_AndroidFontInfo::GetFontData(void*, 
unsigned int, unsigned char*, unsigned int)+36)
I  #06 pc 000000000024b268  <redacted> 
(CFX_FontMapper::FindSubstFont(CFX_ByteString const&, int, unsigned int, int, 
int, int, CFX_SubstFont*)+5116)
I  #07 pc 0000000000246b6c  <redacted> 
(CFX_FontMgr::FindSubstFont(CFX_ByteString const&, int, unsigned int, int, int, 
int, CFX_SubstFont*)+184)
I  #08 pc 0000000000245468  <redacted> (CFX_Font::LoadSubst(CFX_ByteString 
const&, int, unsigned int, int, int, int, int)+108)
I  #09 pc 00000000000d0880  <redacted> (CPDF_SimpleFont::LoadCommon()+2572)
I  #10 pc 00000000000d0b70  <redacted> (CPDF_Type1Font::_Load()+672)
I  #11 pc 00000000000ca2ec  <redacted> (CPDF_Font::Load()+184)
I  #12 pc 00000000000d1874  <redacted> (CPDF_Font::CreateFontF(CPDF_Document*, 
CPDF_DIctionary*)+460)
I  #13 pc 00000000000e611c  <redacted> 
(CPDF_DocPageData::GetFont(CPDF_Dictionary*, int)+284)
I  #14 pc 00000000000f2070  <redacted> 
(CPDF_StreamContentParser::FindFont(CFX_ByteString const&)+136)
I  #15 pc 00000000000f2148  <redacted> 
(CPDF_StreamContentParser::Handle_SetFont()+164)
I  #16 pc 00000000000f03d8  <redacted> 
(CPDF_StreamContentParser::OnOperator(char const*)+188)
I  #17 pc 00000000000f7194  <redacted>
I  #18 pc 00000000000f8730  <redacted> 
(CPDF_ContentParser::Continue(IFX_Pause*)+896)
I  #19 pc 00000000000dcf40  <redacted> 
(CPDF_PageObjects::ContinueParse(IFX_Pause*)+28)
I  #20 pc 00000000000906b4  <redacted> (FPDF_LoadPage+108)

The reason for crash is incorrect usage of dwSize variable as a out pointer for 
FXFT_Load_Sfnt_Table call in CFPF_SkiaFont::GetFontData, since the method is 
called with constant parameters from FindSubstFont. The attached patch fixes 
the issue.

Original issue reported on code.google.com by jernej.v...@gmail.com on 4 Dec 2014 at 2:27

Attachments:

GoogleCodeExporter commented 9 years ago
Still a problem? We don't take patches here. See 
https://code.google.com/p/pdfium/ for instructions on contributing code.

Original comment by thestig@chromium.org on 4 Sep 2015 at 11:15