From 4705d38fa78b8133e80a840845e78e070131c849 Mon Sep 17 00:00:00 2001
From: Nico Weber <thakis@chromium.org>
Date: Mon, 19 Feb 2024 21:43:58 -0500
Subject: [PATCH] LibPDF/CFF: Fix off-by-one when reading internal encoding

We use `i - 1` to index these arrays, so that's what we should use
for the bounds check as well.
---
 Userland/Libraries/LibPDF/Fonts/CFF.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibPDF/Fonts/CFF.cpp b/Userland/Libraries/LibPDF/Fonts/CFF.cpp
index 8b7982cc6e..0d6b143990 100644
--- a/Userland/Libraries/LibPDF/Fonts/CFF.cpp
+++ b/Userland/Libraries/LibPDF/Fonts/CFF.cpp
@@ -279,8 +279,9 @@ PDFErrorOr<NonnullRefPtr<CFF>> CFF::create(ReadonlyBytes const& cff_bytes, RefPt
                 encoding->set(0, ".notdef");
                 continue;
             }
-            if (i >= encoding_codes.size() || i >= charset_names.size())
+            if (i - 1 >= encoding_codes.size() || i - 1 >= charset_names.size()) {
                 break;
+            }
             auto code = encoding_codes[i - 1];
             auto char_name = charset_names[i - 1];
             encoding->set(code, char_name);