From 75e5ed7aea143ad2b82f3463dd408fe1c54318c7 Mon Sep 17 00:00:00 2001 From: Nico Weber Date: Mon, 26 Feb 2024 19:49:31 -0500 Subject: [PATCH] LibGfx: Survive empty simple glyphs with 0 contours Some fonts have empty slices for glyphs with 0 contours, even though the spec requires them to store a 0 for instructionLength as far as I can tell. But let's not assert on invalid fonts like this, but instead handle them gracefully. Supersedes #22570. Fixes the last two crashes on my 1000-file test set: 0000246.pdf and 0000431.pdf. --- Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp b/Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp index 340929eacb..54dd09ba3b 100644 --- a/Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp +++ b/Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp @@ -238,6 +238,9 @@ static void get_ttglyph_offsets(ReadonlyBytes slice, u32 num_points, u32 flags_o ReadonlyBytes Glyf::Glyph::program() const { + if (m_num_contours == 0) + return {}; + auto instructions_start = m_num_contours * 2; u16 num_instructions = be_u16(m_slice.offset(instructions_start)); return m_slice.slice(instructions_start + 2, num_instructions); @@ -245,10 +248,11 @@ ReadonlyBytes Glyf::Glyph::program() const void Glyf::Glyph::append_path_impl(Gfx::Path& path, Gfx::AffineTransform const& transform) const { + if (m_num_contours == 0) + return; + // Get offset for flags, x, and y. - u16 num_points = 0; - if (m_num_contours > 0) - num_points = be_u16(m_slice.offset((m_num_contours - 1) * 2)) + 1; + u16 num_points = be_u16(m_slice.offset((m_num_contours - 1) * 2)) + 1; u16 num_instructions = be_u16(m_slice.offset(m_num_contours * 2)); u32 flags_offset = m_num_contours * 2 + 2 + num_instructions; u32 x_offset = 0;