From cafaaa0e768472008efc3106d4311a5a6f2e17bc Mon Sep 17 00:00:00 2001 From: Nico Weber Date: Mon, 26 Feb 2024 19:42:21 -0500 Subject: [PATCH] LibPDF: Don't crash on zero-width characters in type1 fonts Since ScaledFont bakes the size of the font into the font type, we do the same for Type1 fonts, and then have to divide by the font height when figuring out what to scale by. For a target width of 0, chances are the source width is also 0, and we end up with NaN due to dividing 0 by 0. This then triggered the `VERIFY(isfinite(error))` in can_approximate_bezier_curve() in Painter.cpp. Check for this case and scale by 0 instead of dividing. It could happen that the denominator is 0 without the numerator being 0, but it's not clear what that's supposed to mean. In this case we'd end up with +inf/-inf, which would also trigger the assert. I haven't seen this case in practice, so let's not worry about that for now. (A nicer longer-term fix is probably to make LibPDF use VectorFont instead of ScaledFont, so that we don't have to bake the font size into the font type. Then we won't need this division at all. In the meantime, this fixes the crash.) Fixes a crash on page 66 of https://developer.apple.com/library/archive/documentation/mac/pdf/Text.pdf Fixes a crash on page 37 of https://open-std.org/jtc1/sc22/wg14/www/docs/n3220.pdf Fixes crashes in `0000310.pdf`, `0000430.pdf`, `0000229.pdf`. Brings down the number of crashes on my 1000 file test set from 5 with 3 distinct stacks to 2 with 1 distinct stack. (The number went up from 3 crashes with 2 distinct stacks to 5/3 when we started rendering much more text when Type0 font support was added. This fixes the crashes we had before Type0 support.) --- Userland/Libraries/LibPDF/Fonts/Type1FontProgram.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Userland/Libraries/LibPDF/Fonts/Type1FontProgram.cpp b/Userland/Libraries/LibPDF/Fonts/Type1FontProgram.cpp index 88619ed8c4..86f08c81e1 100644 --- a/Userland/Libraries/LibPDF/Fonts/Type1FontProgram.cpp +++ b/Userland/Libraries/LibPDF/Fonts/Type1FontProgram.cpp @@ -107,7 +107,7 @@ Gfx::FloatPoint Type1FontProgram::glyph_translation(DeprecatedFlyString const& c Gfx::AffineTransform Type1FontProgram::glyph_transform_to_device_space(Glyph const& glyph, float width) const { - auto scale = width / (m_font_matrix.a() * glyph.width() + m_font_matrix.e()); + auto scale = width == 0.0f ? 0.0f : (width / (m_font_matrix.a() * glyph.width() + m_font_matrix.e())); auto transform = m_font_matrix; // Convert character space to device space.