Fix a TrueType CMAP decoding bug and add a NotoSans-Regular test page.

CHANGES.md

@@ -2,6 +2,13 @@ Changes in PDFio
 ================
 
 
+v1.1.4 (Month DD, YYYY)
+-----------------------
+
+- Fixed detection of encrypted strings that are too short (Issue #52)
+- Fixed a TrueType CMAP decoding bug.
+
+
 v1.1.3 (November 15, 2023)
 --------------------------
 

Makefile

@@ -29,7 +29,7 @@ DSONAME		=
 LDFLAGS		=
 LIBS		=	-lm -lz
 RANLIB		=	ranlib
-VERSION		=	1.1.3
+VERSION		=	1.1.4
 prefix		=	/usr/local
 
 

pdfio-crypto.c

@@ -449,8 +449,15 @@ _pdfio_crypto_cb_t			// O  - Decryption callback or `NULL` for none
 	*ivlen = 0;
 	return ((_pdfio_crypto_cb_t)_pdfioCryptoRC4Crypt);
 
-    case PDFIO_ENCRYPTION_RC4_128 :
     case PDFIO_ENCRYPTION_AES_128 :
+        if (*ivlen < 16)
+        {
+          *ivlen = 0;
+          _pdfioFileError(pdf, "Value too short for AES encryption.");
+          return (NULL);
+        }
+
+    case PDFIO_ENCRYPTION_RC4_128 :
 	// Copy the key data for the MD5 hash.
 	memcpy(data, pdf->file_key, sizeof(pdf->file_key));
 	data[16] = (uint8_t)obj->number;

pdfio-value.c

@@ -383,7 +383,10 @@ _pdfioValueRead(pdfio_file_t   *pdf,	// I - PDF file
 	return (false);
       }
 
-      cb      = _pdfioCryptoMakeReader(pdf, obj, &ctx, v->value.binary.data, &ivlen);
+      ivlen = v->value.binary.datalen;
+      if ((cb = _pdfioCryptoMakeReader(pdf, obj, &ctx, v->value.binary.data, &ivlen)) == NULL)
+	return (false);
+
       templen = (cb)(&ctx, temp, v->value.binary.data + ivlen, v->value.binary.datalen - ivlen);
 
       // Copy the decrypted string back to the value and adjust the length...

pdfio.h

@@ -23,7 +23,7 @@ extern "C" {
 // Version number...
 //
 
-#  define PDFIO_VERSION		"1.1.3"
+#  define PDFIO_VERSION		"1.1.4"
 
 
 //

pdfio_native.nuspec

@@ -3,7 +3,7 @@
     <metadata>
         <id>pdfio_native</id>
         <title>PDFio Library for VS2019+</title>
-        <version>1.1.3</version>
+        <version>1.1.4</version>
         <authors>Michael R Sweet</authors>
         <owners>michaelrsweet</owners>
         <projectUrl>https://github.com/michaelrsweet/pappl</projectUrl>
@@ -16,7 +16,7 @@
         <copyright>Copyright © 2019-2023 by Michael R Sweet</copyright>
         <tags>pdf file native</tags>
 	<dependencies>
-	    <dependency id="pdfio_native.redist" version="1.1.3" />
+	    <dependency id="pdfio_native.redist" version="1.1.4" />
 	    <dependency id="zlib_native.redist" version="1.2.11" />
 	</dependencies>
     </metadata>

pdfio_native.redist.nuspec

@@ -3,7 +3,7 @@
     <metadata>
         <id>pdfio_native.redist</id>
         <title>PDFio Library for VS2019+</title>
-        <version>1.1.3</version>
+        <version>1.1.4</version>
         <authors>Michael R Sweet</authors>
         <owners>michaelrsweet</owners>
         <projectUrl>https://github.com/michaelrsweet/pappl</projectUrl>

testpdfio.c

@@ -44,7 +44,7 @@ static int	verify_image(pdfio_file_t *pdf, size_t number);
 static int	write_alpha_test(pdfio_file_t *pdf, int number, pdfio_obj_t *font);
 static int	write_color_patch(pdfio_stream_t *st, bool device);
 static int	write_color_test(pdfio_file_t *pdf, int number, pdfio_obj_t *font);
-static int	write_font_test(pdfio_file_t *pdf, int number, pdfio_obj_t *font, bool unicode);
+static int	write_font_test(pdfio_file_t *pdf, int number, pdfio_obj_t *font, const char *textfontfile, bool unicode);
 static int	write_header_footer(pdfio_stream_t *st, const char *title, int number);
 static pdfio_obj_t *write_image_object(pdfio_file_t *pdf, _pdfio_predictor_t predictor);
 static int	write_images_test(pdfio_file_t *pdf, int number, pdfio_obj_t *font);
@@ -2229,14 +2229,19 @@ write_color_test(pdfio_file_t *pdf,	// I - PDF file
 //
 
 static int				// O - 1 on failure, 0 on success
-write_font_test(pdfio_file_t *pdf,	// I - PDF file
+write_font_test(
-                int          number,	// I - Page number
+    pdfio_file_t *pdf,			// I - PDF file
-		pdfio_obj_t  *font,	// I - Page number font
+    int          number,		// I - Page number
-		bool         unicode)	// I - Use Unicode font?
+    pdfio_obj_t  *font,			// I - Page number font
+    const char   *textfontfile,		// I - Text font file
+    bool         unicode)		// I - Use Unicode font?
 {
   pdfio_dict_t		*dict;		// Page dictionary
   pdfio_stream_t	*st;		// Page contents stream
-  pdfio_obj_t		*opensans;	// OpenSans-Regular font
+  pdfio_obj_t		*textfont;	// Text font
+  char			title[256],	// Page title
+			textname[256],	// Name of text font
+			*ptr;		// Pointer into name
   int			i;		// Looping var
   static const char * const welcomes[] =// "Welcome" in many languages
   {
@@ -2391,8 +2396,8 @@ write_font_test(pdfio_file_t *pdf,	// I - PDF file
   };
 
 
-  fputs("pdfioFileCreateFontObjFromFile(OpenSans-Regular.ttf): ", stdout);
+  printf("pdfioFileCreateFontObjFromFile(%s): ", textfontfile);
-  if ((opensans = pdfioFileCreateFontObjFromFile(pdf, "testfiles/OpenSans-Regular.ttf", unicode)) != NULL)
+  if ((textfont = pdfioFileCreateFontObjFromFile(pdf, textfontfile, unicode)) != NULL)
     puts("PASS");
   else
     return (1);
@@ -2410,7 +2415,7 @@ write_font_test(pdfio_file_t *pdf,	// I - PDF file
     return (1);
 
   fputs("pdfioPageDictAddFont(F2): ", stdout);
-  if (pdfioPageDictAddFont(dict, "F2", opensans))
+  if (pdfioPageDictAddFont(dict, "F2", textfont))
     puts("PASS");
   else
     return (1);
@@ -2422,7 +2427,21 @@ write_font_test(pdfio_file_t *pdf,	// I - PDF file
   else
     return (1);
 
-  if (write_header_footer(st, unicode ? "Unicode TrueType Font Test" : "CP1252 TrueType Font Test", number))
+  if ((ptr = strrchr(textfontfile, '/')) != NULL)
+    strncpy(textname, ptr + 1, sizeof(textname) - 1);
+  else
+    strncpy(textname, textfontfile, sizeof(textname) - 1);
+
+  textname[sizeof(textname) - 1] = '\0';
+  if ((ptr = strrchr(textname, '.')) != NULL)
+    *ptr = '\0';
+
+  if (unicode)
+    snprintf(title, sizeof(title), "Unicode %s Font Test", textname);
+  else
+    snprintf(title, sizeof(title), "CP1252 %s Font Test", textname);
+
+  if (write_header_footer(st, title, number))
     goto error;
 
   fputs("pdfioContentTextBegin(): ", stdout);
@@ -3377,14 +3396,17 @@ write_unit_file(
     return (1);
 
   // Test TrueType fonts...
-  if (write_font_test(outpdf, 9, helvetica, false))
+  if (write_font_test(outpdf, 9, helvetica, "testfiles/OpenSans-Regular.ttf", false))
     return (1);
 
-  if (write_font_test(outpdf, 10, helvetica, true))
+  if (write_font_test(outpdf, 10, helvetica, "testfiles/OpenSans-Regular.ttf", true))
+    return (1);
+
+  if (write_font_test(outpdf, 11, helvetica, "testfiles/NotoSansJP-Regular.otf", true))
     return (1);
 
   // Print this text file...
-  if (write_text_test(outpdf, 11, helvetica, "README.md"))
+  if (write_text_test(outpdf, 12, helvetica, "README.md"))
     return (1);
 
   fputs("pdfioFileGetNumPages: ", stdout);

ttf.c

@@ -479,7 +479,7 @@ ttfCreate(const char   *filename,	// I - Filename
     }
 
 #ifdef DEBUG
-    if (i >= ' ' && i < 127)
+    if (i >= ' ' && i < 127 && font->widths[0])
       TTF_DEBUG("ttfCreate: width['%c']=%d(%d)\n", (char)i, font->widths[0][i].width, font->widths[0][i].left_bearing);
 #endif // DEBUG
   }
@@ -1307,8 +1307,9 @@ read_cmap(ttf_t *font)			// I - Font
               {
                 // Use an "obscure indexing trick" (words from the spec, not
                 // mine) to look up the glyph index...
-                temp = segment->idRangeOffset / 2 + ch - segment->startCode + seg - segCount;
+                temp = segment->idRangeOffset / 2 - segCount + (ch - segment->startCode) + (seg - segCount);
 
+                TTF_DEBUG("read_cmap: ch=%d, temp=%d\n", ch, temp);
                 if (temp < 0 || temp >= numGlyphIdArray)
                   glyph = -1;
 		else