fix potential segfault with font index decode

If Font index "encoding" is set and no font is set in the current device context, the recovery of the font reverse mapping fails (NULL pointer exception), fixing this behavior with a check.
kakwa · May 12, 2017 · 3d1f963 · 3d1f963
1 parent 425039c
commit 3d1f963
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/src/lib/emf2svg_utils.c b/src/lib/emf2svg_utils.c
@@ -1007,11 +1007,13 @@ static int fontindex_to_utf8(uint16_t *in, size_t size_in, char **out,
     const uint32_t *map_table = NULL;
     size_t max_index = 0;
     *out_len = 0;
-    for (int i = 0; i < FONT_MAPS_COL_SIZE; i++) {
-        if (strcasecmp(font_maps[i].font_name, font_name) == 0) {
-            map_table = font_maps[i].uni;
-            max_index = font_maps[i].size;
-            break;
+    if (font_name) {
+        for (int i = 0; i < FONT_MAPS_COL_SIZE; i++) {
+            if (strcasecmp(font_maps[i].font_name, font_name) == 0) {
+                map_table = font_maps[i].uni;
+                max_index = font_maps[i].size;
+                break;
+            }
         }
     }
     if (map_table == NULL) {
@@ -1169,7 +1171,7 @@ void text_convert(char *in, size_t size_in, char **out, size_t *size_out,
         switch (states->currentDeviceContext.font_charset) {
         case U_ANSI_CHARSET:
             ret = enc_to_utf8(in, 2 * size_in, (char **)&string, size_out,
-                        "UTF-16LE");
+                              "UTF-16LE");
             break;
         case U_DEFAULT_CHARSET:
         case U_SYMBOL_CHARSET:
@@ -1197,7 +1199,7 @@ void text_convert(char *in, size_t size_in, char **out, size_t *size_out,
         case U_CELTIC_CHARSET:
         default:
             ret = enc_to_utf8(in, 2 * size_in, (char **)&string, size_out,
-                        "UTF-16LE");
+                              "UTF-16LE");
             break;
         }
     } else {
@@ -1206,7 +1208,7 @@ void text_convert(char *in, size_t size_in, char **out, size_t *size_out,
         strncpy((char *)string, in, size_in);
         *size_out = size_in;
     }
-    if(ret != 0)
+    if (ret != 0)
         string = NULL;
 
     if (string == NULL) {
@@ -1248,7 +1250,8 @@ void text_draw(const char *contents, FILE *out, drawingStates *states,
     char *string = NULL;
     size_t string_size;
     if (pemt->fOptions & U_ETO_GLYPH_INDEX) {
-        returnOutOfEmf((intptr_t)(contents + pemt->offString) + 2 * (intptr_t)pemt->nChars);
+        returnOutOfEmf((intptr_t)(contents + pemt->offString) +
+                       2 * (intptr_t)pemt->nChars);
         fontindex_to_utf8((uint16_t *)(contents + pemt->offString),
                           pemt->nChars, &string, &string_size,
                           states->currentDeviceContext.font_family);

diff --git a/tests/resources/emf-corrupted/README.md b/tests/resources/emf-corrupted/README.md
@@ -22,3 +22,4 @@
 | bad_corrupted_2016-02-02-225639.emf | large width rel4 bitmap (cause hangs on EOL)               |
 | bad_corrupted_2017-02-11-230400.emf | corruption of EMF+ Size field in HEADER                    |
 | bad_corrupted_2017-02-12-010400.emf | weird EMF+ record with funky type and datasize 0           |
+| bad_corrupted_2017-05-12-074000.emf | font index encoding with no font name set                  |
diff --git a/tests/resources/emf-corrupted/bad_corrupted_2017-05-12-074000.emf b/tests/resources/emf-corrupted/bad_corrupted_2017-05-12-074000.emf