<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Array index out of bound crash in cairo_cff_font_subset_charstrings_and_subroutines when using the PDF backend"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=92829">92829</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Array index out of bound crash in cairo_cff_font_subset_charstrings_and_subroutines when using the PDF backend
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>cairo
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>major
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>pdf backend
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>ajohnson@redneon.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>jadahl@gmail.com
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>cairo-bugs@cairographics.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=119421" name="attach_119421" title="Backtrace">attachment 119421</a> <a href="attachment.cgi?id=119421&action=edit" title="Backtrace">[details]</a></span>
Backtrace

Cairo version: 1.14.4.

I tried to print a web page as a PDF but doing so just resulted in the web
browser / browser tab process crashing. Didn't matter whether I used Epiphany
or Firefox, they both crashed in the same place in cairo.

The page printed contained lots of chinese characters which I suspect might be
the reason. I'm attaching a full stack trace I caught when testing in Epiphany.
I cut it off at the uninteresting WebKit message loop parts.

The crash (or assert if those are enabled) seems to happen because the 'glyph'
index is far larger than the length of the array:

1791            element = _cairo_array_index (&font->charstrings_index, glyph);
(gdb) print glyph
$2 = 45472
(gdb) print font->charstrings_index 
$3 = {size = 32768, num_elements = 30907, element_size = 24, 
  elements = 0x560839b3abe0 ""}


I cannot attach the content that reproduces the crash because the document is a
national park entry permission paper with personal information, but I have a
HTML file with sensitive information I could find stripped out I could provide
privately to a developer wanting to look at a reproduction case.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
      </ul>
    </body>
</html>