Font rendering broken due to overfull PUA

[timvandermeij]

The font rendering for http://doppelbauer.name/core-dump.pdf is broken. The console message Warning: Ran out of space in font private use area. is printed over 4200 times and sanitizer errors appear.

[DemiMarie]

May I ask what you mean by “sanitizer”?

If you mean ASAN, MSAN or the like, then that is a potential security bug in the host application.

[Snuffleupagus]

May I ask what you mean by “sanitizer”?

OpenType Sanitizer, see https://github.com/khaledhosny/ots/.

then that is a potential security bug in the host application.

Not here, since fonts rejected by OTS (in Firefox or Chrome) are dropped and thus not passed on to the OS.

[DemiMarie]

@Snuffleupagus That’s a borked PDF then. I suggest closing as Not a Bug.

[Snuffleupagus]

That’s a borked PDF then.

Based on this particular PDF.js warning message, you simply cannot conclude that the PDF file itself is broken without any further analysis.
In this case, it's much more likely to be caused by limitations in the (current) PDF.js font parsing code.

I suggest closing as Not a Bug.

Considering that other PDF viewers have no trouble rendering this file, that suggestion does not seem like a good course of action in this case! Or in general really, since most PDF viewers (including PDF.js) will try to render even corrupt PDF files (which I don't think we're dealing with here, btw).

[timvandermeij]

Fixed by #9340.