From 22ff7fdd4178fba55393a83e8150f8d9dabab9cc Mon Sep 17 00:00:00 2001
From: Thomas Vermeilh <ory@oryctero.pe>
Date: Wed, 31 Jul 2024 17:01:31 +0200
Subject: [PATCH] fix panic on malformed CIDToGID tables

If the number of bytes in the stream is odd, indexing c[1] will result in an
out of bounds access and will cause a panic.

This should not happen normally, since the spec says that this field should be
a list of u16, but some malformed PDF trigger this bug.
---
 pdf/src/font.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pdf/src/font.rs b/pdf/src/font.rs
index c967d2f..4a45133 100644
--- a/pdf/src/font.rs
+++ b/pdf/src/font.rs
@@ -75,7 +75,7 @@ impl Object for CidToGidMap {
             p @ Primitive::Stream(_) | p @ Primitive::Reference(_) => {
                 let stream: Stream<()> = Stream::from_primitive(p, resolve)?;
                 let data = stream.data(resolve)?;
-                Ok(CidToGidMap::Table(data.chunks(2).map(|c| (c[0] as u16) << 8 | c[1] as u16).collect()))
+                Ok(CidToGidMap::Table(data.chunks_exact(2).map(|c| (c[0] as u16) << 8 | c[1] as u16).collect()))
             },
             p => Err(PdfError::UnexpectedPrimitive {
                 expected: "/Identity or Stream",