From 10567d8008c30f13becb15c3194cf3fce1bf22d9 Mon Sep 17 00:00:00 2001
From: Brian Sweeney <brian@eclecticgeek.com>
Date: Thu, 19 Oct 2023 09:19:19 -0400
Subject: [PATCH 1/2] Improve cmap error state handling

- skip mapping 0xFFFF
- include glyphs mapped to gid 0 (missing character)
- check that the calculated offset to read a glyph exists in the file (can be caused by a bad subtable definition)
---
 src/FontLib/Table/Type/cmap.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/FontLib/Table/Type/cmap.php b/src/FontLib/Table/Type/cmap.php
index d09b0dc..fb70f11 100644
--- a/src/FontLib/Table/Type/cmap.php
+++ b/src/FontLib/Table/Type/cmap.php
@@ -125,6 +125,10 @@ protected function _parse() {
           }
 
           for ($c = $c1; $c <= $c2; $c++) {
+            if ($c === 0xFFFF) {
+              continue;
+            }
+
             if ($ro == 0) {
               $gid = ($c + $d) & 0xFFFF;
             }
@@ -132,15 +136,17 @@ protected function _parse() {
               $offset = ($c - $c1) * 2 + $ro;
               $offset = $ro_start + 2 * $i + $offset;
 
-              $font->seek($offset);
-              $gid = $font->readUInt16();
+              $gid = 0;
+              if ($font->seek($offset) === true) {
+                $gid = $font->readUInt16();
+              }
 
               if ($gid != 0) {
                 $gid = ($gid + $d) & 0xFFFF;
               }
             }
 
-            if ($gid > 0) {
+            if ($gid >= 0) {
               $glyphIndexArray[$c] = $gid;
             }
           }

From 48aa67f34c81e0ebfeec53e7d06206f6e3362a14 Mon Sep 17 00:00:00 2001
From: Brian Sweeney <brian@eclecticgeek.com>
Date: Sat, 21 Oct 2023 16:01:10 -0400
Subject: [PATCH 2/2] Do not retrieve the number of contours for empty glyphs

Before this change php-font-lib always read the number of contours for a glyph. If a glyph has no data the read information would be incorrect. This could lead to invalid parsing of the glyph since the data may not represent the actual glyph format (simple). In fact, the data could be from outside the glyf table entirely. If the glyph was positioned as the last byte in the font a read error would be thrown.
---
 src/FontLib/Glyph/Outline.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/FontLib/Glyph/Outline.php b/src/FontLib/Glyph/Outline.php
index 639ff60..b64aff2 100644
--- a/src/FontLib/Glyph/Outline.php
+++ b/src/FontLib/Glyph/Outline.php
@@ -48,7 +48,7 @@ class Outline extends BinaryStream {
   static function init(glyf $table, $offset, $size, BinaryStream $font) {
     $font->seek($offset);
 
-    if ($font->readInt16() > -1) {
+    if ($size === 0 || $font->readInt16() > -1) {
       /** @var OutlineSimple $glyph */
       $glyph = new OutlineSimple($table, $offset, $size);
     }