Use temporary iterator to avoid potential OOB

In the existing code pCharPos is manipulated directly without being reset. This means that for the second iteration it is at the end of the range instead of the start. This CL introduces temporary iterators that are intialized to the value of pCharPos and then manipulated to avoid this issue and having to reset pCharPos. BUG=chromium:648177 Change-Id: I5c9344c1b67a015b01470a0dc337361552ffd447 Reviewed-on: https://pdfium-review.googlesource.com/25750 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
author: Ryan Harrison <rharrison@chromium.org> 2018-02-06 21:45:44 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-02-06 21:45:44 +0000
commit: 0cdb8434d6113eb84a68b6e3505eb73934ef17ce (patch)
tree: fc3763a2a4eac2c05e27d0435e35c8380f80402b
parent: bfeab62b37a701dc82f180e49d26c602f96f96f9 (diff)
download: pdfium-0cdb8434d6113eb84a68b6e3505eb73934ef17ce.tar.xz
1 files changed, 9 insertions, 7 deletions
diff --git a/xfa/fde/cfde_textout.cpp b/xfa/fde/cfde_textout.cpp
index 19e7ae6934..ab5f9c0f85 100644
--- a/xfa/fde/cfde_textout.cpp
+++ b/xfa/fde/cfde_textout.cpp
@@ -44,12 +44,13 @@ bool CFDE_TextOut::DrawString(CFX_RenderDevice* device,
 
   CFX_Font* pFxFont = pFont->GetDevFont();
   if (FontStyleIsItalic(pFont->GetFontStyles()) && !pFxFont->IsItalic()) {
+    FXTEXT_CHARPOS* pCharPosIter = pCharPos;
     for (int32_t i = 0; i < iCount; ++i) {
       static const float mc = 0.267949f;
-      float* pAM = pCharPos->m_AdjustMatrix;
+      float* pAM = pCharPosIter->m_AdjustMatrix;
       pAM[2] = mc * pAM[0] + pAM[2];
       pAM[3] = mc * pAM[1] + pAM[3];
-      ++pCharPos;
+      ++pCharPosIter;
     }
   }
 
@@ -67,11 +68,12 @@ bool CFDE_TextOut::DrawString(CFX_RenderDevice* device,
   RetainPtr<CFGAS_GEFont> pCurFont;
   FXTEXT_CHARPOS* pCurCP = nullptr;
   int32_t iCurCount = 0;
+  FXTEXT_CHARPOS* pCharPosIter = pCharPos;
   for (int32_t i = 0; i < iCount; ++i) {
     RetainPtr<CFGAS_GEFont> pSTFont =
-        pFont->GetSubstFont(static_cast<int32_t>(pCharPos->m_GlyphIndex));
-    pCharPos->m_GlyphIndex &= 0x00FFFFFF;
-    pCharPos->m_bFontStyle = false;
+        pFont->GetSubstFont(static_cast<int32_t>(pCharPosIter->m_GlyphIndex));
+    pCharPosIter->m_GlyphIndex &= 0x00FFFFFF;
+    pCharPosIter->m_bFontStyle = false;
     if (pCurFont != pSTFont) {
       if (pCurFont) {
         pFxFont = pCurFont->GetDevFont();
@@ -88,12 +90,12 @@ bool CFDE_TextOut::DrawString(CFX_RenderDevice* device,
                                color, FXTEXT_CLEARTYPE);
       }
       pCurFont = pSTFont;
-      pCurCP = pCharPos;
+      pCurCP = pCharPosIter;
       iCurCount = 1;
     } else {
       ++iCurCount;
     }
-    ++pCharPos;
+    ++pCharPosIter;
   }
 
   bool bRet = true;
author	Ryan Harrison <rharrison@chromium.org>	2018-02-06 21:45:44 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-02-06 21:45:44 +0000
commit	0cdb8434d6113eb84a68b6e3505eb73934ef17ce (patch)
tree	fc3763a2a4eac2c05e27d0435e35c8380f80402b
parent	bfeab62b37a701dc82f180e49d26c602f96f96f9 (diff)
download	pdfium-0cdb8434d6113eb84a68b6e3505eb73934ef17ce.tar.xz