diff options
author | Ryan Harrison <rharrison@chromium.org> | 2018-02-06 21:45:44 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-02-06 21:45:44 +0000 |
commit | 0cdb8434d6113eb84a68b6e3505eb73934ef17ce (patch) | |
tree | fc3763a2a4eac2c05e27d0435e35c8380f80402b | |
parent | bfeab62b37a701dc82f180e49d26c602f96f96f9 (diff) | |
download | pdfium-0cdb8434d6113eb84a68b6e3505eb73934ef17ce.tar.xz |
Use temporary iterator to avoid potential OOB
In the existing code pCharPos is manipulated directly without being
reset. This means that for the second iteration it is at the end of
the range instead of the start. This CL introduces temporary iterators
that are intialized to the value of pCharPos and then manipulated to
avoid this issue and having to reset pCharPos.
BUG=chromium:648177
Change-Id: I5c9344c1b67a015b01470a0dc337361552ffd447
Reviewed-on: https://pdfium-review.googlesource.com/25750
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
-rw-r--r-- | xfa/fde/cfde_textout.cpp | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/xfa/fde/cfde_textout.cpp b/xfa/fde/cfde_textout.cpp index 19e7ae6934..ab5f9c0f85 100644 --- a/xfa/fde/cfde_textout.cpp +++ b/xfa/fde/cfde_textout.cpp @@ -44,12 +44,13 @@ bool CFDE_TextOut::DrawString(CFX_RenderDevice* device, CFX_Font* pFxFont = pFont->GetDevFont(); if (FontStyleIsItalic(pFont->GetFontStyles()) && !pFxFont->IsItalic()) { + FXTEXT_CHARPOS* pCharPosIter = pCharPos; for (int32_t i = 0; i < iCount; ++i) { static const float mc = 0.267949f; - float* pAM = pCharPos->m_AdjustMatrix; + float* pAM = pCharPosIter->m_AdjustMatrix; pAM[2] = mc * pAM[0] + pAM[2]; pAM[3] = mc * pAM[1] + pAM[3]; - ++pCharPos; + ++pCharPosIter; } } @@ -67,11 +68,12 @@ bool CFDE_TextOut::DrawString(CFX_RenderDevice* device, RetainPtr<CFGAS_GEFont> pCurFont; FXTEXT_CHARPOS* pCurCP = nullptr; int32_t iCurCount = 0; + FXTEXT_CHARPOS* pCharPosIter = pCharPos; for (int32_t i = 0; i < iCount; ++i) { RetainPtr<CFGAS_GEFont> pSTFont = - pFont->GetSubstFont(static_cast<int32_t>(pCharPos->m_GlyphIndex)); - pCharPos->m_GlyphIndex &= 0x00FFFFFF; - pCharPos->m_bFontStyle = false; + pFont->GetSubstFont(static_cast<int32_t>(pCharPosIter->m_GlyphIndex)); + pCharPosIter->m_GlyphIndex &= 0x00FFFFFF; + pCharPosIter->m_bFontStyle = false; if (pCurFont != pSTFont) { if (pCurFont) { pFxFont = pCurFont->GetDevFont(); @@ -88,12 +90,12 @@ bool CFDE_TextOut::DrawString(CFX_RenderDevice* device, color, FXTEXT_CLEARTYPE); } pCurFont = pSTFont; - pCurCP = pCharPos; + pCurCP = pCharPosIter; iCurCount = 1; } else { ++iCurCount; } - ++pCharPos; + ++pCharPosIter; } bool bRet = true; |