diff options
| author | Dan Sinclair <dsinclair@chromium.org> | 2018-05-17 19:19:03 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-05-17 19:19:03 +0000 |
| commit | c524fc91aa42a8e34b4daf9a67fa283e25f48560 (patch) | |
| tree | d372870ae1abab7be4977f022de7df04cc0c9a7f | |
| parent | c647ed6de2732970309b17c4c132e2848b1dcfe5 (diff) | |
| download | pdfium-c524fc91aa42a8e34b4daf9a67fa283e25f48560.tar.xz | |
More overflow checks in bidi code
There are several more places where the width is added to a characters
valid width in the bidi code. This CL changes all occurances to used a
check numeric.
Bug: chromium:844046
Change-Id: Idd8be3a4a576af626b5afa6f7cd04cc160b929d5
Reviewed-on: https://pdfium-review.googlesource.com/32714
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
| -rw-r--r-- | xfa/fgas/layout/cfx_rtfbreak.cpp | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/xfa/fgas/layout/cfx_rtfbreak.cpp b/xfa/fgas/layout/cfx_rtfbreak.cpp index f7369bd11a..11a5c56828 100644 --- a/xfa/fgas/layout/cfx_rtfbreak.cpp +++ b/xfa/fgas/layout/cfx_rtfbreak.cpp @@ -137,8 +137,14 @@ void CFX_RTFBreak::AppendChar_Combination(CFX_Char* pCurChar) { int32_t iCharWidthValid = iCharWidth.ValueOrDefault(0); pCurChar->m_iCharWidth = iCharWidthValid; - if (iCharWidthValid > 0) - m_pCurLine->m_iWidth += iCharWidthValid; + if (iCharWidthValid > 0) { + pdfium::base::CheckedNumeric<int32_t> checked_width = m_pCurLine->m_iWidth; + checked_width += iCharWidthValid; + if (!checked_width.IsValid()) + return; + + m_pCurLine->m_iWidth = checked_width.ValueOrDie(); + } } void CFX_RTFBreak::AppendChar_Tab(CFX_Char* pCurChar) { @@ -208,7 +214,14 @@ CFX_BreakType CFX_RTFBreak::AppendChar_Arabic(CFX_Char* pCurChar) { int iCharWidthValid = iCharWidth.ValueOrDefault(0); pLastChar->m_iCharWidth = iCharWidthValid; - m_pCurLine->m_iWidth += iCharWidthValid; + + pdfium::base::CheckedNumeric<int32_t> checked_width = + m_pCurLine->m_iWidth; + checked_width += iCharWidthValid; + if (!checked_width.IsValid()) + return CFX_BreakType::None; + + m_pCurLine->m_iWidth = checked_width.ValueOrDie(); iCharWidth = 0; } } @@ -230,7 +243,13 @@ CFX_BreakType CFX_RTFBreak::AppendChar_Arabic(CFX_Char* pCurChar) { int iCharWidthValid = iCharWidth.ValueOrDefault(0); pCurChar->m_iCharWidth = iCharWidthValid; - m_pCurLine->m_iWidth += iCharWidthValid; + + pdfium::base::CheckedNumeric<int32_t> checked_width = m_pCurLine->m_iWidth; + checked_width += iCharWidthValid; + if (!checked_width.IsValid()) + return CFX_BreakType::None; + + m_pCurLine->m_iWidth = checked_width.ValueOrDie(); m_pCurLine->m_iArabicChars++; if (m_pCurLine->GetLineEnd() > m_iLineWidth + m_iTolerance) |