summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyan Harrison <rharrison@chromium.org>2017-09-11 15:59:02 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-09-11 20:13:56 +0000
commite420d9c1d2ef35c862bf149ae37e6e59287c30b5 (patch)
tree82e49c8f39ce4be95cfd276c529cb9ead9386bf4
parent56ec0818c3ed195c8de2daba951ddbcb4dc7d7bc (diff)
downloadpdfium-e420d9c1d2ef35c862bf149ae37e6e59287c30b5.tar.xz
Add guard against reading more then expected from the page
This really shouldn't ever happen, but there used to be this guard in this code and I am getting reports of crashes after it was removed. I have added an assert, so hopefully if it is actually occuring, then we might get a reproduction case based on a debug build crash. BUG=chromium:763369 Change-Id: Ifaebfbcb0413a1d7777222ba838aaee234f94ae3 Reviewed-on: https://pdfium-review.googlesource.com/13691 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
-rw-r--r--fpdfsdk/fpdftext.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/fpdfsdk/fpdftext.cpp b/fpdfsdk/fpdftext.cpp
index 6a030b8ebd..ee4354735e 100644
--- a/fpdfsdk/fpdftext.cpp
+++ b/fpdfsdk/fpdftext.cpp
@@ -175,6 +175,10 @@ FPDF_EXPORT int FPDF_CALLCONV FPDFText_GetText(FPDF_TEXTPAGE text_page,
if (str.GetLength() <= 0)
return 0;
+ ASSERT(str.GetLength() <= static_cast<FX_STRSIZE>(count));
+ if (str.GetLength() > static_cast<FX_STRSIZE>(count))
+ str = str.Left(static_cast<FX_STRSIZE>(count));
+
// UFT16LE_Encode doesn't handle surrogate pairs properly, so it is expected
// the number of items to stay the same.
CFX_ByteString cbUTF16str = str.UTF16LE_Encode();