diff options
author | Ryan Harrison <rharrison@chromium.org> | 2017-09-11 15:59:02 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-09-11 20:13:56 +0000 |
commit | e420d9c1d2ef35c862bf149ae37e6e59287c30b5 (patch) | |
tree | 82e49c8f39ce4be95cfd276c529cb9ead9386bf4 | |
parent | 56ec0818c3ed195c8de2daba951ddbcb4dc7d7bc (diff) | |
download | pdfium-e420d9c1d2ef35c862bf149ae37e6e59287c30b5.tar.xz |
Add guard against reading more then expected from the page
This really shouldn't ever happen, but there used to be this guard in
this code and I am getting reports of crashes after it was removed. I
have added an assert, so hopefully if it is actually occuring, then we
might get a reproduction case based on a debug build crash.
BUG=chromium:763369
Change-Id: Ifaebfbcb0413a1d7777222ba838aaee234f94ae3
Reviewed-on: https://pdfium-review.googlesource.com/13691
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
-rw-r--r-- | fpdfsdk/fpdftext.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fpdfsdk/fpdftext.cpp b/fpdfsdk/fpdftext.cpp index 6a030b8ebd..ee4354735e 100644 --- a/fpdfsdk/fpdftext.cpp +++ b/fpdfsdk/fpdftext.cpp @@ -175,6 +175,10 @@ FPDF_EXPORT int FPDF_CALLCONV FPDFText_GetText(FPDF_TEXTPAGE text_page, if (str.GetLength() <= 0) return 0; + ASSERT(str.GetLength() <= static_cast<FX_STRSIZE>(count)); + if (str.GetLength() > static_cast<FX_STRSIZE>(count)) + str = str.Left(static_cast<FX_STRSIZE>(count)); + // UFT16LE_Encode doesn't handle surrogate pairs properly, so it is expected // the number of items to stay the same. CFX_ByteString cbUTF16str = str.UTF16LE_Encode(); |