summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Pena <npm@chromium.org>2018-02-16 18:20:37 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-02-16 18:20:37 +0000
commit228d415eb4966e9d146fcfee48ca357d4a25bba8 (patch)
tree98f904002454bdfb13a89e90c6bb141f984c01b8
parent818632b0bb2f94bfba4acb518b6e08d20eda4b17 (diff)
downloadpdfium-228d415eb4966e9d146fcfee48ca357d4a25bba8.tar.xz
Add ASSERT to check OOB m_CharCodes
It seems m_CharCodes is in rare cases being corrupted, this CL adds ASSERTS to catch whether the corruption is due to out-of-bounds element access. Bug: 782215 Change-Id: I555ad1ccc2de3c35b2e06496f7216fba770f0759 Reviewed-on: https://pdfium-review.googlesource.com/27030 Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
-rw-r--r--core/fpdfapi/page/cpdf_textobject.cpp5
1 files changed, 4 insertions, 1 deletions
diff --git a/core/fpdfapi/page/cpdf_textobject.cpp b/core/fpdfapi/page/cpdf_textobject.cpp
index 0d60d50e2c..402bf2ef66 100644
--- a/core/fpdfapi/page/cpdf_textobject.cpp
+++ b/core/fpdfapi/page/cpdf_textobject.cpp
@@ -32,6 +32,7 @@ size_t CPDF_TextObject::CountItems() const {
void CPDF_TextObject::GetItemInfo(size_t index,
CPDF_TextObjectItem* pInfo) const {
+ ASSERT(index < m_CharCodes.size());
pInfo->m_CharCode = m_CharCodes[index];
pInfo->m_Origin = CFX_PointF(index > 0 ? m_CharPos[index - 1] : 0, 0);
if (pInfo->m_CharCode == CPDF_Font::kInvalidCharCode)
@@ -160,8 +161,10 @@ void CPDF_TextObject::SetSegments(const ByteString* pStrs,
const char* segment = pStrs[i].c_str();
int len = pStrs[i].GetLength();
int offset = 0;
- while (offset < len)
+ while (offset < len) {
+ ASSERT(static_cast<size_t>(index) < m_CharCodes.size());
m_CharCodes[index++] = pFont->GetNextChar(segment, len, offset);
+ }
if (i != nsegs - 1) {
m_CharPos[index - 1] = pKerning[i];
m_CharCodes[index++] = CPDF_Font::kInvalidCharCode;