diff options
| author | dsinclair <dsinclair@chromium.org> | 2016-08-30 10:27:03 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-08-30 10:27:03 -0700 |
| commit | f7252a074ed013e2ad3cc11e08eba90502262ce0 (patch) | |
| tree | f8d9e23e94fd4615343d8fd663bafb1f6d68bdc1 | |
| parent | 50034a679249390852ac26a4119d35fbe124300e (diff) | |
| download | pdfium-f7252a074ed013e2ad3cc11e08eba90502262ce0.tar.xz | |
Guard against overflow when calculating font weight.
This CL uses the safe math libraries when calculating the font weight from
the StemV value as very large values for StemV can cause the signed int to
overflow.
BUG=chromium:641418
Review-Url: https://codereview.chromium.org/2293633002
| -rw-r--r-- | core/fpdfapi/fpdf_font/cpdf_cidfont.cpp | 6 | ||||
| -rw-r--r-- | core/fpdfapi/fpdf_font/cpdf_simplefont.cpp | 10 |
2 files changed, 13 insertions, 3 deletions
diff --git a/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp b/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp index 491bd6d0c7..2bd886754e 100644 --- a/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp +++ b/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp @@ -18,6 +18,7 @@ #include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_stream_acc.h" #include "core/fpdfapi/include/cpdf_modulemgr.h" +#include "third_party/base/numerics/safe_math.h" namespace { @@ -768,7 +769,10 @@ FX_BOOL CPDF_CIDFont::IsUnicodeCompatible() const { } void CPDF_CIDFont::LoadSubstFont() { - m_Font.LoadSubst(m_BaseFont, !m_bType1, m_Flags, m_StemV * 5, m_ItalicAngle, + pdfium::base::CheckedNumeric<int> safeStemV(m_StemV); + safeStemV *= 5; + m_Font.LoadSubst(m_BaseFont, !m_bType1, m_Flags, + safeStemV.ValueOrDefault(FXFONT_FW_NORMAL), m_ItalicAngle, g_CharsetCPs[m_Charset], IsVertWriting()); } diff --git a/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp b/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp index 62d6959062..8c4dc8d2cd 100644 --- a/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp +++ b/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp @@ -10,6 +10,7 @@ #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" #include "core/fxge/include/fx_freetype.h" +#include "third_party/base/numerics/safe_math.h" CPDF_SimpleFont::CPDF_SimpleFont() : m_BaseEncoding(PDFFONT_ENCODING_BUILTIN) { FXSYS_memset(m_CharWidth, 0xff, sizeof(m_CharWidth)); @@ -181,8 +182,13 @@ void CPDF_SimpleFont::LoadSubstFont() { m_Flags |= PDFFONT_FIXEDPITCH; } } - int weight = m_StemV < 140 ? m_StemV * 5 : (m_StemV * 4 + 140); - m_Font.LoadSubst(m_BaseFont, IsTrueTypeFont(), m_Flags, weight, m_ItalicAngle, + pdfium::base::CheckedNumeric<int> safeStemV(m_StemV); + if (m_StemV < 140) + safeStemV *= 5; + else + safeStemV = safeStemV * 4 + 140; + m_Font.LoadSubst(m_BaseFont, IsTrueTypeFont(), m_Flags, + safeStemV.ValueOrDefault(FXFONT_FW_NORMAL), m_ItalicAngle, 0); } |