Handle the Clip command list being empty

If the command list is already empty when we attempt to restore the clip we will access outside the command array. BUG=chromium:704442 Change-Id: Ib7c44e14f0de175f1c10c1a538d16987aa49bf8a Reviewed-on: https://pdfium-review.googlesource.com/3159 Reviewed-by: Cary Clark <caryclark@google.com> Commit-Queue: dsinclair <dsinclair@chromium.org>
author: Dan Sinclair <dsinclair@chromium.org> 2017-03-23 11:33:52 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-03-23 15:53:58 +0000
commit: 409b663d532d4d6f09a1188fa3b9ac4044708bc4 (patch)
tree: 40b6507b397de947e01b2ccc002c766b3dd18b24
parent: 4650ded3dccefca89b4ef4757bae49a21b4a786d (diff)
download: pdfium-409b663d532d4d6f09a1188fa3b9ac4044708bc4.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/core/fxge/skia/fx_skia_device.cpp b/core/fxge/skia/fx_skia_device.cpp
index 949ffb8031..53432224a5 100644
--- a/core/fxge/skia/fx_skia_device.cpp
+++ b/core/fxge/skia/fx_skia_device.cpp
@@ -949,6 +949,13 @@ class SkiaState {
   bool ClipRestore() {
     if (m_debugDisable)
       return false;
+
+    // TODO(dsinclair): This check works around crbug.com/704442 where
+    // it looks like we have a ClipRestore without a corresponding ClipSave.
+    // We need to track down the imbalance and fix correctly.
+    if (m_commandIndex == 0)
+      return true;
+
     Dump(__func__);
     while (Clip::kSave != m_commands[--m_commandIndex]) {
       SkASSERT(m_commandIndex > 0);
author	Dan Sinclair <dsinclair@chromium.org>	2017-03-23 11:33:52 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-03-23 15:53:58 +0000
commit	409b663d532d4d6f09a1188fa3b9ac4044708bc4 (patch)
tree	40b6507b397de947e01b2ccc002c766b3dd18b24
parent	4650ded3dccefca89b4ef4757bae49a21b4a786d (diff)
download	pdfium-409b663d532d4d6f09a1188fa3b9ac4044708bc4.tar.xz