diff options
| author | Nicolas Pena <npm@chromium.org> | 2017-06-14 14:52:49 -0400 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-06-14 20:46:00 +0000 |
| commit | ce67be4c48bf1bdc037141237c1db6ecc2054337 (patch) | |
| tree | ebe99ef44f9b304666e475edbecf3ba3b69d9c31 | |
| parent | 603a31d0c509c7ce3c2709dcb5377a78e6ce4815 (diff) | |
| download | pdfium-ce67be4c48bf1bdc037141237c1db6ecc2054337.tar.xz | |
Fix crash when inserting empty path
The path creation method begins with an open MoveTo point. If nothing
else is added, CFX_PathData::GetBoundingBox will try an OOB access in
its m_Points. This CL adds a check similar to the one in
CPDF_StreamContentParser::AddPathObject.
Change-Id: Iec7cfe3379253c021ba7d5f276306a66009f84e2
Reviewed-on: https://pdfium-review.googlesource.com/6593
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
| -rw-r--r-- | core/fxge/ge/cfx_pathdata.cpp | 3 | ||||
| -rw-r--r-- | fpdfsdk/fpdfedit_embeddertest.cpp | 5 |
2 files changed, 5 insertions, 3 deletions
diff --git a/core/fxge/ge/cfx_pathdata.cpp b/core/fxge/ge/cfx_pathdata.cpp index 6fae44acb1..fe3c6778d5 100644 --- a/core/fxge/ge/cfx_pathdata.cpp +++ b/core/fxge/ge/cfx_pathdata.cpp @@ -240,6 +240,9 @@ CFX_FloatRect CFX_PathData::GetBoundingBox(float line_width, bool bJoin; while (iPoint < m_Points.size()) { if (m_Points[iPoint].IsTypeAndOpen(FXPT_TYPE::MoveTo)) { + if (iPoint + 1 == m_Points.size()) + break; + iStartPoint = iPoint + 1; iEndPoint = iPoint; bJoin = false; diff --git a/fpdfsdk/fpdfedit_embeddertest.cpp b/fpdfsdk/fpdfedit_embeddertest.cpp index 1146a8c546..f7bade9155 100644 --- a/fpdfsdk/fpdfedit_embeddertest.cpp +++ b/fpdfsdk/fpdfedit_embeddertest.cpp @@ -593,13 +593,12 @@ TEST_F(FPDFEditEmbeddertest, GraphicsData) { EXPECT_EQ(2, static_cast<int>(graphics_dict->GetCount())); // Add a path that should reuse graphics - // TODO(npm): This causes a crash on Windows. - /*FPDF_PAGEOBJECT path = FPDFPageObj_CreateNewPath(400, 100); + FPDF_PAGEOBJECT path = FPDFPageObj_CreateNewPath(400, 100); FPDFPageObj_SetBlendMode(path, "Darken"); EXPECT_TRUE(FPDFPath_SetFillColor(path, 200, 200, 100, 150)); FPDFPage_InsertObject(page.get(), path); EXPECT_TRUE(FPDFPage_GenerateContent(page.get())); - EXPECT_EQ(2, static_cast<int>(graphics_dict->GetCount()));*/ + EXPECT_EQ(2, static_cast<int>(graphics_dict->GetCount())); // Add a rect increasing the size of the graphics dictionary FPDF_PAGEOBJECT rect2 = FPDFPageObj_CreateNewRect(10, 10, 100, 100); |