Add ASSERT to check OOB m_CharCodes

It seems m_CharCodes is in rare cases being corrupted, this CL adds ASSERTS
to catch whether the corruption is due to out-of-bounds element access.

Bug: 782215
Change-Id: I555ad1ccc2de3c35b2e06496f7216fba770f0759
Reviewed-on: https://pdfium-review.googlesource.com/27030
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>

1 files changed, 4 insertions, 1 deletions

diff --git a/core/fpdfapi/page/cpdf_textobject.cpp b/core/fpdfapi/page/cpdf_textobject.cpp
index 0d60d50e2c..402bf2ef66 100644
--- a/core/fpdfapi/page/cpdf_textobject.cpp
+++ b/core/fpdfapi/page/cpdf_textobject.cpp
@@ -32,6 +32,7 @@ size_t CPDF_TextObject::CountItems() const {
 
 void CPDF_TextObject::GetItemInfo(size_t index,
                                   CPDF_TextObjectItem* pInfo) const {
+  ASSERT(index < m_CharCodes.size());
   pInfo->m_CharCode = m_CharCodes[index];
   pInfo->m_Origin = CFX_PointF(index > 0 ? m_CharPos[index - 1] : 0, 0);
   if (pInfo->m_CharCode == CPDF_Font::kInvalidCharCode)
@@ -160,8 +161,10 @@ void CPDF_TextObject::SetSegments(const ByteString* pStrs,
     const char* segment = pStrs[i].c_str();
     int len = pStrs[i].GetLength();
     int offset = 0;
-    while (offset < len)
+    while (offset < len) {
+      ASSERT(static_cast<size_t>(index) < m_CharCodes.size());
       m_CharCodes[index++] = pFont->GetNextChar(segment, len, offset);
+    }
     if (i != nsegs - 1) {
       m_CharPos[index - 1] = pKerning[i];
       m_CharCodes[index++] = CPDF_Font::kInvalidCharCode;