diff options
| author | Lei Zhang <thestig@chromium.org> | 2018-03-19 17:44:55 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-03-19 17:44:55 +0000 |
| commit | 20c94774cc7efb3d90d3181539714f43fdcf01d2 (patch) | |
| tree | 4b70ce3495177e9101bc86630685a5af5f531a37 | |
| parent | 30e0498962e8e4d99225a4da854ffd342677922c (diff) | |
| download | pdfium-20c94774cc7efb3d90d3181539714f43fdcf01d2.tar.xz | |
Avoid crashing in FPDFText_CountRects() for negative count values.
Treat values less than -1 as -1.
BUG=chromium:821305
Change-Id: Ieaced045473fa51097400e5af1286f0d3f4d0143
Reviewed-on: https://pdfium-review.googlesource.com/28732
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
| -rw-r--r-- | core/fpdftext/cpdf_textpage.cpp | 17 | ||||
| -rw-r--r-- | fpdfsdk/fpdftext_embeddertest.cpp | 3 |
2 files changed, 8 insertions, 12 deletions
diff --git a/core/fpdftext/cpdf_textpage.cpp b/core/fpdftext/cpdf_textpage.cpp index e712549ceb..7315754919 100644 --- a/core/fpdftext/cpdf_textpage.cpp +++ b/core/fpdftext/cpdf_textpage.cpp @@ -237,15 +237,14 @@ int CPDF_TextPage::TextIndexFromCharIndex(int CharIndex) const { std::vector<CFX_FloatRect> CPDF_TextPage::GetRectArray(int start, int nCount) const { + std::vector<CFX_FloatRect> rects; if (start < 0 || nCount == 0 || !m_bIsParsed) - return std::vector<CFX_FloatRect>(); + return rects; - if (nCount + start > pdfium::CollectionSize<int>(m_CharList) || - nCount == -1) { - nCount = pdfium::CollectionSize<int>(m_CharList) - start; - } + const int nCharListSize = CountChars(); + if (nCount < 0 || start + nCount > nCharListSize) + nCount = nCharListSize - start; - std::vector<CFX_FloatRect> rectArray; CPDF_TextObject* pCurObj = nullptr; CFX_FloatRect rect; int curPos = start; @@ -261,7 +260,7 @@ std::vector<CFX_FloatRect> CPDF_TextPage::GetRectArray(int start, if (!pCurObj) pCurObj = info_curchar.m_pTextObj.Get(); if (pCurObj != info_curchar.m_pTextObj) { - rectArray.push_back(rect); + rects.push_back(rect); pCurObj = info_curchar.m_pTextObj.Get(); bFlagNewRect = true; } @@ -304,8 +303,8 @@ std::vector<CFX_FloatRect> CPDF_TextPage::GetRectArray(int start, rect.bottom = std::min(rect.bottom, info_curchar.m_CharBox.bottom); } } - rectArray.push_back(rect); - return rectArray; + rects.push_back(rect); + return rects; } int CPDF_TextPage::GetIndexAtPos(const CFX_PointF& point, diff --git a/fpdfsdk/fpdftext_embeddertest.cpp b/fpdfsdk/fpdftext_embeddertest.cpp index c056908148..0cf10f5106 100644 --- a/fpdfsdk/fpdftext_embeddertest.cpp +++ b/fpdfsdk/fpdftext_embeddertest.cpp @@ -725,14 +725,11 @@ TEST_F(FPDFTextEmbeddertest, CountRects) { EXPECT_EQ(2, FPDFText_CountRects(textpage, start, 500)); } -#if 0 - // TODO(thestig): This crashes. Fix and enable. // Now test negative counts. for (int start = 0; start < kHelloWorldEnd; ++start) { EXPECT_EQ(2, FPDFText_CountRects(textpage, start, -100)); EXPECT_EQ(2, FPDFText_CountRects(textpage, start, -2)); } -#endif // Now test larger start values. const int kExpectedLength = strlen(kExpected); |