Fix integer overflow in CPDF_Font::FallbackFontFromCharcode

Bug: chromium:831583 Change-Id: Idc980ef47cdd942bddc75d9b7fe4a56bdeacdc1a Reviewed-on: https://pdfium-review.googlesource.com/30670 Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
author: Nicolas Pena <npm@chromium.org> 2018-04-13 20:17:26 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-04-13 20:17:26 +0000
commit: af2ee2cc2e41709df7afc8f49f11ed2e8cf6dedf (patch)
tree: 7f97695aede6f525846e77d25af5410051828196
parent: 97b47dc407e772a82782d5d64de5560992df2bf9 (diff)
download: pdfium-af2ee2cc2e41709df7afc8f49f11ed2e8cf6dedf.tar.xz
1 files changed, 4 insertions, 2 deletions
diff --git a/core/fpdfapi/font/cpdf_font.cpp b/core/fpdfapi/font/cpdf_font.cpp
index f636e9397a..ad7eeea264 100644
--- a/core/fpdfapi/font/cpdf_font.cpp
+++ b/core/fpdfapi/font/cpdf_font.cpp
@@ -452,9 +452,11 @@ const char* CPDF_Font::GetAdobeCharName(
 uint32_t CPDF_Font::FallbackFontFromCharcode(uint32_t charcode) {
   if (m_FontFallbacks.empty()) {
     m_FontFallbacks.push_back(pdfium::MakeUnique<CFX_Font>());
+    pdfium::base::CheckedNumeric<int> safeWeight = m_StemV;
+    safeWeight *= 5;
     m_FontFallbacks[0]->LoadSubst("Arial", IsTrueTypeFont(), m_Flags,
-                                  m_StemV * 5, m_ItalicAngle, 0,
-                                  IsVertWriting());
+                                  safeWeight.ValueOrDefault(FXFONT_FW_NORMAL),
+                                  m_ItalicAngle, 0, IsVertWriting());
   }
   return 0;
 }
author	Nicolas Pena <npm@chromium.org>	2018-04-13 20:17:26 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-04-13 20:17:26 +0000
commit	af2ee2cc2e41709df7afc8f49f11ed2e8cf6dedf (patch)
tree	7f97695aede6f525846e77d25af5410051828196
parent	97b47dc407e772a82782d5d64de5560992df2bf9 (diff)
download	pdfium-af2ee2cc2e41709df7afc8f49f11ed2e8cf6dedf.tar.xz