diff options
author | Nicolas Pena <npm@chromium.org> | 2018-04-13 20:17:26 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-04-13 20:17:26 +0000 |
commit | af2ee2cc2e41709df7afc8f49f11ed2e8cf6dedf (patch) | |
tree | 7f97695aede6f525846e77d25af5410051828196 /core/fpdfapi/font | |
parent | 97b47dc407e772a82782d5d64de5560992df2bf9 (diff) | |
download | pdfium-af2ee2cc2e41709df7afc8f49f11ed2e8cf6dedf.tar.xz |
Fix integer overflow in CPDF_Font::FallbackFontFromCharcode
Bug: chromium:831583
Change-Id: Idc980ef47cdd942bddc75d9b7fe4a56bdeacdc1a
Reviewed-on: https://pdfium-review.googlesource.com/30670
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'core/fpdfapi/font')
-rw-r--r-- | core/fpdfapi/font/cpdf_font.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/core/fpdfapi/font/cpdf_font.cpp b/core/fpdfapi/font/cpdf_font.cpp index f636e9397a..ad7eeea264 100644 --- a/core/fpdfapi/font/cpdf_font.cpp +++ b/core/fpdfapi/font/cpdf_font.cpp @@ -452,9 +452,11 @@ const char* CPDF_Font::GetAdobeCharName( uint32_t CPDF_Font::FallbackFontFromCharcode(uint32_t charcode) { if (m_FontFallbacks.empty()) { m_FontFallbacks.push_back(pdfium::MakeUnique<CFX_Font>()); + pdfium::base::CheckedNumeric<int> safeWeight = m_StemV; + safeWeight *= 5; m_FontFallbacks[0]->LoadSubst("Arial", IsTrueTypeFont(), m_Flags, - m_StemV * 5, m_ItalicAngle, 0, - IsVertWriting()); + safeWeight.ValueOrDefault(FXFONT_FW_NORMAL), + m_ItalicAngle, 0, IsVertWriting()); } return 0; } |