diff options
author | dsinclair <dsinclair@chromium.org> | 2016-08-30 10:27:03 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-08-30 10:27:03 -0700 |
commit | f7252a074ed013e2ad3cc11e08eba90502262ce0 (patch) | |
tree | f8d9e23e94fd4615343d8fd663bafb1f6d68bdc1 /core/fpdfapi/fpdf_font/cpdf_simplefont.cpp | |
parent | 50034a679249390852ac26a4119d35fbe124300e (diff) | |
download | pdfium-f7252a074ed013e2ad3cc11e08eba90502262ce0.tar.xz |
Guard against overflow when calculating font weight.
This CL uses the safe math libraries when calculating the font weight from
the StemV value as very large values for StemV can cause the signed int to
overflow.
BUG=chromium:641418
Review-Url: https://codereview.chromium.org/2293633002
Diffstat (limited to 'core/fpdfapi/fpdf_font/cpdf_simplefont.cpp')
-rw-r--r-- | core/fpdfapi/fpdf_font/cpdf_simplefont.cpp | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp b/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp index 62d6959062..8c4dc8d2cd 100644 --- a/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp +++ b/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp @@ -10,6 +10,7 @@ #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" #include "core/fxge/include/fx_freetype.h" +#include "third_party/base/numerics/safe_math.h" CPDF_SimpleFont::CPDF_SimpleFont() : m_BaseEncoding(PDFFONT_ENCODING_BUILTIN) { FXSYS_memset(m_CharWidth, 0xff, sizeof(m_CharWidth)); @@ -181,8 +182,13 @@ void CPDF_SimpleFont::LoadSubstFont() { m_Flags |= PDFFONT_FIXEDPITCH; } } - int weight = m_StemV < 140 ? m_StemV * 5 : (m_StemV * 4 + 140); - m_Font.LoadSubst(m_BaseFont, IsTrueTypeFont(), m_Flags, weight, m_ItalicAngle, + pdfium::base::CheckedNumeric<int> safeStemV(m_StemV); + if (m_StemV < 140) + safeStemV *= 5; + else + safeStemV = safeStemV * 4 + 140; + m_Font.LoadSubst(m_BaseFont, IsTrueTypeFont(), m_Flags, + safeStemV.ValueOrDefault(FXFONT_FW_NORMAL), m_ItalicAngle, 0); } |