diff options
author | Nicolas Pena <npm@chromium.org> | 2018-02-16 18:20:37 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-02-16 18:20:37 +0000 |
commit | 228d415eb4966e9d146fcfee48ca357d4a25bba8 (patch) | |
tree | 98f904002454bdfb13a89e90c6bb141f984c01b8 /core/fpdfapi/page | |
parent | 818632b0bb2f94bfba4acb518b6e08d20eda4b17 (diff) | |
download | pdfium-228d415eb4966e9d146fcfee48ca357d4a25bba8.tar.xz |
Add ASSERT to check OOB m_CharCodes
It seems m_CharCodes is in rare cases being corrupted, this CL adds ASSERTS
to catch whether the corruption is due to out-of-bounds element access.
Bug: 782215
Change-Id: I555ad1ccc2de3c35b2e06496f7216fba770f0759
Reviewed-on: https://pdfium-review.googlesource.com/27030
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'core/fpdfapi/page')
-rw-r--r-- | core/fpdfapi/page/cpdf_textobject.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/core/fpdfapi/page/cpdf_textobject.cpp b/core/fpdfapi/page/cpdf_textobject.cpp index 0d60d50e2c..402bf2ef66 100644 --- a/core/fpdfapi/page/cpdf_textobject.cpp +++ b/core/fpdfapi/page/cpdf_textobject.cpp @@ -32,6 +32,7 @@ size_t CPDF_TextObject::CountItems() const { void CPDF_TextObject::GetItemInfo(size_t index, CPDF_TextObjectItem* pInfo) const { + ASSERT(index < m_CharCodes.size()); pInfo->m_CharCode = m_CharCodes[index]; pInfo->m_Origin = CFX_PointF(index > 0 ? m_CharPos[index - 1] : 0, 0); if (pInfo->m_CharCode == CPDF_Font::kInvalidCharCode) @@ -160,8 +161,10 @@ void CPDF_TextObject::SetSegments(const ByteString* pStrs, const char* segment = pStrs[i].c_str(); int len = pStrs[i].GetLength(); int offset = 0; - while (offset < len) + while (offset < len) { + ASSERT(static_cast<size_t>(index) < m_CharCodes.size()); m_CharCodes[index++] = pFont->GetNextChar(segment, len, offset); + } if (i != nsegs - 1) { m_CharPos[index - 1] = pKerning[i]; m_CharCodes[index++] = CPDF_Font::kInvalidCharCode; |