summaryrefslogtreecommitdiff
path: root/core/fpdfapi
diff options
context:
space:
mode:
authorRyan Harrison <rharrison@chromium.org>2017-08-11 16:20:32 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-08-11 21:03:14 +0000
commitddb9b7cdd19b63a81c4a094239e85f84acefaa17 (patch)
tree8657940fb10d76a96ffe996cf17d70a1c65ca6de /core/fpdfapi
parentd27998f6526272a5b8732106aa9b75f724434aca (diff)
downloadpdfium-ddb9b7cdd19b63a81c4a094239e85f84acefaa17.tar.xz
Add checks of index operations on string classes
Specifically the index parameter passed in to GetAt(), SetAt() and operator[] are now being tested to be in bounds. BUG=chromium:752480, pdfium:828 Change-Id: I9e94d58c98a8eaaaae53cd0e3ffe2123ea17d8c4 Reviewed-on: https://pdfium-review.googlesource.com/10651 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fpdfapi')
-rw-r--r--core/fpdfapi/font/cpdf_cmapparser.cpp4
1 files changed, 3 insertions, 1 deletions
diff --git a/core/fpdfapi/font/cpdf_cmapparser.cpp b/core/fpdfapi/font/cpdf_cmapparser.cpp
index 0f9bca6018..cbf693966e 100644
--- a/core/fpdfapi/font/cpdf_cmapparser.cpp
+++ b/core/fpdfapi/font/cpdf_cmapparser.cpp
@@ -35,7 +35,7 @@ CIDSet CIDSetFromSizeT(size_t index) {
CFX_ByteStringC CMap_GetString(const CFX_ByteStringC& word) {
if (word.GetLength() <= 2)
return CFX_ByteStringC();
- return CFX_ByteStringC(&word[1], word.GetLength() - 2);
+ return word.Right(word.GetLength() - 2);
}
} // namespace
@@ -137,6 +137,8 @@ void CPDF_CMapParser::ParseWord(const CFX_ByteStringC& word) {
// Static.
uint32_t CPDF_CMapParser::CMap_GetCode(const CFX_ByteStringC& word) {
+ if (word.IsEmpty())
+ return 0;
pdfium::base::CheckedNumeric<uint32_t> num = 0;
if (word.GetAt(0) == '<') {
for (int i = 1; i < word.GetLength() && std::isxdigit(word.GetAt(i)); ++i) {