diff options
author | Lei Zhang <thestig@chromium.org> | 2018-03-19 18:00:55 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-03-19 18:00:55 +0000 |
commit | 704a617ec011cda5c821d210c83f311f0ba5b15c (patch) | |
tree | b62877215aa55310523adf7b141c4fb2d0e9b195 /core/fpdftext/cpdf_textpage.cpp | |
parent | 20c94774cc7efb3d90d3181539714f43fdcf01d2 (diff) | |
download | pdfium-704a617ec011cda5c821d210c83f311f0ba5b15c.tar.xz |
Avoid crashing in FPDFText_CountRects() for invalid start values.
BUG=chromium:821305
Change-Id: I371572f60ea3984ce044e25125d882b3c2d03115
Reviewed-on: https://pdfium-review.googlesource.com/28733
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Diffstat (limited to 'core/fpdftext/cpdf_textpage.cpp')
-rw-r--r-- | core/fpdftext/cpdf_textpage.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/fpdftext/cpdf_textpage.cpp b/core/fpdftext/cpdf_textpage.cpp index 7315754919..91cfe8c6c9 100644 --- a/core/fpdftext/cpdf_textpage.cpp +++ b/core/fpdftext/cpdf_textpage.cpp @@ -242,8 +242,12 @@ std::vector<CFX_FloatRect> CPDF_TextPage::GetRectArray(int start, return rects; const int nCharListSize = CountChars(); + if (start >= nCharListSize) + return rects; + if (nCount < 0 || start + nCount > nCharListSize) nCount = nCharListSize - start; + ASSERT(nCount > 0); CPDF_TextObject* pCurObj = nullptr; CFX_FloatRect rect; |