diff options
author | Nicolas Pena <npm@chromium.org> | 2017-06-14 14:52:49 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-06-14 20:46:00 +0000 |
commit | ce67be4c48bf1bdc037141237c1db6ecc2054337 (patch) | |
tree | ebe99ef44f9b304666e475edbecf3ba3b69d9c31 /core/fxge | |
parent | 603a31d0c509c7ce3c2709dcb5377a78e6ce4815 (diff) | |
download | pdfium-ce67be4c48bf1bdc037141237c1db6ecc2054337.tar.xz |
Fix crash when inserting empty path
The path creation method begins with an open MoveTo point. If nothing
else is added, CFX_PathData::GetBoundingBox will try an OOB access in
its m_Points. This CL adds a check similar to the one in
CPDF_StreamContentParser::AddPathObject.
Change-Id: Iec7cfe3379253c021ba7d5f276306a66009f84e2
Reviewed-on: https://pdfium-review.googlesource.com/6593
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxge')
-rw-r--r-- | core/fxge/ge/cfx_pathdata.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/core/fxge/ge/cfx_pathdata.cpp b/core/fxge/ge/cfx_pathdata.cpp index 6fae44acb1..fe3c6778d5 100644 --- a/core/fxge/ge/cfx_pathdata.cpp +++ b/core/fxge/ge/cfx_pathdata.cpp @@ -240,6 +240,9 @@ CFX_FloatRect CFX_PathData::GetBoundingBox(float line_width, bool bJoin; while (iPoint < m_Points.size()) { if (m_Points[iPoint].IsTypeAndOpen(FXPT_TYPE::MoveTo)) { + if (iPoint + 1 == m_Points.size()) + break; + iStartPoint = iPoint + 1; iEndPoint = iPoint; bJoin = false; |