diff options
author | JUN FANG <jun_fang@foxitsoftware.com> | 2015-04-11 09:33:23 -0700 |
---|---|---|
committer | JUN FANG <jun_fang@foxitsoftware.com> | 2015-04-11 12:35:13 -0700 |
commit | e26a07588130eeaff120490a266a0a681705f006 (patch) | |
tree | 47aad6ac260d2b04099b6a28e9a2dfce8ed341a2 /core/src/fpdfapi/fpdf_font/fpdf_font.cpp | |
parent | 7121cd914a52e1549014e40ac6489e1471480261 (diff) | |
download | pdfium-e26a07588130eeaff120490a266a0a681705f006.tar.xz |
Merge to XFA: Fix a heap buffer overflow issue in CPDF_CMap::GetNextChar
Add a check to make sure offset is less than the size of string in the function of GetNextChar().
BUG=471651
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1067073003
Diffstat (limited to 'core/src/fpdfapi/fpdf_font/fpdf_font.cpp')
-rw-r--r-- | core/src/fpdfapi/fpdf_font/fpdf_font.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/core/src/fpdfapi/fpdf_font/fpdf_font.cpp b/core/src/fpdfapi/fpdf_font/fpdf_font.cpp index dd646ca113..41bb95a89d 100644 --- a/core/src/fpdfapi/fpdf_font/fpdf_font.cpp +++ b/core/src/fpdfapi/fpdf_font/fpdf_font.cpp @@ -213,7 +213,7 @@ CFX_WideString CPDF_Font::DecodeString(const CFX_ByteString& str) const FX_LPCSTR src_buf = str; int src_pos = 0; while (src_pos < src_len) { - FX_DWORD charcode = GetNextChar(src_buf, src_pos); + FX_DWORD charcode = GetNextChar(src_buf, src_len, src_pos); CFX_WideString unicode = UnicodeFromCharCode(charcode); if (!unicode.IsEmpty()) { result += unicode; @@ -379,7 +379,7 @@ int CPDF_Font::GetStringWidth(FX_LPCSTR pString, int size) int offset = 0; int width = 0; while (offset < size) { - FX_DWORD charcode = GetNextChar(pString, offset); + FX_DWORD charcode = GetNextChar(pString, size, offset); width += GetCharWidthF(charcode); } return width; |