summaryrefslogtreecommitdiff
path: root/core/src/fpdfapi
diff options
context:
space:
mode:
authorOliver Chang <ochang@chromium.org>2015-11-10 14:17:38 -0800
committerOliver Chang <ochang@chromium.org>2015-11-10 14:17:38 -0800
commit07cafd7e570920810b1589ca30db0a7057b9b6ac (patch)
tree630734568e1baccb3dfeaa4678242c6b38cd0c5e /core/src/fpdfapi
parentfb1cd014b48942572fe49bf2739ad7550a3a6bce (diff)
downloadpdfium-07cafd7e570920810b1589ca30db0a7057b9b6ac.tar.xz
Merge to XFA: Prevent buffer underflow in CPDF_TextObject::CalcPositionData
R=tsepez@chromium.org TBR=tsepez@chromium.org BUG=554115 Review URL: https://codereview.chromium.org/1435473004 . (cherry picked from commit 46d2e278f62454ed2392630b6d18d33d380a20eb) Review URL: https://codereview.chromium.org/1436673003 .
Diffstat (limited to 'core/src/fpdfapi')
-rw-r--r--core/src/fpdfapi/fpdf_page/fpdf_page.cpp10
1 files changed, 5 insertions, 5 deletions
diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page.cpp
index eaa8ef1127..3777cd078c 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page.cpp
@@ -409,11 +409,11 @@ void CPDF_TextObject::CalcPositionData(FX_FLOAT* pTextAdvanceX,
for (int i = 0; i < m_nChars; ++i) {
FX_DWORD charcode =
m_nChars == 1 ? (FX_DWORD)(uintptr_t)m_pCharCodes : m_pCharCodes[i];
- if (charcode == (FX_DWORD)-1) {
- curpos -= FXSYS_Mul(m_pCharPos[i - 1], fontsize) / 1000;
- continue;
- }
- if (i) {
+ if (i > 0) {
+ if (charcode == (FX_DWORD)-1) {
+ curpos -= FXSYS_Mul(m_pCharPos[i - 1], fontsize) / 1000;
+ continue;
+ }
m_pCharPos[i - 1] = curpos;
}
FX_RECT char_rect;