Fix a heap buffer overflow issue in CPDF_CMap::GetNextChar

Add a check to make sure offset is less than the size of string in the function of GetNextChar(). BUG=471651 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1067073003
author: JUN FANG <jun_fang@foxitsoftware.com> 2015-04-11 09:33:23 -0700
committer: JUN FANG <jun_fang@foxitsoftware.com> 2015-04-11 09:33:23 -0700
commit: f265ee5a5f0e96d1a91111f4f27eb2f1edd8835a (patch)
tree: 61752f617913671b60e9c0cfb2f6c21fb652fc26 /core/src/fpdftext
parent: 9c7b0940569ee5eb1794e8db4e47ecaf3a64315d (diff)
download: pdfium-f265ee5a5f0e96d1a91111f4f27eb2f1edd8835a.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/core/src/fpdftext/fpdf_text.cpp b/core/src/fpdftext/fpdf_text.cpp
index a4a124d5e6..d6d6de9a83 100644
--- a/core/src/fpdftext/fpdf_text.cpp
+++ b/core/src/fpdftext/fpdf_text.cpp
@@ -181,7 +181,7 @@ CTextBaseLine* CTextPage::InsertTextBox(CTextBaseLine* pBaseLine, FX_FLOAT basey
     FX_LPCSTR pStr = str;
     int len = str.GetLength(), offset = 0;
     while (offset < len) {
-        FX_DWORD ch = pFont->GetNextChar(pStr, offset);
+        FX_DWORD ch = pFont->GetNextChar(pStr, len, offset);
         CFX_WideString unicode_str = pFont->UnicodeFromCharCode(ch);
         if (unicode_str.IsEmpty()) {
             text += (FX_WCHAR)ch;
author	JUN FANG <jun_fang@foxitsoftware.com>	2015-04-11 09:33:23 -0700
committer	JUN FANG <jun_fang@foxitsoftware.com>	2015-04-11 09:33:23 -0700
commit	f265ee5a5f0e96d1a91111f4f27eb2f1edd8835a (patch)
tree	61752f617913671b60e9c0cfb2f6c21fb652fc26 /core/src/fpdftext
parent	9c7b0940569ee5eb1794e8db4e47ecaf3a64315d (diff)
download	pdfium-f265ee5a5f0e96d1a91111f4f27eb2f1edd8835a.tar.xz