Merge to XFA: Fix a heap buffer overflow issue in CPDF_CMap::GetNextChar

Add a check to make sure offset is less than the size of string in the function of GetNextChar(). BUG=471651 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1067073003
author: JUN FANG <jun_fang@foxitsoftware.com> 2015-04-11 09:33:23 -0700
committer: JUN FANG <jun_fang@foxitsoftware.com> 2015-04-11 12:35:13 -0700
commit: e26a07588130eeaff120490a266a0a681705f006 (patch)
tree: 47aad6ac260d2b04099b6a28e9a2dfce8ed341a2 /core/src/fpdftext
parent: 7121cd914a52e1549014e40ac6489e1471480261 (diff)
download: pdfium-e26a07588130eeaff120490a266a0a681705f006.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/core/src/fpdftext/fpdf_text.cpp b/core/src/fpdftext/fpdf_text.cpp
index a4a124d5e6..d6d6de9a83 100644
--- a/core/src/fpdftext/fpdf_text.cpp
+++ b/core/src/fpdftext/fpdf_text.cpp
@@ -181,7 +181,7 @@ CTextBaseLine* CTextPage::InsertTextBox(CTextBaseLine* pBaseLine, FX_FLOAT basey
     FX_LPCSTR pStr = str;
     int len = str.GetLength(), offset = 0;
     while (offset < len) {
-        FX_DWORD ch = pFont->GetNextChar(pStr, offset);
+        FX_DWORD ch = pFont->GetNextChar(pStr, len, offset);
         CFX_WideString unicode_str = pFont->UnicodeFromCharCode(ch);
         if (unicode_str.IsEmpty()) {
             text += (FX_WCHAR)ch;
author	JUN FANG <jun_fang@foxitsoftware.com>	2015-04-11 09:33:23 -0700
committer	JUN FANG <jun_fang@foxitsoftware.com>	2015-04-11 12:35:13 -0700
commit	e26a07588130eeaff120490a266a0a681705f006 (patch)
tree	47aad6ac260d2b04099b6a28e9a2dfce8ed341a2 /core/src/fpdftext
parent	7121cd914a52e1549014e40ac6489e1471480261 (diff)
download	pdfium-e26a07588130eeaff120490a266a0a681705f006.tar.xz