Merge to XFA: Fix a bunch of -Wunused-but-set-variable warnings.

Also fix a few nits and other errors along the way.

Review URL: https://codereview.chromium.org/1098583002
Review URL: https://codereview.chromium.org/1135713004

(cherry picked from commit f0a169e6fd5718995fa6ef8749c8d16cdad84985)
(cherry picked from commit 470408c2ffe71e99cebad0d1d6887f1723f02cef)

R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1133453006

1 files changed, 17 insertions, 2 deletions

diff --git a/core/src/fxge/ge/fx_ge_fontmap.cpp b/core/src/fxge/ge/fx_ge_fontmap.cpp
index 9a8380b77e..c668f54834 100644
--- a/core/src/fxge/ge/fx_ge_fontmap.cpp
+++ b/core/src/fxge/ge/fx_ge_fontmap.cpp
@@ -1464,14 +1464,29 @@ void CFX_FolderFontInfo::ScanFile(CFX_ByteString& path)
     FX_BYTE buffer[16];
     FXSYS_fseek(pFile, 0, FXSYS_SEEK_SET);
     size_t readCnt = FXSYS_fread(buffer, 12, 1, pFile);
+    if (readCnt != 1) {
+        FXSYS_fclose(pFile);
+        return;
+    }
+
     if (GET_TT_LONG(buffer) == 0x74746366) {
         FX_DWORD nFaces = GET_TT_LONG(buffer + 8);
-        FX_LPBYTE offsets = FX_Alloc(FX_BYTE, nFaces * 4);
+        if (nFaces > FX_DWORD_MAX / 4) {
+            FXSYS_fclose(pFile);
+            return;
+        }
+        FX_DWORD face_bytes = nFaces * 4;
+        FX_LPBYTE offsets = FX_Alloc(FX_BYTE, face_bytes);
         if (!offsets) {
             FXSYS_fclose(pFile);
             return;
         }
-        readCnt = FXSYS_fread(offsets, nFaces * 4, 1, pFile);
+        readCnt = FXSYS_fread(offsets, face_bytes, 1, pFile);
+        if (readCnt != face_bytes) {
+            FX_Free(offsets);
+            FXSYS_fclose(pFile);
+            return;
+        }
         for (FX_DWORD i = 0; i < nFaces; i ++) {
             FX_LPBYTE p = offsets + i * 4;
             ReportFace(path, pFile, filesize, GET_TT_LONG(p));