summaryrefslogtreecommitdiff
path: root/core/src/fxge
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2016-03-02 17:38:08 -0800
committerTom Sepez <tsepez@chromium.org>2016-03-02 17:38:08 -0800
commit73733f079c086562d8e7c2943ed16cf6f95b2c42 (patch)
tree1187a3efbdcc990f3338a0c0b08172f6879eb2ad /core/src/fxge
parentd87b20e1ae765cb65281c5bd7c12fc41e8a86780 (diff)
downloadpdfium-73733f079c086562d8e7c2943ed16cf6f95b2c42.tar.xz
Check that the names buffer is not empty before passing to GetNameFromTT.
Due to implicit conversion if the names buffer is empty then nullptr will be passed to GetNameFromTT which blindly dereferences it leading to a NPD if an invalid font file is read. BUG=583037 Patch by forshaw@ R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1763493003 .
Diffstat (limited to 'core/src/fxge')
-rw-r--r--core/src/fxge/ge/fx_ge_fontmap.cpp3
1 files changed, 3 insertions, 0 deletions
diff --git a/core/src/fxge/ge/fx_ge_fontmap.cpp b/core/src/fxge/ge/fx_ge_fontmap.cpp
index 06b58ea3ab..890de616d1 100644
--- a/core/src/fxge/ge/fx_ge_fontmap.cpp
+++ b/core/src/fxge/ge/fx_ge_fontmap.cpp
@@ -1421,6 +1421,9 @@ void CFX_FolderFontInfo::ReportFace(const CFX_ByteString& path,
}
CFX_ByteString names =
FPDF_LoadTableFromTT(pFile, tables, nTables, 0x6e616d65);
+ if (names.IsEmpty()) {
+ return;
+ }
CFX_ByteString facename = GetNameFromTT(names, 1);
CFX_ByteString style = GetNameFromTT(names, 2);
if (style != "Regular") {