BUG=379656

R=palmer@chromium.org Review URL: https://codereview.chromium.org/320223003
author: foxit <jun_fang@foxitsoftware.com> 2014-06-10 14:40:42 -0700
committer: foxit <jun_fang@foxitsoftware.com> 2014-06-10 14:40:42 -0700
commit: d7d52f1b359458d5c90b182af68168bd9349f335 (patch)
tree: 6b754524dd11de3ee5bc6d268b60a2e2237062df /core/src
parent: 9e16edd0ffb834e87da76fe6b0fe4aef39312685 (diff)
download: pdfium-d7d52f1b359458d5c90b182af68168bd9349f335.tar.xz
1 files changed, 11 insertions, 2 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp
index 6838f739fa..6b2483eda7 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp
@@ -468,7 +468,16 @@ CFX_ByteString PDF_EncodeText(FX_LPCWSTR pString, int len, CFX_CharMap* pCharMap
             return result;
         }
     }
-    FX_LPBYTE dest_buf2 = (FX_LPBYTE)result.GetBuffer(len * 2 + 2);
+   
+    if(len > INT_MAX/2-1) 
+    {
+        result.ReleaseBuffer(0);
+        return result;
+    }
+
+    int encLen = len * 2 + 2;
+
+    FX_LPBYTE dest_buf2 = (FX_LPBYTE)result.GetBuffer(encLen);
     dest_buf2[0] = 0xfe;
     dest_buf2[1] = 0xff;
     dest_buf2 += 2;
@@ -476,7 +485,7 @@ CFX_ByteString PDF_EncodeText(FX_LPCWSTR pString, int len, CFX_CharMap* pCharMap
         *dest_buf2++ = pString[i] >> 8;
         *dest_buf2++ = (FX_BYTE)pString[i];
     }
-    result.ReleaseBuffer(len * 2 + 2);
+    result.ReleaseBuffer(encLen);
     return result;
 }
 CFX_ByteString PDF_EncodeString(const CFX_ByteString& src, FX_BOOL bHex)
author	foxit <jun_fang@foxitsoftware.com>	2014-06-10 14:40:42 -0700
committer	foxit <jun_fang@foxitsoftware.com>	2014-06-10 14:40:42 -0700
commit	d7d52f1b359458d5c90b182af68168bd9349f335 (patch)
tree	6b754524dd11de3ee5bc6d268b60a2e2237062df /core/src
parent	9e16edd0ffb834e87da76fe6b0fe4aef39312685 (diff)
download	pdfium-d7d52f1b359458d5c90b182af68168bd9349f335.tar.xz