summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorfoxit <jun_fang@foxitsoftware.com>2014-06-10 14:40:42 -0700
committerBo Xu <bo_xu@foxitsoftware.com>2014-07-30 17:15:43 -0700
commit0427443b2d5594e0763f3419a0124177a5e2e809 (patch)
tree66b147bc38227e29d7cf56f983e96e3eac08c795 /core
parenta2dfb95353c8e4851300f8d53d4659e1b764c31d (diff)
downloadpdfium-0427443b2d5594e0763f3419a0124177a5e2e809.tar.xz
BUG=379656
R=palmer@chromium.org Review URL: https://codereview.chromium.org/320223003
Diffstat (limited to 'core')
-rw-r--r--core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp13
1 files changed, 11 insertions, 2 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp
index 6838f739fa..6b2483eda7 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp
@@ -468,7 +468,16 @@ CFX_ByteString PDF_EncodeText(FX_LPCWSTR pString, int len, CFX_CharMap* pCharMap
return result;
}
}
- FX_LPBYTE dest_buf2 = (FX_LPBYTE)result.GetBuffer(len * 2 + 2);
+
+ if(len > INT_MAX/2-1)
+ {
+ result.ReleaseBuffer(0);
+ return result;
+ }
+
+ int encLen = len * 2 + 2;
+
+ FX_LPBYTE dest_buf2 = (FX_LPBYTE)result.GetBuffer(encLen);
dest_buf2[0] = 0xfe;
dest_buf2[1] = 0xff;
dest_buf2 += 2;
@@ -476,7 +485,7 @@ CFX_ByteString PDF_EncodeText(FX_LPCWSTR pString, int len, CFX_CharMap* pCharMap
*dest_buf2++ = pString[i] >> 8;
*dest_buf2++ = (FX_BYTE)pString[i];
}
- result.ReleaseBuffer(len * 2 + 2);
+ result.ReleaseBuffer(encLen);
return result;
}
CFX_ByteString PDF_EncodeString(const CFX_ByteString& src, FX_BOOL bHex)