summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authordsinclair <dsinclair@chromium.org>2016-08-30 10:27:03 -0700
committerCommit bot <commit-bot@chromium.org>2016-08-30 10:27:03 -0700
commitf7252a074ed013e2ad3cc11e08eba90502262ce0 (patch)
treef8d9e23e94fd4615343d8fd663bafb1f6d68bdc1 /core
parent50034a679249390852ac26a4119d35fbe124300e (diff)
downloadpdfium-f7252a074ed013e2ad3cc11e08eba90502262ce0.tar.xz
Guard against overflow when calculating font weight.
This CL uses the safe math libraries when calculating the font weight from the StemV value as very large values for StemV can cause the signed int to overflow. BUG=chromium:641418 Review-Url: https://codereview.chromium.org/2293633002
Diffstat (limited to 'core')
-rw-r--r--core/fpdfapi/fpdf_font/cpdf_cidfont.cpp6
-rw-r--r--core/fpdfapi/fpdf_font/cpdf_simplefont.cpp10
2 files changed, 13 insertions, 3 deletions
diff --git a/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp b/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp
index 491bd6d0c7..2bd886754e 100644
--- a/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp
+++ b/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp
@@ -18,6 +18,7 @@
#include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h"
#include "core/fpdfapi/fpdf_parser/include/cpdf_stream_acc.h"
#include "core/fpdfapi/include/cpdf_modulemgr.h"
+#include "third_party/base/numerics/safe_math.h"
namespace {
@@ -768,7 +769,10 @@ FX_BOOL CPDF_CIDFont::IsUnicodeCompatible() const {
}
void CPDF_CIDFont::LoadSubstFont() {
- m_Font.LoadSubst(m_BaseFont, !m_bType1, m_Flags, m_StemV * 5, m_ItalicAngle,
+ pdfium::base::CheckedNumeric<int> safeStemV(m_StemV);
+ safeStemV *= 5;
+ m_Font.LoadSubst(m_BaseFont, !m_bType1, m_Flags,
+ safeStemV.ValueOrDefault(FXFONT_FW_NORMAL), m_ItalicAngle,
g_CharsetCPs[m_Charset], IsVertWriting());
}
diff --git a/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp b/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp
index 62d6959062..8c4dc8d2cd 100644
--- a/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp
+++ b/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp
@@ -10,6 +10,7 @@
#include "core/fpdfapi/fpdf_parser/include/cpdf_array.h"
#include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h"
#include "core/fxge/include/fx_freetype.h"
+#include "third_party/base/numerics/safe_math.h"
CPDF_SimpleFont::CPDF_SimpleFont() : m_BaseEncoding(PDFFONT_ENCODING_BUILTIN) {
FXSYS_memset(m_CharWidth, 0xff, sizeof(m_CharWidth));
@@ -181,8 +182,13 @@ void CPDF_SimpleFont::LoadSubstFont() {
m_Flags |= PDFFONT_FIXEDPITCH;
}
}
- int weight = m_StemV < 140 ? m_StemV * 5 : (m_StemV * 4 + 140);
- m_Font.LoadSubst(m_BaseFont, IsTrueTypeFont(), m_Flags, weight, m_ItalicAngle,
+ pdfium::base::CheckedNumeric<int> safeStemV(m_StemV);
+ if (m_StemV < 140)
+ safeStemV *= 5;
+ else
+ safeStemV = safeStemV * 4 + 140;
+ m_Font.LoadSubst(m_BaseFont, IsTrueTypeFont(), m_Flags,
+ safeStemV.ValueOrDefault(FXFONT_FW_NORMAL), m_ItalicAngle,
0);
}