summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorRyan Harrison <rharrison@chromium.org>2018-03-15 15:21:57 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-03-15 15:21:57 +0000
commitd14dd4316d04f0982c340ad25bb283198a4d5c32 (patch)
treef2fb7387cb2a4b120409f529e29436e629f51f81 /core
parentc2d9e2d00ee871fa538bc46c8209e98ab9a30c44 (diff)
downloadpdfium-d14dd4316d04f0982c340ad25bb283198a4d5c32.tar.xz
Fixing order of guards to avoid potential segvs
Per tspepez's drive by: str, in theory, might not be terminated, and might have been allocated right up to a guard page at the end of the heap, say, so that str[len] could segv. Change-Id: I6cba7b6d12b23f69e6f150c1b5296df65c2e0086 Reviewed-on: https://pdfium-review.googlesource.com/28610 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'core')
-rw-r--r--core/fxge/dib/fx_dib_main.cpp6
1 files changed, 3 insertions, 3 deletions
diff --git a/core/fxge/dib/fx_dib_main.cpp b/core/fxge/dib/fx_dib_main.cpp
index 1349e3e43c..161d2bd32e 100644
--- a/core/fxge/dib/fx_dib_main.cpp
+++ b/core/fxge/dib/fx_dib_main.cpp
@@ -97,7 +97,7 @@ FX_ARGB StringToFXARGB(const WideStringView& wsValue) {
int cc = 0;
const wchar_t* str = wsValue.unterminated_c_str();
int len = wsValue.GetLength();
- while (FXSYS_iswspace(str[cc]) && cc < len)
+ while (cc < len && FXSYS_iswspace(str[cc]))
cc++;
if (cc >= len)
@@ -112,7 +112,7 @@ FX_ARGB StringToFXARGB(const WideStringView& wsValue) {
}
if (cc < len && str[cc] == ',') {
cc++;
- while (FXSYS_iswspace(str[cc]) && cc < len)
+ while (cc < len && FXSYS_iswspace(str[cc]))
cc++;
while (cc < len) {
@@ -124,7 +124,7 @@ FX_ARGB StringToFXARGB(const WideStringView& wsValue) {
}
if (cc < len && str[cc] == ',') {
cc++;
- while (FXSYS_iswspace(str[cc]) && cc < len)
+ while (cc < len && FXSYS_iswspace(str[cc]))
cc++;
while (cc < len) {