diff options
author | Ryan Harrison <rharrison@chromium.org> | 2018-03-15 15:21:57 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-03-15 15:21:57 +0000 |
commit | d14dd4316d04f0982c340ad25bb283198a4d5c32 (patch) | |
tree | f2fb7387cb2a4b120409f529e29436e629f51f81 /core | |
parent | c2d9e2d00ee871fa538bc46c8209e98ab9a30c44 (diff) | |
download | pdfium-d14dd4316d04f0982c340ad25bb283198a4d5c32.tar.xz |
Fixing order of guards to avoid potential segvs
Per tspepez's drive by:
str, in theory, might not be terminated, and might have been allocated
right up to a guard page at the end of the heap, say, so that str[len]
could segv.
Change-Id: I6cba7b6d12b23f69e6f150c1b5296df65c2e0086
Reviewed-on: https://pdfium-review.googlesource.com/28610
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/fxge/dib/fx_dib_main.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/core/fxge/dib/fx_dib_main.cpp b/core/fxge/dib/fx_dib_main.cpp index 1349e3e43c..161d2bd32e 100644 --- a/core/fxge/dib/fx_dib_main.cpp +++ b/core/fxge/dib/fx_dib_main.cpp @@ -97,7 +97,7 @@ FX_ARGB StringToFXARGB(const WideStringView& wsValue) { int cc = 0; const wchar_t* str = wsValue.unterminated_c_str(); int len = wsValue.GetLength(); - while (FXSYS_iswspace(str[cc]) && cc < len) + while (cc < len && FXSYS_iswspace(str[cc])) cc++; if (cc >= len) @@ -112,7 +112,7 @@ FX_ARGB StringToFXARGB(const WideStringView& wsValue) { } if (cc < len && str[cc] == ',') { cc++; - while (FXSYS_iswspace(str[cc]) && cc < len) + while (cc < len && FXSYS_iswspace(str[cc])) cc++; while (cc < len) { @@ -124,7 +124,7 @@ FX_ARGB StringToFXARGB(const WideStringView& wsValue) { } if (cc < len && str[cc] == ',') { cc++; - while (FXSYS_iswspace(str[cc]) && cc < len) + while (cc < len && FXSYS_iswspace(str[cc])) cc++; while (cc < len) { |