summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2018-10-01 17:47:52 +0000
committerLei Zhang <thestig@chromium.org>2018-10-01 17:47:52 +0000
commit13b08aa11de74120909b871b987d010f33cd0bc6 (patch)
treedf5c1ce27d6beae6f6ad544e73cc5b318c8a8137 /core
parent0004bd334b0c485b2e4ece0bfae8812c7f107a0d (diff)
downloadpdfium-chromium/3538.tar.xz
M70: Avoid CHECK in fpdf_parser_decode.cpp (memcpy empty span)chromium/3538
Given a span of size N, memcpy(dest, &span[N], 0) ought to be a no-op, but since we compute span[N] before checking for zero length, we hit an assert. The correct idiom should be to create a sub-span, which allows specifying N, but only when the size is 0. Bug: chromium:879910,chromium:889356 Change-Id: Ic6f368109a5c2f1e13a5f638c6a233769e2ad41b Reviewed-on: https://pdfium-review.googlesource.com/41930 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> (cherry picked from commit 73e97f4fac2f4f591ff62e70377a80fd40b5f6f3) Reviewed-on: https://pdfium-review.googlesource.com/43271
Diffstat (limited to 'core')
-rw-r--r--core/fpdfapi/parser/fpdf_parser_decode.cpp3
1 files changed, 2 insertions, 1 deletions
diff --git a/core/fpdfapi/parser/fpdf_parser_decode.cpp b/core/fpdfapi/parser/fpdf_parser_decode.cpp
index 7a9f798c85..e8bb21ca92 100644
--- a/core/fpdfapi/parser/fpdf_parser_decode.cpp
+++ b/core/fpdfapi/parser/fpdf_parser_decode.cpp
@@ -256,7 +256,8 @@ uint32_t RunLengthDecode(pdfium::span<const uint8_t> src_span,
copy_len = buf_left;
memset(*dest_buf + dest_count + copy_len, '\0', delta);
}
- memcpy(*dest_buf + dest_count, &src_span[i + 1], copy_len);
+ auto copy_span = src_span.subspan(i + 1, copy_len);
+ memcpy(*dest_buf + dest_count, copy_span.data(), copy_span.size());
dest_count += src_span[i] + 1;
i += src_span[i] + 2;
} else {