summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2018-09-04 19:41:51 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-09-04 19:41:51 +0000
commit73e97f4fac2f4f591ff62e70377a80fd40b5f6f3 (patch)
tree712832dc07e46f8e599975bc190055b859f62079 /core
parent6b2e2f0ec7c5f629c5270d14c2339197af7392d8 (diff)
downloadpdfium-73e97f4fac2f4f591ff62e70377a80fd40b5f6f3.tar.xz
Avoid CHECK in fpdf_parser_decode.cpp (memcpy empty span)
Given a span of size N, memcpy(dest, &span[N], 0) ought to be a no-op, but since we compute span[N] before checking for zero length, we hit an assert. The correct idiom should be to create a sub-span, which allows specifying N, but only when the size is 0. Bug: 879910 Change-Id: Ic6f368109a5c2f1e13a5f638c6a233769e2ad41b Reviewed-on: https://pdfium-review.googlesource.com/41930 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'core')
-rw-r--r--core/fpdfapi/parser/fpdf_parser_decode.cpp3
1 files changed, 2 insertions, 1 deletions
diff --git a/core/fpdfapi/parser/fpdf_parser_decode.cpp b/core/fpdfapi/parser/fpdf_parser_decode.cpp
index de93acf938..410c9a9b8d 100644
--- a/core/fpdfapi/parser/fpdf_parser_decode.cpp
+++ b/core/fpdfapi/parser/fpdf_parser_decode.cpp
@@ -239,7 +239,8 @@ uint32_t RunLengthDecode(pdfium::span<const uint8_t> src_span,
copy_len = buf_left;
memset(*dest_buf + dest_count + copy_len, '\0', delta);
}
- memcpy(*dest_buf + dest_count, &src_span[i + 1], copy_len);
+ auto copy_span = src_span.subspan(i + 1, copy_len);
+ memcpy(*dest_buf + dest_count, copy_span.data(), copy_span.size());
dest_count += src_span[i] + 1;
i += src_span[i] + 2;
} else {