diff options
| author | Tom Sepez <tsepez@chromium.org> | 2018-09-04 19:41:51 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-09-04 19:41:51 +0000 |
| commit | 73e97f4fac2f4f591ff62e70377a80fd40b5f6f3 (patch) | |
| tree | 712832dc07e46f8e599975bc190055b859f62079 /core | |
| parent | 6b2e2f0ec7c5f629c5270d14c2339197af7392d8 (diff) | |
| download | pdfium-73e97f4fac2f4f591ff62e70377a80fd40b5f6f3.tar.xz | |
Avoid CHECK in fpdf_parser_decode.cpp (memcpy empty span)
Given a span of size N, memcpy(dest, &span[N], 0) ought to be a no-op,
but since we compute span[N] before checking for zero length, we hit
an assert. The correct idiom should be to create a sub-span, which
allows specifying N, but only when the size is 0.
Bug: 879910
Change-Id: Ic6f368109a5c2f1e13a5f638c6a233769e2ad41b
Reviewed-on: https://pdfium-review.googlesource.com/41930
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'core')
| -rw-r--r-- | core/fpdfapi/parser/fpdf_parser_decode.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/fpdfapi/parser/fpdf_parser_decode.cpp b/core/fpdfapi/parser/fpdf_parser_decode.cpp index de93acf938..410c9a9b8d 100644 --- a/core/fpdfapi/parser/fpdf_parser_decode.cpp +++ b/core/fpdfapi/parser/fpdf_parser_decode.cpp @@ -239,7 +239,8 @@ uint32_t RunLengthDecode(pdfium::span<const uint8_t> src_span, copy_len = buf_left; memset(*dest_buf + dest_count + copy_len, '\0', delta); } - memcpy(*dest_buf + dest_count, &src_span[i + 1], copy_len); + auto copy_span = src_span.subspan(i + 1, copy_len); + memcpy(*dest_buf + dest_count, copy_span.data(), copy_span.size()); dest_count += src_span[i] + 1; i += src_span[i] + 2; } else { |