Remove potential out of bounds call to GetAt()

Since m_pos is passed into GetAt() on the underlying string in
getCurrentChar(), the value of it needs to confirmed to be valid after
decrementing. Some types were changed to reflect the values being
stored.

BUG=chromium:752480

Change-Id: Ib6d6f52326defd31785e70a17049a08b64dbe069
Reviewed-on: https://pdfium-review.googlesource.com/10652
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

1 files changed, 8 insertions, 2 deletions

diff --git a/fxbarcode/datamatrix/BC_C40Encoder.cpp b/fxbarcode/datamatrix/BC_C40Encoder.cpp
index e994774c4d..8edd9eccfe 100644
--- a/fxbarcode/datamatrix/BC_C40Encoder.cpp
+++ b/fxbarcode/datamatrix/BC_C40Encoder.cpp
@@ -189,8 +189,14 @@ int32_t CBC_C40Encoder::encodeChar(wchar_t c, CFX_WideString& sb, int32_t& e) {
 int32_t CBC_C40Encoder::BacktrackOneCharacter(CBC_EncoderContext* context,
                                               CFX_WideString* buffer,
                                               int32_t lastCharSize) {
+  if (context->m_pos < 1)
+    return -1;
+
   int32_t count = buffer->GetLength();
-  buffer->Delete(count - lastCharSize, count);
+  if (count < lastCharSize)
+    return -1;
+
+  buffer->Delete(count - lastCharSize, lastCharSize);
   context->m_pos--;
   wchar_t c = context->getCurrentChar();
   int32_t e = BCExceptionNO;
@@ -199,7 +205,7 @@ int32_t CBC_C40Encoder::BacktrackOneCharacter(CBC_EncoderContext* context,
   if (e != BCExceptionNO)
     return -1;
 
-  assert(len > 0);
+  ASSERT(len > 0);
   context->resetSymbolInfo();
   return len;
 }