diff options
| author | npm <npm@chromium.org> | 2016-11-28 12:49:29 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-11-28 12:49:29 -0800 |
| commit | 239915200225fea4c5a02e9630044ef13fccb66d (patch) | |
| tree | fe761ea15a77754bae4cb813e3f33392a523e3c2 /xfa/fde/css/fde_cssdatatable.cpp | |
| parent | eb9625c04876c45862fb30e48a4fd6d5998db0e9 (diff) | |
| download | pdfium-239915200225fea4c5a02e9630044ef13fccb66d.tar.xz | |
Fix crash in CFDE_CSSSyntaxParser when parsing empty url
When parsing "url('')", Subtract() should be called to correctly set
m_iDatLen. But iLength will be 0 because there is no url. So I changed
the ASSERT. Also replaced some non-const refs with pointers to make the
code more readable.
BUG=659509
Review-Url: https://codereview.chromium.org/2535663003
Diffstat (limited to 'xfa/fde/css/fde_cssdatatable.cpp')
| -rw-r--r-- | xfa/fde/css/fde_cssdatatable.cpp | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/xfa/fde/css/fde_cssdatatable.cpp b/xfa/fde/css/fde_cssdatatable.cpp index d2f81833e3..2f4841429d 100644 --- a/xfa/fde/css/fde_cssdatatable.cpp +++ b/xfa/fde/css/fde_cssdatatable.cpp @@ -698,31 +698,31 @@ bool FDE_ParseCSSNumber(const FX_WCHAR* pszValue, bool FDE_ParseCSSString(const FX_WCHAR* pszValue, int32_t iValueLen, - int32_t& iOffset, - int32_t& iLength) { + int32_t* iOffset, + int32_t* iLength) { ASSERT(pszValue && iValueLen > 0); - iOffset = 0; - iLength = iValueLen; + *iOffset = 0; + *iLength = iValueLen; if (iValueLen >= 2) { FX_WCHAR first = pszValue[0], last = pszValue[iValueLen - 1]; if ((first == '\"' && last == '\"') || (first == '\'' && last == '\'')) { - iOffset = 1, iLength -= 2; + *iOffset = 1; + *iLength -= 2; } } return iValueLen > 0; } bool FDE_ParseCSSURI(const FX_WCHAR* pszValue, - int32_t iValueLen, - int32_t& iOffset, - int32_t& iLength) { - ASSERT(pszValue && iValueLen > 0); - if (iValueLen < 6 || pszValue[iValueLen - 1] != ')' || + int32_t* iOffset, + int32_t* iLength) { + ASSERT(pszValue && *iLength > 0); + if (*iLength < 6 || pszValue[*iLength - 1] != ')' || FXSYS_wcsnicmp(L"url(", pszValue, 4)) { return false; } - if (FDE_ParseCSSString(pszValue + 4, iValueLen - 5, iOffset, iLength)) { - iOffset += 4; + if (FDE_ParseCSSString(pszValue + 4, *iLength - 5, iOffset, iLength)) { + *iOffset += 4; return true; } return false; |