Fix crash in CFDE_CSSSyntaxParser when parsing empty url

When parsing "url('')", Subtract() should be called to correctly set m_iDatLen. But iLength will be 0 because there is no url. So I changed the ASSERT. Also replaced some non-const refs with pointers to make the code more readable. BUG=659509 Review-Url: https://codereview.chromium.org/2535663003
author: npm <npm@chromium.org> 2016-11-28 12:49:29 -0800
committer: Commit bot <commit-bot@chromium.org> 2016-11-28 12:49:29 -0800
commit: 239915200225fea4c5a02e9630044ef13fccb66d (patch)
tree: fe761ea15a77754bae4cb813e3f33392a523e3c2 /xfa/fde/css/fde_csssyntax.cpp
parent: eb9625c04876c45862fb30e48a4fd6d5998db0e9 (diff)
download: pdfium-239915200225fea4c5a02e9630044ef13fccb66d.tar.xz
1 files changed, 10 insertions, 16 deletions
diff --git a/xfa/fde/css/fde_csssyntax.cpp b/xfa/fde/css/fde_csssyntax.cpp
index 436a94b67b..27094e1376 100644
--- a/xfa/fde/css/fde_csssyntax.cpp
+++ b/xfa/fde/css/fde_csssyntax.cpp
@@ -6,6 +6,8 @@
 
 #include "xfa/fde/css/fde_csssyntax.h"
 
+#include <algorithm>
+
 #include "xfa/fde/css/fde_cssdatatable.h"
 #include "xfa/fgas/crt/fgas_codepage.h"
 
@@ -280,16 +282,13 @@ FDE_CSSSYNTAXSTATUS CFDE_CSSSyntaxParser::DoSyntaxParse() {
 
           if (wch <= ' ' || wch == ';') {
             int32_t iURIStart, iURILength = m_TextData.GetLength();
-            if (iURILength > 0 &&
-                FDE_ParseCSSURI(m_TextData.GetBuffer(), iURILength, iURIStart,
-                                iURILength)) {
+            if (iURILength > 0 && FDE_ParseCSSURI(m_TextData.GetBuffer(),
+                                                  &iURIStart, &iURILength)) {
               m_TextData.Subtract(iURIStart, iURILength);
               SwitchMode(FDE_CSSSYNTAXMODE_MediaType);
-              if (IsImportEnabled()) {
+              if (IsImportEnabled())
                 return FDE_CSSSYNTAXSTATUS_URI;
-              } else {
-                break;
-              }
+              break;
             }
           }
           AppendChar(wch);
@@ -468,15 +467,10 @@ bool CFDE_CSSTextBuf::ExpandBuf(int32_t iDesiredSize) {
   m_iBufLen = iDesiredSize;
   return true;
 }
+
 void CFDE_CSSTextBuf::Subtract(int32_t iStart, int32_t iLength) {
-  ASSERT(iStart >= 0 && iLength > 0);
-  if (iLength > m_iDatLen - iStart) {
-    iLength = m_iDatLen - iStart;
-  }
-  if (iLength < 0) {
-    iLength = 0;
-  } else {
-    FXSYS_memmove(m_pBuffer, m_pBuffer + iStart, iLength * sizeof(FX_WCHAR));
-  }
+  ASSERT(iStart >= 0 && iLength >= 0);
+  iLength = std::max(std::min(iLength, m_iDatLen - iStart), 0);
+  FXSYS_memmove(m_pBuffer, m_pBuffer + iStart, iLength * sizeof(FX_WCHAR));
   m_iDatLen = iLength;
 }
author	npm <npm@chromium.org>	2016-11-28 12:49:29 -0800
committer	Commit bot <commit-bot@chromium.org>	2016-11-28 12:49:29 -0800
commit	239915200225fea4c5a02e9630044ef13fccb66d (patch)
tree	fe761ea15a77754bae4cb813e3f33392a523e3c2 /xfa/fde/css/fde_csssyntax.cpp
parent	eb9625c04876c45862fb30e48a4fd6d5998db0e9 (diff)
download	pdfium-239915200225fea4c5a02e9630044ef13fccb66d.tar.xz