summaryrefslogtreecommitdiff
path: root/xfa/fgas/layout/cfx_txtbreak.cpp
diff options
context:
space:
mode:
authorHenrique Nakashima <hnakashima@chromium.org>2018-04-30 20:01:33 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-04-30 20:01:33 +0000
commitf213df4a87ede709db1f311bbad3c68fbccf159c (patch)
treea884f86c120d2778645d4a56ff70b96b8ef821eb /xfa/fgas/layout/cfx_txtbreak.cpp
parent94161d59fd3c815e404fb3f027becf056516a5da (diff)
downloadpdfium-f213df4a87ede709db1f311bbad3c68fbccf159c.tar.xz
Fix Integer-overflow in CFX_TxtBreak::AppendChar_Others
Bug: chromium:838095 Change-Id: I6fbb67ad763800eb45fb3c84f909f74e238748e0 Reviewed-on: https://pdfium-review.googlesource.com/31750 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'xfa/fgas/layout/cfx_txtbreak.cpp')
-rw-r--r--xfa/fgas/layout/cfx_txtbreak.cpp18
1 files changed, 13 insertions, 5 deletions
diff --git a/xfa/fgas/layout/cfx_txtbreak.cpp b/xfa/fgas/layout/cfx_txtbreak.cpp
index 3a2929d226..9859bc3b3e 100644
--- a/xfa/fgas/layout/cfx_txtbreak.cpp
+++ b/xfa/fgas/layout/cfx_txtbreak.cpp
@@ -175,7 +175,7 @@ CFX_BreakType CFX_TxtBreak::AppendChar_Arabic(CFX_Char* pCurChar) {
CFX_BreakType CFX_TxtBreak::AppendChar_Others(CFX_Char* pCurChar) {
FX_CHARTYPE chartype = pCurChar->GetCharType();
int32_t& iLineWidth = m_pCurLine->m_iWidth;
- int32_t iCharWidth = 0;
+ FX_SAFE_INT32 iCharWidth = 0;
m_eCharType = chartype;
wchar_t wch = pCurChar->char_code();
wchar_t wForm = wch;
@@ -183,16 +183,24 @@ CFX_BreakType CFX_TxtBreak::AppendChar_Others(CFX_Char* pCurChar) {
if (m_bCombText) {
iCharWidth = m_iCombWidth;
} else {
- if (!m_pFont->GetCharWidth(wForm, iCharWidth))
+ int32_t iCharWidthOut;
+ if (m_pFont->GetCharWidth(wForm, iCharWidthOut))
+ iCharWidth = iCharWidthOut;
+ else
iCharWidth = m_iDefChar;
iCharWidth *= m_iFontSize;
- iCharWidth = iCharWidth * m_iHorizontalScale / 100;
+ iCharWidth *= m_iHorizontalScale;
+ iCharWidth /= 100;
}
iCharWidth += m_iCharSpace;
- pCurChar->m_iCharWidth = iCharWidth;
- iLineWidth += iCharWidth;
+ if (!iCharWidth.IsValid())
+ return CFX_BreakType::None;
+
+ int32_t iCharWidthValid = iCharWidth.ValueOrDie();
+ pCurChar->m_iCharWidth = iCharWidthValid;
+ iLineWidth += iCharWidthValid;
if (!m_bSingleLine && chartype != FX_CHARTYPE_Space &&
iLineWidth > m_iLineWidth + m_iTolerance) {
return EndBreak(CFX_BreakType::Line);