summaryrefslogtreecommitdiff
path: root/xfa/fgas/layout
diff options
context:
space:
mode:
authorDan Sinclair <dsinclair@chromium.org>2018-05-17 19:19:03 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-05-17 19:19:03 +0000
commitc524fc91aa42a8e34b4daf9a67fa283e25f48560 (patch)
treed372870ae1abab7be4977f022de7df04cc0c9a7f /xfa/fgas/layout
parentc647ed6de2732970309b17c4c132e2848b1dcfe5 (diff)
downloadpdfium-c524fc91aa42a8e34b4daf9a67fa283e25f48560.tar.xz
More overflow checks in bidi code
There are several more places where the width is added to a characters valid width in the bidi code. This CL changes all occurances to used a check numeric. Bug: chromium:844046 Change-Id: Idd8be3a4a576af626b5afa6f7cd04cc160b929d5 Reviewed-on: https://pdfium-review.googlesource.com/32714 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'xfa/fgas/layout')
-rw-r--r--xfa/fgas/layout/cfx_rtfbreak.cpp27
1 files changed, 23 insertions, 4 deletions
diff --git a/xfa/fgas/layout/cfx_rtfbreak.cpp b/xfa/fgas/layout/cfx_rtfbreak.cpp
index f7369bd11a..11a5c56828 100644
--- a/xfa/fgas/layout/cfx_rtfbreak.cpp
+++ b/xfa/fgas/layout/cfx_rtfbreak.cpp
@@ -137,8 +137,14 @@ void CFX_RTFBreak::AppendChar_Combination(CFX_Char* pCurChar) {
int32_t iCharWidthValid = iCharWidth.ValueOrDefault(0);
pCurChar->m_iCharWidth = iCharWidthValid;
- if (iCharWidthValid > 0)
- m_pCurLine->m_iWidth += iCharWidthValid;
+ if (iCharWidthValid > 0) {
+ pdfium::base::CheckedNumeric<int32_t> checked_width = m_pCurLine->m_iWidth;
+ checked_width += iCharWidthValid;
+ if (!checked_width.IsValid())
+ return;
+
+ m_pCurLine->m_iWidth = checked_width.ValueOrDie();
+ }
}
void CFX_RTFBreak::AppendChar_Tab(CFX_Char* pCurChar) {
@@ -208,7 +214,14 @@ CFX_BreakType CFX_RTFBreak::AppendChar_Arabic(CFX_Char* pCurChar) {
int iCharWidthValid = iCharWidth.ValueOrDefault(0);
pLastChar->m_iCharWidth = iCharWidthValid;
- m_pCurLine->m_iWidth += iCharWidthValid;
+
+ pdfium::base::CheckedNumeric<int32_t> checked_width =
+ m_pCurLine->m_iWidth;
+ checked_width += iCharWidthValid;
+ if (!checked_width.IsValid())
+ return CFX_BreakType::None;
+
+ m_pCurLine->m_iWidth = checked_width.ValueOrDie();
iCharWidth = 0;
}
}
@@ -230,7 +243,13 @@ CFX_BreakType CFX_RTFBreak::AppendChar_Arabic(CFX_Char* pCurChar) {
int iCharWidthValid = iCharWidth.ValueOrDefault(0);
pCurChar->m_iCharWidth = iCharWidthValid;
- m_pCurLine->m_iWidth += iCharWidthValid;
+
+ pdfium::base::CheckedNumeric<int32_t> checked_width = m_pCurLine->m_iWidth;
+ checked_width += iCharWidthValid;
+ if (!checked_width.IsValid())
+ return CFX_BreakType::None;
+
+ m_pCurLine->m_iWidth = checked_width.ValueOrDie();
m_pCurLine->m_iArabicChars++;
if (m_pCurLine->GetLineEnd() > m_iLineWidth + m_iTolerance)