diff options
-rw-r--r-- | core/fpdfapi/fpdf_font/fpdf_font_cid.cpp | 16 | ||||
-rw-r--r-- | core/fpdfapi/fpdf_font/fpdf_font_cid_unittest.cpp | 5 |
2 files changed, 16 insertions, 5 deletions
diff --git a/core/fpdfapi/fpdf_font/fpdf_font_cid.cpp b/core/fpdfapi/fpdf_font/fpdf_font_cid.cpp index 3f95ec4a96..96c1ef5753 100644 --- a/core/fpdfapi/fpdf_font/fpdf_font_cid.cpp +++ b/core/fpdfapi/fpdf_font/fpdf_font_cid.cpp @@ -441,16 +441,22 @@ void CPDF_CMapParser::ParseWord(const CFX_ByteStringC& word) { // Static. uint32_t CPDF_CMapParser::CMap_GetCode(const CFX_ByteStringC& word) { - int num = 0; + pdfium::base::CheckedNumeric<uint32_t> num = 0; if (word.GetAt(0) == '<') { - for (int i = 1; i < word.GetLength() && std::isxdigit(word.GetAt(i)); ++i) + for (int i = 1; i < word.GetLength() && std::isxdigit(word.GetAt(i)); ++i) { num = num * 16 + FXSYS_toHexDigit(word.GetAt(i)); - return num; + if (!num.IsValid()) + return 0; + } + return num.ValueOrDie(); } - for (int i = 0; i < word.GetLength() && std::isdigit(word.GetAt(i)); ++i) + for (int i = 0; i < word.GetLength() && std::isdigit(word.GetAt(i)); ++i) { num = num * 10 + FXSYS_toDecimalDigit(static_cast<FX_WCHAR>(word.GetAt(i))); - return num; + if (!num.IsValid()) + return 0; + } + return num.ValueOrDie(); } // Static. diff --git a/core/fpdfapi/fpdf_font/fpdf_font_cid_unittest.cpp b/core/fpdfapi/fpdf_font/fpdf_font_cid_unittest.cpp index ccf49ee46a..ec05df5226 100644 --- a/core/fpdfapi/fpdf_font/fpdf_font_cid_unittest.cpp +++ b/core/fpdfapi/fpdf_font/fpdf_font_cid_unittest.cpp @@ -28,6 +28,11 @@ TEST(fpdf_font_cid, CMap_GetCode) { EXPECT_EQ(12u, CPDF_CMapParser::CMap_GetCode("12")); EXPECT_EQ(12u, CPDF_CMapParser::CMap_GetCode("12d")); EXPECT_EQ(128u, CPDF_CMapParser::CMap_GetCode("128")); + + EXPECT_EQ(4294967295u, CPDF_CMapParser::CMap_GetCode("<FFFFFFFF")); + + // Overflow a uint32_t. + EXPECT_EQ(0u, CPDF_CMapParser::CMap_GetCode("<100000000")); } TEST(fpdf_font_cid, CMap_GetCodeRange) { |