From 13b08aa11de74120909b871b987d010f33cd0bc6 Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Mon, 1 Oct 2018 17:47:52 +0000 Subject: M70: Avoid CHECK in fpdf_parser_decode.cpp (memcpy empty span) Given a span of size N, memcpy(dest, &span[N], 0) ought to be a no-op, but since we compute span[N] before checking for zero length, we hit an assert. The correct idiom should be to create a sub-span, which allows specifying N, but only when the size is 0. Bug: chromium:879910,chromium:889356 Change-Id: Ic6f368109a5c2f1e13a5f638c6a233769e2ad41b Reviewed-on: https://pdfium-review.googlesource.com/41930 Commit-Queue: Tom Sepez Reviewed-by: Lei Zhang (cherry picked from commit 73e97f4fac2f4f591ff62e70377a80fd40b5f6f3) Reviewed-on: https://pdfium-review.googlesource.com/43271 --- core/fpdfapi/parser/fpdf_parser_decode.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/fpdfapi/parser/fpdf_parser_decode.cpp b/core/fpdfapi/parser/fpdf_parser_decode.cpp index 7a9f798c85..e8bb21ca92 100644 --- a/core/fpdfapi/parser/fpdf_parser_decode.cpp +++ b/core/fpdfapi/parser/fpdf_parser_decode.cpp @@ -256,7 +256,8 @@ uint32_t RunLengthDecode(pdfium::span src_span, copy_len = buf_left; memset(*dest_buf + dest_count + copy_len, '\0', delta); } - memcpy(*dest_buf + dest_count, &src_span[i + 1], copy_len); + auto copy_span = src_span.subspan(i + 1, copy_len); + memcpy(*dest_buf + dest_count, copy_span.data(), copy_span.size()); dest_count += src_span[i] + 1; i += src_span[i] + 2; } else { -- cgit v1.2.3