From 228d415eb4966e9d146fcfee48ca357d4a25bba8 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Fri, 16 Feb 2018 18:20:37 +0000 Subject: Add ASSERT to check OOB m_CharCodes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It seems m_CharCodes is in rare cases being corrupted, this CL adds ASSERTS to catch whether the corruption is due to out-of-bounds element access. Bug: 782215 Change-Id: I555ad1ccc2de3c35b2e06496f7216fba770f0759 Reviewed-on: https://pdfium-review.googlesource.com/27030 Commit-Queue: Nicolás Peña Moreno Reviewed-by: Ryan Harrison --- core/fpdfapi/page/cpdf_textobject.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/fpdfapi/page/cpdf_textobject.cpp b/core/fpdfapi/page/cpdf_textobject.cpp index 0d60d50e2c..402bf2ef66 100644 --- a/core/fpdfapi/page/cpdf_textobject.cpp +++ b/core/fpdfapi/page/cpdf_textobject.cpp @@ -32,6 +32,7 @@ size_t CPDF_TextObject::CountItems() const { void CPDF_TextObject::GetItemInfo(size_t index, CPDF_TextObjectItem* pInfo) const { + ASSERT(index < m_CharCodes.size()); pInfo->m_CharCode = m_CharCodes[index]; pInfo->m_Origin = CFX_PointF(index > 0 ? m_CharPos[index - 1] : 0, 0); if (pInfo->m_CharCode == CPDF_Font::kInvalidCharCode) @@ -160,8 +161,10 @@ void CPDF_TextObject::SetSegments(const ByteString* pStrs, const char* segment = pStrs[i].c_str(); int len = pStrs[i].GetLength(); int offset = 0; - while (offset < len) + while (offset < len) { + ASSERT(static_cast(index) < m_CharCodes.size()); m_CharCodes[index++] = pFont->GetNextChar(segment, len, offset); + } if (i != nsegs - 1) { m_CharPos[index - 1] = pKerning[i]; m_CharCodes[index++] = CPDF_Font::kInvalidCharCode; -- cgit v1.2.3