From 409b663d532d4d6f09a1188fa3b9ac4044708bc4 Mon Sep 17 00:00:00 2001
From: Dan Sinclair <dsinclair@chromium.org>
Date: Thu, 23 Mar 2017 11:33:52 -0400
Subject: Handle the Clip command list being empty

If the command list is already empty when we attempt to restore the clip
we will access outside the command array.

BUG=chromium:704442

Change-Id: Ib7c44e14f0de175f1c10c1a538d16987aa49bf8a
Reviewed-on: https://pdfium-review.googlesource.com/3159
Reviewed-by: Cary Clark <caryclark@google.com>
Commit-Queue: dsinclair <dsinclair@chromium.org>
---
 core/fxge/skia/fx_skia_device.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/core/fxge/skia/fx_skia_device.cpp b/core/fxge/skia/fx_skia_device.cpp
index 949ffb8031..53432224a5 100644
--- a/core/fxge/skia/fx_skia_device.cpp
+++ b/core/fxge/skia/fx_skia_device.cpp
@@ -949,6 +949,13 @@ class SkiaState {
   bool ClipRestore() {
     if (m_debugDisable)
       return false;
+
+    // TODO(dsinclair): This check works around crbug.com/704442 where
+    // it looks like we have a ClipRestore without a corresponding ClipSave.
+    // We need to track down the imbalance and fix correctly.
+    if (m_commandIndex == 0)
+      return true;
+
     Dump(__func__);
     while (Clip::kSave != m_commands[--m_commandIndex]) {
       SkASSERT(m_commandIndex > 0);
-- 
cgit v1.2.3