From 46d2e278f62454ed2392630b6d18d33d380a20eb Mon Sep 17 00:00:00 2001
From: Oliver Chang <ochang@chromium.org>
Date: Tue, 10 Nov 2015 14:11:52 -0800
Subject: Prevent buffer underflow in CPDF_TextObject::CalcPositionData

R=tsepez@chromium.org

BUG=554115

Review URL: https://codereview.chromium.org/1435473004 .
---
 core/src/fpdfapi/fpdf_page/fpdf_page.cpp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page.cpp
index eaa8ef1127..3777cd078c 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page.cpp
@@ -409,11 +409,11 @@ void CPDF_TextObject::CalcPositionData(FX_FLOAT* pTextAdvanceX,
   for (int i = 0; i < m_nChars; ++i) {
     FX_DWORD charcode =
         m_nChars == 1 ? (FX_DWORD)(uintptr_t)m_pCharCodes : m_pCharCodes[i];
-    if (charcode == (FX_DWORD)-1) {
-      curpos -= FXSYS_Mul(m_pCharPos[i - 1], fontsize) / 1000;
-      continue;
-    }
-    if (i) {
+    if (i > 0) {
+      if (charcode == (FX_DWORD)-1) {
+        curpos -= FXSYS_Mul(m_pCharPos[i - 1], fontsize) / 1000;
+        continue;
+      }
       m_pCharPos[i - 1] = curpos;
     }
     FX_RECT char_rect;
-- 
cgit v1.2.3