From 73e97f4fac2f4f591ff62e70377a80fd40b5f6f3 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Tue, 4 Sep 2018 19:41:51 +0000 Subject: Avoid CHECK in fpdf_parser_decode.cpp (memcpy empty span) Given a span of size N, memcpy(dest, &span[N], 0) ought to be a no-op, but since we compute span[N] before checking for zero length, we hit an assert. The correct idiom should be to create a sub-span, which allows specifying N, but only when the size is 0. Bug: 879910 Change-Id: Ic6f368109a5c2f1e13a5f638c6a233769e2ad41b Reviewed-on: https://pdfium-review.googlesource.com/41930 Commit-Queue: Tom Sepez Reviewed-by: Lei Zhang --- core/fpdfapi/parser/fpdf_parser_decode.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/fpdfapi/parser/fpdf_parser_decode.cpp b/core/fpdfapi/parser/fpdf_parser_decode.cpp index de93acf938..410c9a9b8d 100644 --- a/core/fpdfapi/parser/fpdf_parser_decode.cpp +++ b/core/fpdfapi/parser/fpdf_parser_decode.cpp @@ -239,7 +239,8 @@ uint32_t RunLengthDecode(pdfium::span src_span, copy_len = buf_left; memset(*dest_buf + dest_count + copy_len, '\0', delta); } - memcpy(*dest_buf + dest_count, &src_span[i + 1], copy_len); + auto copy_span = src_span.subspan(i + 1, copy_len); + memcpy(*dest_buf + dest_count, copy_span.data(), copy_span.size()); dest_count += src_span[i] + 1; i += src_span[i] + 2; } else { -- cgit v1.2.3