From 76188c505dac5c4e35911edbc97d0dacbe366038 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Tue, 4 Sep 2018 19:59:03 +0000
Subject: Fix some more span/memcpy interactions.

Use the preferred idiom of creating a subspan, which makes the
proper checks prior to the copy.

Change-Id: Ia7f25b5760dea5707df66cf421195b23a1ce0ad0
Reviewed-on: https://pdfium-review.googlesource.com/41911
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
---
 core/fpdfapi/page/cpdf_streamparser.cpp | 6 ++++--
 core/fxcodec/codec/fx_codec.cpp         | 3 ++-
 core/fxcrt/cfx_readonlymemorystream.cpp | 3 ++-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/core/fpdfapi/page/cpdf_streamparser.cpp b/core/fpdfapi/page/cpdf_streamparser.cpp
index 0d45ed0323..9533bb2a17 100644
--- a/core/fpdfapi/page/cpdf_streamparser.cpp
+++ b/core/fpdfapi/page/cpdf_streamparser.cpp
@@ -177,7 +177,8 @@ std::unique_ptr<CPDF_Stream> CPDF_StreamParser::ReadInlineStream(
     if (OrigSize > m_pBuf.size() - m_Pos)
       OrigSize = m_pBuf.size() - m_Pos;
     pData.reset(FX_Alloc(uint8_t, OrigSize));
-    memcpy(pData.get(), &m_pBuf[m_Pos], OrigSize);
+    auto copy_span = m_pBuf.subspan(m_Pos, OrigSize);
+    memcpy(pData.get(), copy_span.data(), copy_span.size());
     dwStreamSize = OrigSize;
     m_Pos += OrigSize;
   } else {
@@ -209,7 +210,8 @@ std::unique_ptr<CPDF_Stream> CPDF_StreamParser::ReadInlineStream(
     }
     m_Pos = dwSavePos;
     pData.reset(FX_Alloc(uint8_t, dwStreamSize));
-    memcpy(pData.get(), &m_pBuf[m_Pos], dwStreamSize);
+    auto copy_span = m_pBuf.subspan(m_Pos, dwStreamSize);
+    memcpy(pData.get(), copy_span.data(), copy_span.size());
     m_Pos += dwStreamSize;
   }
   pDict->SetNewFor<CPDF_Number>("Length", static_cast<int>(dwStreamSize));
diff --git a/core/fxcodec/codec/fx_codec.cpp b/core/fxcodec/codec/fx_codec.cpp
index efae53908e..b93f5418f3 100644
--- a/core/fxcodec/codec/fx_codec.cpp
+++ b/core/fxcodec/codec/fx_codec.cpp
@@ -1642,7 +1642,8 @@ uint8_t* CCodec_RLScanlineDecoder::v_GetNextLine() {
         copy_len = m_SrcBuf.size() - m_SrcOffset;
         m_bEOD = true;
       }
-      memcpy(m_pScanline.get() + col_pos, &m_SrcBuf[m_SrcOffset], copy_len);
+      auto copy_span = m_SrcBuf.subspan(m_SrcOffset, copy_len);
+      memcpy(m_pScanline.get() + col_pos, copy_span.data(), copy_span.size());
       col_pos += copy_len;
       UpdateOperator((uint8_t)copy_len);
     } else if (m_Operator > 128) {
diff --git a/core/fxcrt/cfx_readonlymemorystream.cpp b/core/fxcrt/cfx_readonlymemorystream.cpp
index 0a1a53a456..7b6a4c244d 100644
--- a/core/fxcrt/cfx_readonlymemorystream.cpp
+++ b/core/fxcrt/cfx_readonlymemorystream.cpp
@@ -29,6 +29,7 @@ bool CFX_ReadOnlyMemoryStream::ReadBlock(void* buffer,
   if (!pos.IsValid() || pos.ValueOrDie() > m_span.size())
     return false;
 
-  memcpy(buffer, &m_span[offset], size);
+  auto copy_span = m_span.subspan(offset, size);
+  memcpy(buffer, copy_span.data(), copy_span.size());
   return true;
 }
-- 
cgit v1.2.3