From e420d9c1d2ef35c862bf149ae37e6e59287c30b5 Mon Sep 17 00:00:00 2001
From: Ryan Harrison <rharrison@chromium.org>
Date: Mon, 11 Sep 2017 15:59:02 -0400
Subject: Add guard against reading more then expected from the page

This really shouldn't ever happen, but there used to be this guard in
this code and I am getting reports of crashes after it was removed. I
have added an assert, so hopefully if it is actually occuring, then we
might get a reproduction case based on a debug build crash.

BUG=chromium:763369

Change-Id: Ifaebfbcb0413a1d7777222ba838aaee234f94ae3
Reviewed-on: https://pdfium-review.googlesource.com/13691
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
---
 fpdfsdk/fpdftext.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fpdfsdk/fpdftext.cpp b/fpdfsdk/fpdftext.cpp
index 6a030b8ebd..ee4354735e 100644
--- a/fpdfsdk/fpdftext.cpp
+++ b/fpdfsdk/fpdftext.cpp
@@ -175,6 +175,10 @@ FPDF_EXPORT int FPDF_CALLCONV FPDFText_GetText(FPDF_TEXTPAGE text_page,
   if (str.GetLength() <= 0)
     return 0;
 
+  ASSERT(str.GetLength() <= static_cast<FX_STRSIZE>(count));
+  if (str.GetLength() > static_cast<FX_STRSIZE>(count))
+    str = str.Left(static_cast<FX_STRSIZE>(count));
+
   // UFT16LE_Encode doesn't handle surrogate pairs properly, so it is expected
   // the number of items to stay the same.
   CFX_ByteString cbUTF16str = str.UTF16LE_Encode();
-- 
cgit v1.2.3