From f7252a074ed013e2ad3cc11e08eba90502262ce0 Mon Sep 17 00:00:00 2001 From: dsinclair Date: Tue, 30 Aug 2016 10:27:03 -0700 Subject: Guard against overflow when calculating font weight. This CL uses the safe math libraries when calculating the font weight from the StemV value as very large values for StemV can cause the signed int to overflow. BUG=chromium:641418 Review-Url: https://codereview.chromium.org/2293633002 --- core/fpdfapi/fpdf_font/cpdf_cidfont.cpp | 6 +++++- core/fpdfapi/fpdf_font/cpdf_simplefont.cpp | 10 ++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp b/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp index 491bd6d0c7..2bd886754e 100644 --- a/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp +++ b/core/fpdfapi/fpdf_font/cpdf_cidfont.cpp @@ -18,6 +18,7 @@ #include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_stream_acc.h" #include "core/fpdfapi/include/cpdf_modulemgr.h" +#include "third_party/base/numerics/safe_math.h" namespace { @@ -768,7 +769,10 @@ FX_BOOL CPDF_CIDFont::IsUnicodeCompatible() const { } void CPDF_CIDFont::LoadSubstFont() { - m_Font.LoadSubst(m_BaseFont, !m_bType1, m_Flags, m_StemV * 5, m_ItalicAngle, + pdfium::base::CheckedNumeric safeStemV(m_StemV); + safeStemV *= 5; + m_Font.LoadSubst(m_BaseFont, !m_bType1, m_Flags, + safeStemV.ValueOrDefault(FXFONT_FW_NORMAL), m_ItalicAngle, g_CharsetCPs[m_Charset], IsVertWriting()); } diff --git a/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp b/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp index 62d6959062..8c4dc8d2cd 100644 --- a/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp +++ b/core/fpdfapi/fpdf_font/cpdf_simplefont.cpp @@ -10,6 +10,7 @@ #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" #include "core/fxge/include/fx_freetype.h" +#include "third_party/base/numerics/safe_math.h" CPDF_SimpleFont::CPDF_SimpleFont() : m_BaseEncoding(PDFFONT_ENCODING_BUILTIN) { FXSYS_memset(m_CharWidth, 0xff, sizeof(m_CharWidth)); @@ -181,8 +182,13 @@ void CPDF_SimpleFont::LoadSubstFont() { m_Flags |= PDFFONT_FIXEDPITCH; } } - int weight = m_StemV < 140 ? m_StemV * 5 : (m_StemV * 4 + 140); - m_Font.LoadSubst(m_BaseFont, IsTrueTypeFont(), m_Flags, weight, m_ItalicAngle, + pdfium::base::CheckedNumeric safeStemV(m_StemV); + if (m_StemV < 140) + safeStemV *= 5; + else + safeStemV = safeStemV * 4 + 140; + m_Font.LoadSubst(m_BaseFont, IsTrueTypeFont(), m_Flags, + safeStemV.ValueOrDefault(FXFONT_FW_NORMAL), m_ItalicAngle, 0); } -- cgit v1.2.3