From 73733f079c086562d8e7c2943ed16cf6f95b2c42 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Wed, 2 Mar 2016 17:38:08 -0800 Subject: Check that the names buffer is not empty before passing to GetNameFromTT. Due to implicit conversion if the names buffer is empty then nullptr will be passed to GetNameFromTT which blindly dereferences it leading to a NPD if an invalid font file is read. BUG=583037 Patch by forshaw@ R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1763493003 . --- core/src/fxge/ge/fx_ge_fontmap.cpp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'core/src/fxge/ge/fx_ge_fontmap.cpp') diff --git a/core/src/fxge/ge/fx_ge_fontmap.cpp b/core/src/fxge/ge/fx_ge_fontmap.cpp index 06b58ea3ab..890de616d1 100644 --- a/core/src/fxge/ge/fx_ge_fontmap.cpp +++ b/core/src/fxge/ge/fx_ge_fontmap.cpp @@ -1421,6 +1421,9 @@ void CFX_FolderFontInfo::ReportFace(const CFX_ByteString& path, } CFX_ByteString names = FPDF_LoadTableFromTT(pFile, tables, nTables, 0x6e616d65); + if (names.IsEmpty()) { + return; + } CFX_ByteString facename = GetNameFromTT(names, 1); CFX_ByteString style = GetNameFromTT(names, 2); if (style != "Regular") { -- cgit v1.2.3