From ea7b333c73ea3e1847e79cabdd85853af67d6d6c Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Fri, 8 May 2015 13:52:49 -0700 Subject: Merge to XFA: Fix a bunch of -Wunused-but-set-variable warnings. Also fix a few nits and other errors along the way. Review URL: https://codereview.chromium.org/1098583002 Review URL: https://codereview.chromium.org/1135713004 (cherry picked from commit f0a169e6fd5718995fa6ef8749c8d16cdad84985) (cherry picked from commit 470408c2ffe71e99cebad0d1d6887f1723f02cef) R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1133453006 --- core/src/fxge/ge/fx_ge_fontmap.cpp | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'core/src/fxge/ge/fx_ge_fontmap.cpp') diff --git a/core/src/fxge/ge/fx_ge_fontmap.cpp b/core/src/fxge/ge/fx_ge_fontmap.cpp index 9a8380b77e..c668f54834 100644 --- a/core/src/fxge/ge/fx_ge_fontmap.cpp +++ b/core/src/fxge/ge/fx_ge_fontmap.cpp @@ -1464,14 +1464,29 @@ void CFX_FolderFontInfo::ScanFile(CFX_ByteString& path) FX_BYTE buffer[16]; FXSYS_fseek(pFile, 0, FXSYS_SEEK_SET); size_t readCnt = FXSYS_fread(buffer, 12, 1, pFile); + if (readCnt != 1) { + FXSYS_fclose(pFile); + return; + } + if (GET_TT_LONG(buffer) == 0x74746366) { FX_DWORD nFaces = GET_TT_LONG(buffer + 8); - FX_LPBYTE offsets = FX_Alloc(FX_BYTE, nFaces * 4); + if (nFaces > FX_DWORD_MAX / 4) { + FXSYS_fclose(pFile); + return; + } + FX_DWORD face_bytes = nFaces * 4; + FX_LPBYTE offsets = FX_Alloc(FX_BYTE, face_bytes); if (!offsets) { FXSYS_fclose(pFile); return; } - readCnt = FXSYS_fread(offsets, nFaces * 4, 1, pFile); + readCnt = FXSYS_fread(offsets, face_bytes, 1, pFile); + if (readCnt != face_bytes) { + FX_Free(offsets); + FXSYS_fclose(pFile); + return; + } for (FX_DWORD i = 0; i < nFaces; i ++) { FX_LPBYTE p = offsets + i * 4; ReportFace(path, pFile, filesize, GET_TT_LONG(p)); -- cgit v1.2.3