Fix suspicious apple-specific memcpy() in CPDF_Type1Font
m_ExtGID and m_GlyphIndex are both uint16_t[256], and are being filled
with 256 entries in the code, but the memcpy is only moving half the
data (256 bytes, not 256 elements).
Change-Id: Ic4e96cf822a398098686c9c3390aaaa6c4e25726
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/80012
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/core/fpdfapi/font/cpdf_type1font.cpp b/core/fpdfapi/font/cpdf_type1font.cpp
index 6489d26..85be683 100644
--- a/core/fpdfapi/font/cpdf_type1font.cpp
+++ b/core/fpdfapi/font/cpdf_type1font.cpp
@@ -157,7 +157,7 @@
if (bGotOne) {
#if defined(OS_APPLE)
if (!bCoreText)
- memcpy(m_ExtGID, m_GlyphIndex, 256);
+ memcpy(m_ExtGID, m_GlyphIndex, sizeof(m_ExtGID));
#endif
return;
}
@@ -188,7 +188,7 @@
}
#if defined(OS_APPLE)
if (!bCoreText)
- memcpy(m_ExtGID, m_GlyphIndex, 256);
+ memcpy(m_ExtGID, m_GlyphIndex, sizeof(m_ExtGID));
#endif
return;
}
@@ -288,8 +288,7 @@
}
#if defined(OS_APPLE)
if (!bCoreText)
- memcpy(m_ExtGID, m_GlyphIndex, 256);
-
+ memcpy(m_ExtGID, m_GlyphIndex, sizeof(m_ExtGID));
#endif
return;
}
@@ -317,7 +316,7 @@
}
#if defined(OS_APPLE)
if (!bCoreText)
- memcpy(m_ExtGID, m_GlyphIndex, 256);
+ memcpy(m_ExtGID, m_GlyphIndex, sizeof(m_ExtGID));
#endif
}
