Fix a bad array index calculation in CFDE_TextOut::ReloadLinePiece(). ReloadLinePiece() should not assume the pieces being reloaded are contiguous and in-order. Bug: chromium:953881 Change-Id: I0677a79f4424be24a4473bba96e5192d2e726b3f Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/95190 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nigi <nigi@chromium.org>
diff --git a/xfa/fde/cfde_textout.cpp b/xfa/fde/cfde_textout.cpp index 0b9441a..7debf25 100644 --- a/xfa/fde/cfde_textout.cpp +++ b/xfa/fde/cfde_textout.cpp
@@ -466,13 +466,13 @@ CFGAS_Char::BreakType break_status = CFGAS_Char::BreakType::kNone; for (size_t piece_index = 0; piece_index < piece_count; ++piece_index) { const Piece* piece = line->GetPieceAtIndex(piece_index); - if (piece_index == 0) { - start_char = piece->start_char; + if (piece_index == 0) m_fLinePos = piece->bounds.top; - } - size_t end = start_char + piece->char_count; - for (size_t start = start_char; start < end; ++start) { - break_status = m_pTxtBreak->AppendChar(text_span[start]); + + start_char = piece->start_char; + const size_t end = piece->start_char + piece->char_count; + for (size_t char_index = start_char; char_index < end; ++char_index) { + break_status = m_pTxtBreak->AppendChar(text_span[char_index]); if (!CFX_BreakTypeNoneOrPiece(break_status)) RetrievePieces(break_status, true, rect, &start_char, &piece_widths); }
diff --git a/xfa/fde/cfde_textout_unittest.cpp b/xfa/fde/cfde_textout_unittest.cpp index 57e60a5..b83cbfd 100644 --- a/xfa/fde/cfde_textout_unittest.cpp +++ b/xfa/fde/cfde_textout_unittest.cpp
@@ -115,10 +115,40 @@ "101745f76351fd5d916bf3817b71563c"; return kEmptyLargeBitmapChecksum; } + + const char* GetLargeTextBlobChecksum() { +#if defined(_SKIA_SUPPORT_) + static const char kExpectedChecksum[] = "6181929583fd7651169306852397806f"; +#else + static const char kExpectedChecksum[] = "268b71a8660b51e31c6bf30fc7ff1e08"; +#endif + return kExpectedChecksum; + } }; -// See crbug.com/1342078 -TEST_F(CFDETextOutLargeBitmapTest, DrawLogicText) { +TEST_F(CFDETextOutLargeBitmapTest, DrawLogicTextBug953881) { + FDE_TextStyle styles; + styles.single_line_ = true; + text_out().SetStyles(styles); + text_out().SetAlignment(FDE_TextAlignment::kCenterLeft); + text_out().SetFontSize(10.0f); + + static const wchar_t kText[] = + L"SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS" + L"SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSssssssssss" + L"sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" + L"sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" + L"sssssssssssssssssssssssssssssssssssssssssssssssssnnnnnnnnnnn" + "\xfeba" + L"Sssssssssssssssssss" + "\xfeba" + L"iiiiisssss"; + text_out().DrawLogicText(device(), WideString(kText), + CFX_RectF(3, 3, 2048, 10)); + EXPECT_STREQ(GetLargeTextBlobChecksum(), GetBitmapChecksum().c_str()); +} + +TEST_F(CFDETextOutLargeBitmapTest, DrawLogicTextBug1342078) { FDE_TextStyle styles; styles.single_line_ = true; text_out().SetStyles(styles); @@ -137,11 +167,6 @@ L"iiiiiiiiiisssss"; text_out().DrawLogicText(device(), WideString(kText), CFX_RectF(3, 3, 2048, 10)); -#if defined(_SKIA_SUPPORT_) - static const char kExpectedChecksum[] = "6181929583fd7651169306852397806f"; -#else - static const char kExpectedChecksum[] = "268b71a8660b51e31c6bf30fc7ff1e08"; -#endif - EXPECT_STREQ(kExpectedChecksum, GetBitmapChecksum().c_str()); + EXPECT_STREQ(GetLargeTextBlobChecksum(), GetBitmapChecksum().c_str()); } #endif // !BUILDFLAG(IS_WIN)