M73: Fix an integer overflow inside cpdf_textpage.cpp. BUG=chromium:919643 TBR=tsepez@chromium.org Change-Id: Ibc098f6076359383668fda511a50dac018e0e98a Reviewed-on: https://pdfium-review.googlesource.com/c/50071 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> (cherry picked from commit a7eba4c47da193c9415356ac48a946556b747448) Reviewed-on: https://pdfium-review.googlesource.com/c/50891 Reviewed-by: Lei Zhang <thestig@chromium.org>

commit: e6662ef48d8d2d658faa684c6f5b4aa0323d552d [log] [tgz]
author: Lei Zhang <thestig@chromium.org> Fri Feb 15 19:15:07 2019 +0000
committer: Chromium commit bot <commit-bot@chromium.org> Fri Feb 15 19:15:07 2019 +0000
tree: 879cc113b980974db2696ebce7ab7a572fd7bc67
parent: 0389ff1a7228dc8be531a10d00ac24f118aac381 [diff]
diff --git a/core/fpdftext/cpdf_textpage.cpp b/core/fpdftext/cpdf_textpage.cpp
index 13d8f0c..6b0a72e 100644
--- a/core/fpdftext/cpdf_textpage.cpp
+++ b/core/fpdftext/cpdf_textpage.cpp

@@ -154,8 +154,11 @@
   if (w > 0)
     return w;
 
-  ASSERT(pFont->GetCharBBox(charCode).Width() >= 0);
-  return pFont->GetCharBBox(charCode).Width();
+  FX_RECT rect = pFont->GetCharBBox(charCode);
+  if (!rect.Valid())
+    return 0;
+
+  return std::max(rect.Width(), 0);
 }
 
 bool GenerateSpace(const CFX_PointF& pos,
commit	e6662ef48d8d2d658faa684c6f5b4aa0323d552d	[log] [tgz]
author	Lei Zhang <thestig@chromium.org>	Fri Feb 15 19:15:07 2019 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	Fri Feb 15 19:15:07 2019 +0000
tree	879cc113b980974db2696ebce7ab7a572fd7bc67
parent	0389ff1a7228dc8be531a10d00ac24f118aac381 [diff]