commit | e6662ef48d8d2d658faa684c6f5b4aa0323d552d | [log] [tgz] |
---|---|---|
author | Lei Zhang <thestig@chromium.org> | Fri Feb 15 19:15:07 2019 +0000 |
committer | Chromium commit bot <commit-bot@chromium.org> | Fri Feb 15 19:15:07 2019 +0000 |
tree | 879cc113b980974db2696ebce7ab7a572fd7bc67 | |
parent | 0389ff1a7228dc8be531a10d00ac24f118aac381 [diff] |
M73: Fix an integer overflow inside cpdf_textpage.cpp. BUG=chromium:919643 TBR=tsepez@chromium.org Change-Id: Ibc098f6076359383668fda511a50dac018e0e98a Reviewed-on: https://pdfium-review.googlesource.com/c/50071 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> (cherry picked from commit a7eba4c47da193c9415356ac48a946556b747448) Reviewed-on: https://pdfium-review.googlesource.com/c/50891 Reviewed-by: Lei Zhang <thestig@chromium.org>
diff --git a/core/fpdftext/cpdf_textpage.cpp b/core/fpdftext/cpdf_textpage.cpp index 13d8f0c..6b0a72e 100644 --- a/core/fpdftext/cpdf_textpage.cpp +++ b/core/fpdftext/cpdf_textpage.cpp
@@ -154,8 +154,11 @@ if (w > 0) return w; - ASSERT(pFont->GetCharBBox(charCode).Width() >= 0); - return pFont->GetCharBBox(charCode).Width(); + FX_RECT rect = pFont->GetCharBBox(charCode); + if (!rect.Valid()) + return 0; + + return std::max(rect.Width(), 0); } bool GenerateSpace(const CFX_PointF& pos,