Change CFDE_TextOut::Piece members from int to size_t. Character indices and counts should never be negative. Also initialize the POD struct members. Change-Id: Iaf9826bdbb17ad6058bea316ad0bffc2f77df01a Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/70218 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>

commit: 02e61e560f391b33b0dc396f1e2d834577123554 [log] [tgz]
author: Lei Zhang <thestig@chromium.org> Sat Jun 06 00:48:26 2020 +0000
committer: Chromium commit bot <commit-bot@chromium.org> Sat Jun 06 00:48:26 2020 +0000
tree: 3f556fba34cdcdf031d5c0782224f617f5162fa4
parent: 9b9ba210f32c2a33cff3502a75eb84c39ad5576a [diff]
diff --git a/xfa/fde/cfde_textout.cpp b/xfa/fde/cfde_textout.cpp
index 3f7617a..ab0e030 100644
--- a/xfa/fde/cfde_textout.cpp
+++ b/xfa/fde/cfde_textout.cpp

@@ -323,7 +323,7 @@
   float fLineStep = (m_fLineSpace > m_fFontSize) ? m_fLineSpace : m_fFontSize;
   float fLineStop = rect.bottom();
   m_fLinePos = rect.top;
-  int32_t iStartChar = 0;
+  size_t start_char = 0;
   int32_t iPieceWidths = 0;
   CFX_BreakType dwBreakStatus;
   bool bRet = false;
@@ -333,7 +333,7 @@
       continue;
 
     bool bEndofLine =
-        RetrievePieces(dwBreakStatus, false, rect, &iStartChar, &iPieceWidths);
+        RetrievePieces(dwBreakStatus, false, rect, &start_char, &iPieceWidths);
     if (bEndofLine &&
         (m_Styles.line_wrap_ || dwBreakStatus == CFX_BreakType::Paragraph ||
          dwBreakStatus == CFX_BreakType::Page)) {
@@ -351,7 +351,7 @@
 
   dwBreakStatus = m_pTxtBreak->EndBreak(CFX_BreakType::Paragraph);
   if (!CFX_BreakTypeNoneOrPiece(dwBreakStatus) && !bRet)
-    RetrievePieces(dwBreakStatus, false, rect, &iStartChar, &iPieceWidths);
+    RetrievePieces(dwBreakStatus, false, rect, &start_char, &iPieceWidths);
 
   m_pTxtBreak->ClearBreakPieces();
   m_pTxtBreak->Reset();
@@ -360,7 +360,7 @@
 bool CFDE_TextOut::RetrievePieces(CFX_BreakType dwBreakStatus,
                                   bool bReload,
                                   const CFX_RectF& rect,
-                                  int32_t* pStartChar,
+                                  size_t* pStartChar,
                                   int32_t* pPieceWidths) {
   float fLineStep = (m_fLineSpace > m_fFontSize) ? m_fLineSpace : m_fFontSize;
   bool bNeedReload = false;
@@ -452,19 +452,19 @@
   size_t iPieceIndex = 0;
   size_t iPieceCount = pLine->GetSize();
   const Piece* pPiece = pLine->GetPieceAtIndex(0);
-  int32_t iStartChar = pPiece->start_char;
+  size_t start_char = pPiece->start_char;
   int32_t iPieceWidths = 0;
   CFX_BreakType dwBreakStatus = CFX_BreakType::None;
   m_fLinePos = pPiece->bounds.top;
   while (iPieceIndex < iPieceCount) {
-    int32_t iStart = iStartChar;
-    int32_t iEnd = pPiece->char_count + iStart;
-    while (iStart < iEnd) {
-      dwBreakStatus = m_pTxtBreak->AppendChar(text_span[iStart]);
+    size_t start = start_char;
+    size_t end = pPiece->char_count + start;
+    while (start < end) {
+      dwBreakStatus = m_pTxtBreak->AppendChar(text_span[start]);
       if (!CFX_BreakTypeNoneOrPiece(dwBreakStatus))
-        RetrievePieces(dwBreakStatus, true, rect, &iStartChar, &iPieceWidths);
+        RetrievePieces(dwBreakStatus, true, rect, &start_char, &iPieceWidths);
 
-      ++iStart;
+      ++start;
     }
     ++iPieceIndex;
     pPiece = pLine->GetPieceAtIndex(iPieceIndex);
@@ -472,7 +472,7 @@
 
   dwBreakStatus = m_pTxtBreak->EndBreak(CFX_BreakType::Paragraph);
   if (!CFX_BreakTypeNoneOrPiece(dwBreakStatus))
-    RetrievePieces(dwBreakStatus, true, rect, &iStartChar, &iPieceWidths);
+    RetrievePieces(dwBreakStatus, true, rect, &start_char, &iPieceWidths);
 
   m_pTxtBreak->Reset();
 }
@@ -501,9 +501,7 @@
 }
 
 size_t CFDE_TextOut::GetDisplayPos(const Piece* pPiece) {
-  ASSERT(pPiece->char_count >= 0);
-
-  if (pdfium::CollectionSize<int32_t>(m_CharPos) < pPiece->char_count)
+  if (m_CharPos.size() < pPiece->char_count)
     m_CharPos.resize(pPiece->char_count, TextCharPos());
 
   CFX_TxtBreak::Run tr;

diff --git a/xfa/fde/cfde_textout.h b/xfa/fde/cfde_textout.h
index 61efc4a..efb88b6 100644
--- a/xfa/fde/cfde_textout.h
+++ b/xfa/fde/cfde_textout.h

@@ -56,9 +56,9 @@
     Piece(const Piece& that);
     ~Piece();
 
-    int32_t start_char;
-    int32_t char_count;
-    uint32_t char_styles;
+    size_t start_char = 0;
+    size_t char_count = 0;
+    uint32_t char_styles = 0;
     CFX_RectF bounds;
   };
 
@@ -93,7 +93,7 @@
   bool RetrievePieces(CFX_BreakType dwBreakStatus,
                       bool bReload,
                       const CFX_RectF& rect,
-                      int32_t* pStartChar,
+                      size_t* pStartChar,
                       int32_t* pPieceWidths);
   void AppendPiece(const Piece& piece, bool bNeedReload, bool bEnd);
   void DoAlignment(const CFX_RectF& rect);

diff --git a/xfa/fgas/layout/cfx_txtbreak.h b/xfa/fgas/layout/cfx_txtbreak.h
index 9c16b26..9b7351f 100644
--- a/xfa/fgas/layout/cfx_txtbreak.h
+++ b/xfa/fgas/layout/cfx_txtbreak.h

@@ -49,6 +49,7 @@
     CFX_TxtBreak::Engine* pEdtEngine = nullptr;
     WideString wsStr;
     int32_t* pWidths = nullptr;
+    // TODO(thestig): These 2 members probably should be size_t.
     int32_t iStart = 0;
     int32_t iLength = 0;
     RetainPtr<CFGAS_GEFont> pFont;
commit	02e61e560f391b33b0dc396f1e2d834577123554	[log] [tgz]
author	Lei Zhang <thestig@chromium.org>	Sat Jun 06 00:48:26 2020 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	Sat Jun 06 00:48:26 2020 +0000
tree	3f556fba34cdcdf031d5c0782224f617f5162fa4
parent	9b9ba210f32c2a33cff3502a75eb84c39ad5576a [diff]