Fix OOB CHECK() in CFGAS_StringFormatter::FormatNum()
Adding the explicit bounds check allows the optimizer to remove one
more implicit bounds check (several still remain in FormatNum()).
Bug: chromium:942449
Change-Id: Ic2e67f4e517766525c8759b56f39fdf9c0b81af6
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/51971
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/xfa/fgas/crt/cfgas_stringformatter.cpp b/xfa/fgas/crt/cfgas_stringformatter.cpp
index 156d068..e4ddb6c 100644
--- a/xfa/fgas/crt/cfgas_stringformatter.cpp
+++ b/xfa/fgas/crt/cfgas_stringformatter.cpp
@@ -2059,8 +2059,9 @@
} else if (spNumFormat[dot_index_f] == '.') {
if (dot_index.value() < spSrcNum.size()) {
*wsOutput += wsDotSymbol;
- } else if (spNumFormat[dot_index_f + 1] == '9' ||
- spNumFormat[dot_index_f + 1] == 'Z') {
+ } else if (dot_index_f + 1 < spNumFormat.size() &&
+ (spNumFormat[dot_index_f + 1] == '9' ||
+ spNumFormat[dot_index_f + 1] == 'Z')) {
*wsOutput += wsDotSymbol;
}
}
diff --git a/xfa/fgas/crt/cfgas_stringformatter_unittest.cpp b/xfa/fgas/crt/cfgas_stringformatter_unittest.cpp
index f96ef59..4cf91c2 100644
--- a/xfa/fgas/crt/cfgas_stringformatter_unittest.cpp
+++ b/xfa/fgas/crt/cfgas_stringformatter_unittest.cpp
@@ -555,6 +555,8 @@
// {L"en", L".000000000000000000009", L"E", L"9"},
// https://crbug.com/938724
{L"en", L"1", L"| num.().().", L"1"},
+ // https://crbug.com/942449
+ {L"en", L"1", L"9.", L"1"},
};
for (const auto& test : tests) {
