Fix integer overflow in CPDF_Font::FallbackFontFromCharcode Bug: chromium:831583 Change-Id: Idc980ef47cdd942bddc75d9b7fe4a56bdeacdc1a Reviewed-on: https://pdfium-review.googlesource.com/30670 Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>

commit: af2ee2cc2e41709df7afc8f49f11ed2e8cf6dedf [log] [tgz]
author: Nicolas Pena <npm@chromium.org> Fri Apr 13 20:17:26 2018 +0000
committer: Chromium commit bot <commit-bot@chromium.org> Fri Apr 13 20:17:26 2018 +0000
tree: 7f97695aede6f525846e77d25af5410051828196
parent: 97b47dc407e772a82782d5d64de5560992df2bf9 [diff]
diff --git a/core/fpdfapi/font/cpdf_font.cpp b/core/fpdfapi/font/cpdf_font.cpp
index f636e93..ad7eeea 100644
--- a/core/fpdfapi/font/cpdf_font.cpp
+++ b/core/fpdfapi/font/cpdf_font.cpp

@@ -452,9 +452,11 @@
 uint32_t CPDF_Font::FallbackFontFromCharcode(uint32_t charcode) {
   if (m_FontFallbacks.empty()) {
     m_FontFallbacks.push_back(pdfium::MakeUnique<CFX_Font>());
+    pdfium::base::CheckedNumeric<int> safeWeight = m_StemV;
+    safeWeight *= 5;
     m_FontFallbacks[0]->LoadSubst("Arial", IsTrueTypeFont(), m_Flags,
-                                  m_StemV * 5, m_ItalicAngle, 0,
-                                  IsVertWriting());
+                                  safeWeight.ValueOrDefault(FXFONT_FW_NORMAL),
+                                  m_ItalicAngle, 0, IsVertWriting());
   }
   return 0;
 }
commit	af2ee2cc2e41709df7afc8f49f11ed2e8cf6dedf	[log] [tgz]
author	Nicolas Pena <npm@chromium.org>	Fri Apr 13 20:17:26 2018 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	Fri Apr 13 20:17:26 2018 +0000
tree	7f97695aede6f525846e77d25af5410051828196
parent	97b47dc407e772a82782d5d64de5560992df2bf9 [diff]