Optimize FindSubWordLength().

Avoid bounds checking on every element access. This can be very slow
when fuzzing.

BUG=chromium:935241

Change-Id: I9dd331a30dcc1210b6fb43f316dc753c092cbc57
Reviewed-on: https://pdfium-review.googlesource.com/c/51210
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña Moreno <npm@chromium.org>
diff --git a/fxjs/fx_date_helpers.cpp b/fxjs/fx_date_helpers.cpp
index 15f762d..df553b6 100644
--- a/fxjs/fx_date_helpers.cpp
+++ b/fxjs/fx_date_helpers.cpp
@@ -165,8 +165,14 @@
 }
 
 size_t FindSubWordLength(const WideString& str, size_t nStart) {
+  // It is safer, but slower to use WideString::operator[]. Although this code
+  // is normally not performance critical, fuzzers will exercise this code with
+  // very long values for |str|. To keep the fuzzers from timing out, get the
+  // raw string here, and be very careful while accessing it.
+  const wchar_t* data = str.c_str();
+  size_t length = str.GetLength();
   size_t i = nStart;
-  while (i < str.GetLength() && std::iswalnum(str[i]))
+  while (i < length && std::iswalnum(data[i]))
     ++i;
   return i - nStart;
 }