Fix the heap-buffer-overflow in linux_asan_chrome_mp build.

It seems in AddressSanitizer(Asan), there is a possibility that a word can be comprised of partial
combining characters or partial surrogate pair. In this case FindValidBoundaryBefore() / FindValidBoundaryAfter()
might return an index that doesn't lie within the segment range, which causes the heap-buffer-overflow error.

BUG=516361
TEST=No crash when trying to open fuzz-142.pdf on Asan chrome build

Review URL: https://codereview.chromium.org/1262273003

Cr-Commit-Position: refs/heads/master@{#343115}

1 files changed, 6 insertions, 3 deletions

diff --git a/ui/gfx/render_text_harfbuzz.cc b/ui/gfx/render_text_harfbuzz.cc
index 775fb1c..b2652b8 100644
--- a/ui/gfx/render_text_harfbuzz.cc
+++ b/ui/gfx/render_text_harfbuzz.cc
@@ -438,7 +438,8 @@ class HarfBuzzLineBreaker {
       end_pos++;
     }
 
-    const size_t valid_end_pos = FindValidBoundaryBefore(text_, end_pos);
+    const size_t valid_end_pos = std::max(
+        segment.char_range.start(), FindValidBoundaryBefore(text_, end_pos));
     if (end_pos != valid_end_pos) {
       end_pos = valid_end_pos;
       width = run.GetGlyphWidthForCharRange(
@@ -449,8 +450,10 @@ class HarfBuzzLineBreaker {
     // need to put at least one character in the line. Note that, we should
     // not separate surrogate pair or combining characters.
     // See RenderTextTest.Multiline_MinWidth for an example.
-    if (width == 0 && available_width_ == max_width_)
-      end_pos = FindValidBoundaryAfter(text_, end_pos + 1);
+    if (width == 0 && available_width_ == max_width_) {
+      end_pos = std::min(segment.char_range.end(),
+                         FindValidBoundaryAfter(text_, end_pos + 1));
+    }
 
     return end_pos;
   }