Handle null char in the middle of text in custom spellcheck dictionary engine

The code in custom spellcheck dictionary erroneously assumes that null char
terminates the string. Other code does not make this assumption, however, and
passes misspelling offsets to custom spellcheck dictionary that are past the
position of the null char. This causes an exception. The fix is to not convert
the string into a char array and then back into a string in custom spellcheck
dictionary engine.

TEST=CustomDictionaryTest.HandlesNullCharacters
TEST=CustomDictionaryTest.HandlesEmptyWordWithInvalidSubstring
BUG=258550

Review URL: https://chromiumcodereview.appspot.com/18137008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@211197 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 2 deletions

diff --git a/chrome/renderer/spellchecker/spellcheck.cc b/chrome/renderer/spellchecker/spellcheck.cc
index 68f0182..95ba6bf 100644
--- a/chrome/renderer/spellchecker/spellcheck.cc
+++ b/chrome/renderer/spellchecker/spellcheck.cc
@@ -223,7 +223,7 @@ bool SpellCheck::SpellCheckParagraph(
     }
 
     if (!custom_dictionary_.SpellCheckWord(
-            &text[offset], misspelling_start, misspelling_length)) {
+            text, misspelling_start + offset, misspelling_length)) {
       string16 replacement;
       textcheck_results.push_back(WebTextCheckingResult(
           WebKit::WebTextCheckingTypeSpelling,
@@ -368,7 +368,8 @@ void SpellCheck::CreateTextCheckingResults(
         type = WebKit::WebTextCheckingTypeGrammar;
       }
     }
-    if (!custom_dictionary_.SpellCheckWord(text, word_location, word_length)) {
+    if (!custom_dictionary_.SpellCheckWord(
+            line_text, word_location, word_length)) {
       list.push_back(WebTextCheckingResult(
           type,
           word_location + line_offset,