diff options
| author | deepak.m1 <deepak.m1@samsung.com> | 2014-09-26 21:11:24 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-09-27 04:12:01 +0000 |
| commit | 64d81572b36829960001fc34314604f71c6bd50a (patch) | |
| tree | 9add5b25a78a7f13d1882d2cb7e94431da1fb89e /pdf | |
| parent | 89e4fb7cebee5cdf71a43941b2e7010fe4462f66 (diff) | |
| download | chromium_src-64d81572b36829960001fc34314604f71c6bd50a.zip chromium_src-64d81572b36829960001fc34314604f71c6bd50a.tar.gz chromium_src-64d81572b36829960001fc34314604f71c6bd50a.tar.bz2 | |
Memory allocation for WriteInto is not proper.
Memory for WriteInto() should be greater than the url length,
As in the WriteInto() it reserve the memory of size 'length_with_null'
and then resize it to "length_with_null-1'
Chnage done to give memory 1 greater than the url length size.
BUG=417732
Review URL: https://codereview.chromium.org/599373003
Cr-Commit-Position: refs/heads/master@{#297102}
Diffstat (limited to 'pdf')
| -rw-r--r-- | pdf/pdfium/pdfium_engine.cc | 4 | ||||
| -rw-r--r-- | pdf/pdfium/pdfium_page.cc | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/pdf/pdfium/pdfium_engine.cc b/pdf/pdfium/pdfium_engine.cc index 8fe2695..f3ff3cf 100644 --- a/pdf/pdfium/pdfium_engine.cc +++ b/pdf/pdfium/pdfium_engine.cc @@ -3394,8 +3394,8 @@ bool PDFiumEngineExports::RenderPDFPageToDC(const void* pdf_buffer, base::string16 creator; size_t buffer_bytes = FPDF_GetMetaText(doc, "Creator", NULL, 0); if (buffer_bytes > 1) { - FPDF_GetMetaText(doc, "Creator", WriteInto(&creator, buffer_bytes), - buffer_bytes); + FPDF_GetMetaText( + doc, "Creator", WriteInto(&creator, buffer_bytes + 1), buffer_bytes); } bool use_bitmap = false; if (StartsWith(creator, L"cairo", false)) diff --git a/pdf/pdfium/pdfium_page.cc b/pdf/pdfium/pdfium_page.cc index 1f6390c..d8a5dce 100644 --- a/pdf/pdfium/pdfium_page.cc +++ b/pdf/pdfium/pdfium_page.cc @@ -305,7 +305,7 @@ PDFiumPage::Area PDFiumPage::GetLinkTarget( size_t buffer_size = FPDFAction_GetURIPath(engine_->doc(), action, NULL, 0); if (buffer_size > 1) { - void* data = WriteInto(&target->url, buffer_size); + void* data = WriteInto(&target->url, buffer_size + 1); FPDFAction_GetURIPath(engine_->doc(), action, data, buffer_size); } } @@ -389,7 +389,7 @@ void PDFiumPage::CalculateLinks() { int url_length = FPDFLink_GetURL(links, i, NULL, 0); if (url_length > 1) { // WriteInto needs at least 2 characters. unsigned short* data = - reinterpret_cast<unsigned short*>(WriteInto(&url, url_length)); + reinterpret_cast<unsigned short*>(WriteInto(&url, url_length + 1)); FPDFLink_GetURL(links, i, data, url_length); } Link link; |