0

Fix crash in PDF accessibility when PDF engine reports -1 as char count.

The PDF engine was returning -1 from engine_->GetCharCount(), and we were
trying to allocate that many bytes. See bug for repro.

BUG=648981

Review-Url: https://codereview.chromium.org/2648013002
Cr-Commit-Position: refs/heads/master@{#447132}
This commit is contained in:
dmazzoni
2017-01-30 16:35:09 -08:00
committed by Commit bot
parent 69e1788a5c
commit d45c2e686c
2 changed files with 21 additions and 0 deletions

@ -747,6 +747,12 @@ void OutOfProcessInstance::SendNextAccessibilityPage(int32_t page_index) {
return;
int char_count = engine_->GetCharCount(page_index);
// Treat a char count of -1 (error) as 0 (an empty page), since
// other pages might have valid content.
if (char_count < 0)
char_count = 0;
PP_PrivateAccessibilityPageInfo page_info;
page_info.page_index = page_index;
page_info.bounds = engine_->GetPageBoundsRect(page_index);