[Backport] CVE-2020-15989: Uninitialized Use in PDFium

Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2321339:
Check FPDFText_GetCharBox() return value in pdfium_page.cc.

Make sure the call succeeds before continuing, to avoid potentially
using uninitialized values.

Bug: 1108351
Change-Id: Ife6f8b861a53cad0bbaec8130eef0dd1341ab71c
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

1 files changed, 7 insertions, 2 deletions

diff --git a/chromium/pdf/pdfium/pdfium_page.cc b/chromium/pdf/pdfium/pdfium_page.cc
index d9f8956fa91..99036de3119 100644
--- a/chromium/pdf/pdfium/pdfium_page.cc
+++ b/chromium/pdf/pdfium/pdfium_page.cc
@@ -87,7 +87,9 @@ pp::FloatRect GetFloatCharRectInPixels(FPDF_PAGE page,
   double right;
   double bottom;
   double top;
-  FPDFText_GetCharBox(text_page, index, &left, &right, &bottom, &top);
+  if (!FPDFText_GetCharBox(text_page, index, &left, &right, &bottom, &top))
+    return pp::FloatRect();
+
   if (right < left)
     std::swap(left, right);
   if (bottom < top)
@@ -847,7 +849,10 @@ int PDFiumPage::GetLink(int char_index, LinkTarget* target) {
   double right;
   double bottom;
   double top;
-  FPDFText_GetCharBox(GetTextPage(), char_index, &left, &right, &bottom, &top);
+  if (!FPDFText_GetCharBox(GetTextPage(), char_index, &left, &right, &bottom,
+                           &top)) {
+    return -1;
+  }
 
   pp::Point origin(PageToScreen(pp::Point(), 1.0, left, top, right, bottom,
                                 PageOrientation::kOriginal)