Make sure the fuzzer read size does not go negative.

testing/libfuzzer/xfa_codec_fuzzer.h

Index: testing/libfuzzer/xfa_codec_fuzzer.h
diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h
index 6a84ed85725939eb030880f2652dc739dcd085f2..44ead167597a390252ce982606b2179ebea2154f 100644
--- a/testing/libfuzzer/xfa_codec_fuzzer.h
+++ b/testing/libfuzzer/xfa_codec_fuzzer.h
@@ -49,8 +49,11 @@ class XFACodecFuzzer {
     void Release() override {}
 
     FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override {
+      if (offset < 0 || offset > m_size)

[Lei Zhang, 2016/10/04 18:35:13]

Erm, and also shouldn't this be: offset >= m_size

[Lei Zhang, 2016/10/04 18:35:13]

And reading a size of 0 doesn't make sense either.

[dsinclair, 2016/10/04 18:48:07]

Done.

[dsinclair, 2016/10/04 18:48:07]

Done.

+        return FALSE;
       if (offset + size > m_size)
         size = m_size - offset;
+
       memcpy(buffer, m_data + offset, size);
       return TRUE;
     }