summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOliver Chang <ochang@chromium.org>2015-12-17 16:47:14 -0800
committerOliver Chang <ochang@chromium.org>2015-12-17 16:47:14 -0800
commit391783579c5a8aad346b56903b51e6551600550b (patch)
tree0f993737e07a83ee080fb4029c00c410747db2d8
parentfed9dd90c086c854ef13440e6022602eb9f91cfc (diff)
downloadpdfium-391783579c5a8aad346b56903b51e6551600550b.tar.xz
Fix a sentinel length value used in CFX_CMapByteStringToPtr::SetAt
It looks like an key length of 0 was incorrectly assumed to denote an free entry. Fixes a memory leak in FPDFViewEmbeddertest.Crasher_451830 due to values with empty keys being incorrectly overwritten. R=tsepez@chromium.org, thestig@chromium.org Review URL: https://codereview.chromium.org/1534953002 .
-rw-r--r--core/src/fxcrt/fx_basic_maps.cpp29
1 files changed, 18 insertions, 11 deletions
diff --git a/core/src/fxcrt/fx_basic_maps.cpp b/core/src/fxcrt/fx_basic_maps.cpp
index f8a0390163..f7d127f7da 100644
--- a/core/src/fxcrt/fx_basic_maps.cpp
+++ b/core/src/fxcrt/fx_basic_maps.cpp
@@ -7,6 +7,13 @@
#include "core/include/fxcrt/fx_basic.h"
#include "plex.h"
+namespace {
+
+const uint8_t kFreeLength = 0xfe;
+const uint8_t kHasAllocatedBufferLength = 0xff;
+
+} // namespace
+
CFX_MapPtrToPtr::CFX_MapPtrToPtr(int nBlockSize)
: m_pHashTable(NULL),
m_nHashTableSize(17),
@@ -165,7 +172,7 @@ struct _CompactString {
uint8_t* m_pBuffer;
};
static void _CompactStringRelease(_CompactString* pCompact) {
- if (pCompact->m_CompactLen == 0xff) {
+ if (pCompact->m_CompactLen == kHasAllocatedBufferLength) {
FX_Free(pCompact->m_pBuffer);
}
}
@@ -178,7 +185,7 @@ static FX_BOOL _CompactStringSame(_CompactString* pCompact,
}
return FXSYS_memcmp(&pCompact->m_LenHigh, pStr, len) == 0;
}
- if (pCompact->m_CompactLen != 0xff ||
+ if (pCompact->m_CompactLen != kHasAllocatedBufferLength ||
pCompact->m_LenHigh * 256 + pCompact->m_LenLow != len) {
return FALSE;
}
@@ -192,18 +199,18 @@ static void _CompactStringStore(_CompactString* pCompact,
FXSYS_memcpy(&pCompact->m_LenHigh, pStr, len);
return;
}
- pCompact->m_CompactLen = 0xff;
+ pCompact->m_CompactLen = kHasAllocatedBufferLength;
pCompact->m_LenHigh = len / 256;
pCompact->m_LenLow = len % 256;
pCompact->m_pBuffer = FX_Alloc(uint8_t, len);
FXSYS_memcpy(pCompact->m_pBuffer, pStr, len);
}
static CFX_ByteStringC _CompactStringGet(_CompactString* pCompact) {
- if (pCompact->m_CompactLen == 0xff) {
+ if (pCompact->m_CompactLen == kHasAllocatedBufferLength) {
return CFX_ByteStringC(pCompact->m_pBuffer,
pCompact->m_LenHigh * 256 + pCompact->m_LenLow);
}
- if (pCompact->m_CompactLen == 0xfe) {
+ if (pCompact->m_CompactLen == kFreeLength) {
return CFX_ByteStringC();
}
return CFX_ByteStringC(&pCompact->m_LenHigh, pCompact->m_CompactLen);
@@ -228,7 +235,7 @@ FX_POSITION CFX_CMapByteStringToPtr::GetStartPosition() const {
int size = m_Buffer.GetSize();
for (int i = 0; i < size; i++) {
_CompactString* pKey = (_CompactString*)m_Buffer.GetAt(i);
- if (pKey->m_CompactLen != 0xfe) {
+ if (pKey->m_CompactLen != kFreeLength) {
return (FX_POSITION)(uintptr_t)(i + 1);
}
}
@@ -248,7 +255,7 @@ void CFX_CMapByteStringToPtr::GetNextAssoc(FX_POSITION& rNextPosition,
int size = m_Buffer.GetSize();
while (index < size) {
pKey = (_CompactString*)m_Buffer.GetAt(index);
- if (pKey->m_CompactLen != 0xfe) {
+ if (pKey->m_CompactLen != kFreeLength) {
rNextPosition = (FX_POSITION)(uintptr_t)(index + 1);
return;
}
@@ -267,7 +274,7 @@ void* CFX_CMapByteStringToPtr::GetNextValue(FX_POSITION& rNextPosition) const {
int size = m_Buffer.GetSize();
while (index < size) {
pKey = (_CompactString*)m_Buffer.GetAt(index);
- if (pKey->m_CompactLen != 0xfe) {
+ if (pKey->m_CompactLen != kFreeLength) {
rNextPosition = (FX_POSITION)(uintptr_t)(index + 1);
return rValue;
}
@@ -304,7 +311,7 @@ void CFX_CMapByteStringToPtr::SetAt(const CFX_ByteStringC& key, void* value) {
}
for (int index = 0; index < size; index++) {
_CompactString* pKey = (_CompactString*)m_Buffer.GetAt(index);
- if (pKey->m_CompactLen) {
+ if (pKey->m_CompactLen != kFreeLength) {
continue;
}
_CompactStringStore(pKey, key.GetPtr(), key_len);
@@ -331,7 +338,7 @@ void CFX_CMapByteStringToPtr::RemoveKey(const CFX_ByteStringC& key) {
continue;
}
_CompactStringRelease(pKey);
- pKey->m_CompactLen = 0xfe;
+ pKey->m_CompactLen = kFreeLength;
return;
}
}
@@ -340,7 +347,7 @@ int CFX_CMapByteStringToPtr::GetCount() const {
int size = m_Buffer.GetSize();
for (int i = 0; i < size; i++) {
_CompactString* pKey = (_CompactString*)m_Buffer.GetAt(i);
- if (pKey->m_CompactLen != 0xfe) {
+ if (pKey->m_CompactLen != kFreeLength) {
count++;
}
}