Remove potential out of bounds call to GetAt()

Since m_pos is passed into GetAt() on the underlying string in getCurrentChar(), the value of it needs to confirmed to be valid after decrementing. Some types were changed to reflect the values being stored. BUG=chromium:752480 Change-Id: Ib6d6f52326defd31785e70a17049a08b64dbe069 Reviewed-on: https://pdfium-review.googlesource.com/10652 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
author: Ryan Harrison <rharrison@chromium.org> 2017-08-11 16:24:25 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-08-11 21:17:14 +0000
commit: 05ea7e1ae677d0d5872f7ccbaf28f594ad6d94d9 (patch)
tree: 614345906f074f412a56d398e2a7473071673e34
parent: b1a794a9a2e5fcb8d69665bd347b349fecfe4877 (diff)
download: pdfium-05ea7e1ae677d0d5872f7ccbaf28f594ad6d94d9.tar.xz
3 files changed, 19 insertions, 13 deletions
diff --git a/fxbarcode/datamatrix/BC_C40Encoder.cpp b/fxbarcode/datamatrix/BC_C40Encoder.cpp
index e994774c4d..8edd9eccfe 100644
--- a/fxbarcode/datamatrix/BC_C40Encoder.cpp
+++ b/fxbarcode/datamatrix/BC_C40Encoder.cpp
@@ -189,8 +189,14 @@ int32_t CBC_C40Encoder::encodeChar(wchar_t c, CFX_WideString& sb, int32_t& e) {
 int32_t CBC_C40Encoder::BacktrackOneCharacter(CBC_EncoderContext* context,
                                               CFX_WideString* buffer,
                                               int32_t lastCharSize) {
+  if (context->m_pos < 1)
+    return -1;
+
   int32_t count = buffer->GetLength();
-  buffer->Delete(count - lastCharSize, count);
+  if (count < lastCharSize)
+    return -1;
+
+  buffer->Delete(count - lastCharSize, lastCharSize);
   context->m_pos--;
   wchar_t c = context->getCurrentChar();
   int32_t e = BCExceptionNO;
@@ -199,7 +205,7 @@ int32_t CBC_C40Encoder::BacktrackOneCharacter(CBC_EncoderContext* context,
   if (e != BCExceptionNO)
     return -1;
 
-  assert(len > 0);
+  ASSERT(len > 0);
   context->resetSymbolInfo();
   return len;
 }
diff --git a/fxbarcode/datamatrix/BC_EncoderContext.cpp b/fxbarcode/datamatrix/BC_EncoderContext.cpp
index 40855fcbd8..404c07d980 100644
--- a/fxbarcode/datamatrix/BC_EncoderContext.cpp
+++ b/fxbarcode/datamatrix/BC_EncoderContext.cpp
@@ -34,9 +34,9 @@ CBC_EncoderContext::CBC_EncoderContext(const CFX_WideString& msg,
   CFX_ByteString dststr;
   CBC_UtilCodingConvert::UnicodeToUTF8(msg, dststr);
   CFX_WideString sb;
-  int32_t c = dststr.GetLength();
-  for (int32_t i = 0; i < c; i++) {
-    wchar_t ch = (wchar_t)(dststr.GetAt(i) & 0xff);
+  FX_STRSIZE c = dststr.GetLength();
+  for (FX_STRSIZE i = 0; i < c; i++) {
+    wchar_t ch = static_cast<wchar_t>(dststr.GetAt(i) & 0xff);
     if (ch == '?' && dststr.GetAt(i) != '?') {
       e = BCExceptionCharactersOutsideISO88591Encoding;
     }
@@ -73,7 +73,7 @@ void CBC_EncoderContext::writeCodewords(const CFX_WideString& codewords) {
 void CBC_EncoderContext::writeCodeword(wchar_t codeword) {
   m_codewords += codeword;
 }
-int32_t CBC_EncoderContext::getCodewordCount() {
+FX_STRSIZE CBC_EncoderContext::getCodewordCount() {
   return m_codewords.GetLength();
 }
 void CBC_EncoderContext::signalEncoderChange(int32_t encoding) {
@@ -85,7 +85,7 @@ void CBC_EncoderContext::resetEncoderSignal() {
 bool CBC_EncoderContext::hasMoreCharacters() {
   return m_pos < getTotalMessageCharCount();
 }
-int32_t CBC_EncoderContext::getRemainingCharacters() {
+FX_STRSIZE CBC_EncoderContext::getRemainingCharacters() {
   return getTotalMessageCharCount() - m_pos;
 }
 void CBC_EncoderContext::updateSymbolInfo(int32_t& e) {
@@ -103,6 +103,6 @@ void CBC_EncoderContext::resetSymbolInfo() {
   m_allowRectangular = true;
 }
 
-int32_t CBC_EncoderContext::getTotalMessageCharCount() {
+FX_STRSIZE CBC_EncoderContext::getTotalMessageCharCount() {
   return m_msg.GetLength() - m_skipAtEnd;
 }
diff --git a/fxbarcode/datamatrix/BC_EncoderContext.h b/fxbarcode/datamatrix/BC_EncoderContext.h
index 4931501c45..ef4c38ebab 100644
--- a/fxbarcode/datamatrix/BC_EncoderContext.h
+++ b/fxbarcode/datamatrix/BC_EncoderContext.h
@@ -25,26 +25,26 @@ class CBC_EncoderContext {
   wchar_t getCurrent();
   void writeCodewords(const CFX_WideString& codewords);
   void writeCodeword(wchar_t codeword);
-  int32_t getCodewordCount();
+  FX_STRSIZE getCodewordCount();
   void signalEncoderChange(int32_t encoding);
   void resetEncoderSignal();
   bool hasMoreCharacters();
-  int32_t getRemainingCharacters();
+  FX_STRSIZE getRemainingCharacters();
   void updateSymbolInfo(int32_t& e);
   void updateSymbolInfo(int32_t len, int32_t& e);
   void resetSymbolInfo();
 
   CFX_WideString m_msg;
   CFX_WideString m_codewords;
-  int32_t m_pos;
+  FX_STRSIZE m_pos;
   int32_t m_newEncoding;
   CFX_UnownedPtr<CBC_SymbolInfo> m_symbolInfo;
 
  private:
-  int32_t getTotalMessageCharCount();
+  FX_STRSIZE getTotalMessageCharCount();
 
   bool m_allowRectangular;  // Force square when false.
-  int32_t m_skipAtEnd;
+  FX_STRSIZE m_skipAtEnd;
 };
 
 #endif  // FXBARCODE_DATAMATRIX_BC_ENCODERCONTEXT_H_
author	Ryan Harrison <rharrison@chromium.org>	2017-08-11 16:24:25 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-08-11 21:17:14 +0000
commit	05ea7e1ae677d0d5872f7ccbaf28f594ad6d94d9 (patch)
tree	614345906f074f412a56d398e2a7473071673e34
parent	b1a794a9a2e5fcb8d69665bd347b349fecfe4877 (diff)
download	pdfium-05ea7e1ae677d0d5872f7ccbaf28f594ad6d94d9.tar.xz