diff options
| author | Lei Zhang <thestig@chromium.org> | 2018-04-17 16:16:39 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-04-17 16:16:39 +0000 |
| commit | 8cfcb7da37352b22517892e6eabcedb77676cdf7 (patch) | |
| tree | 4195ccdd962b1f5e1525d461c1b461b9f263a3cd /core/fpdfapi/page/cpdf_function.cpp | |
| parent | a4c7ac479d291fc3373b9c2f8f25302ecd53b0d5 (diff) | |
| download | pdfium-8cfcb7da37352b22517892e6eabcedb77676cdf7.tar.xz | |
Fix nits in CPDF_Function and derived classes.
- Switch away from FX_Alloc2D() when it is safe to do so.
- Use FX_SAFE_SIZE_T to avoid a potential underflow with FX_Realloc().
- Mark the v_Call() input as const.
- Check Call() and v_Call() return results.
Change-Id: I6ec3122b23e0f137f88aa8d85a9675154a1b1706
Reviewed-on: https://pdfium-review.googlesource.com/30802
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'core/fpdfapi/page/cpdf_function.cpp')
| -rw-r--r-- | core/fpdfapi/page/cpdf_function.cpp | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/core/fpdfapi/page/cpdf_function.cpp b/core/fpdfapi/page/cpdf_function.cpp index d4fad9c1ba..ce119ca487 100644 --- a/core/fpdfapi/page/cpdf_function.cpp +++ b/core/fpdfapi/page/cpdf_function.cpp @@ -27,9 +27,8 @@ std::unique_ptr<CPDF_Function> CPDF_Function::Load(CPDF_Object* pFuncObj) { std::unique_ptr<CPDF_Function> CPDF_Function::Load( CPDF_Object* pFuncObj, std::set<CPDF_Object*>* pVisited) { - std::unique_ptr<CPDF_Function> pFunc; if (!pFuncObj) - return pFunc; + return nullptr; if (pdfium::ContainsKey(*pVisited, pFuncObj)) return nullptr; @@ -41,6 +40,7 @@ std::unique_ptr<CPDF_Function> CPDF_Function::Load( else if (CPDF_Dictionary* pDict = pFuncObj->AsDictionary()) iType = pDict->GetIntegerFor("FunctionType"); + std::unique_ptr<CPDF_Function> pFunc; Type type = IntegerToFunctionType(iType); if (type == Type::kType0Sampled) pFunc = pdfium::MakeUnique<CPDF_SampledFunc>(); @@ -90,16 +90,20 @@ bool CPDF_Function::Init(CPDF_Object* pObj, std::set<CPDF_Object*>* pVisited) { if (m_nInputs == 0) return false; - m_pDomains = FX_Alloc2D(float, m_nInputs, 2); - for (uint32_t i = 0; i < m_nInputs * 2; i++) { - m_pDomains[i] = pDomains->GetFloatAt(i); + { + size_t nInputs = m_nInputs * 2; + m_pDomains = FX_Alloc(float, nInputs); + for (size_t i = 0; i < nInputs; ++i) + m_pDomains[i] = pDomains->GetFloatAt(i); } + CPDF_Array* pRanges = pDict->GetArrayFor("Range"); m_nOutputs = 0; if (pRanges) { m_nOutputs = pRanges->GetCount() / 2; - m_pRanges = FX_Alloc2D(float, m_nOutputs, 2); - for (uint32_t i = 0; i < m_nOutputs * 2; i++) + size_t nOutputs = m_nOutputs * 2; + m_pRanges = FX_Alloc(float, nOutputs); + for (size_t i = 0; i < nOutputs; ++i) m_pRanges[i] = pRanges->GetFloatAt(i); } uint32_t old_outputs = m_nOutputs; @@ -107,7 +111,9 @@ bool CPDF_Function::Init(CPDF_Object* pObj, std::set<CPDF_Object*>* pVisited) { return false; if (m_pRanges && m_nOutputs > old_outputs) { - m_pRanges = FX_Realloc(float, m_pRanges, m_nOutputs * 2); + FX_SAFE_SIZE_T nOutputs = m_nOutputs; + nOutputs *= 2; + m_pRanges = FX_Realloc(float, m_pRanges, nOutputs.ValueOrDie()); memset(m_pRanges + (old_outputs * 2), 0, sizeof(float) * (m_nOutputs - old_outputs) * 2); } @@ -127,7 +133,9 @@ bool CPDF_Function::Call(const float* inputs, clamped_inputs[i] = pdfium::clamp(inputs[i], m_pDomains[i * 2], m_pDomains[i * 2 + 1]); } - v_Call(clamped_inputs.data(), results); + if (!v_Call(clamped_inputs.data(), results)) + return false; + if (!m_pRanges) return true; |