summaryrefslogtreecommitdiff
path: root/core/fxcrt/fx_string.cpp
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2018-09-13 17:41:52 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-09-13 17:41:52 +0000
commita5d7ad3aa8feb08a14b5cca173d673054c1ade23 (patch)
tree259f0c17f5b7a2e09f80948f8b5cc8a04fdb7874 /core/fxcrt/fx_string.cpp
parentaebace3bd14eaf72d43f63d90700cd1b0fa049ca (diff)
downloadpdfium-a5d7ad3aa8feb08a14b5cca173d673054c1ade23.tar.xz
Introduce FX_Number class as a replacement for FX_atonum().
The issue with FX_atonum() is that it doesn't return any information about whether it range-checked its integer values as a signed or unsigned type, even though it knows this as part of its processing. Rather than adding another out parameter to that function, create a class to hold all this information together. This is the first place things went astray while diagnosing bug 882959, in that a large positive value was cast to float as a negative value. Unfortunately, this doesn't affect the related bug, but is a step in the right direction. Change-Id: I0977ec8fccf85e2632a962507bdd30a1cbe6d33c Reviewed-on: https://pdfium-review.googlesource.com/42353 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcrt/fx_string.cpp')
-rw-r--r--core/fxcrt/fx_string.cpp63
1 files changed, 0 insertions, 63 deletions
diff --git a/core/fxcrt/fx_string.cpp b/core/fxcrt/fx_string.cpp
index c9993f9ab8..31eb8e917d 100644
--- a/core/fxcrt/fx_string.cpp
+++ b/core/fxcrt/fx_string.cpp
@@ -47,69 +47,6 @@ float FractionalScale(size_t scale_factor, int value) {
} // namespace
-bool FX_atonum(const ByteStringView& strc, void* pData) {
- if (strc.Contains('.')) {
- float* pFloat = static_cast<float*>(pData);
- *pFloat = FX_atof(strc);
- return false;
- }
-
- // Note, numbers in PDF are typically of the form 123, -123, etc. But,
- // for things like the Permissions on the encryption hash the number is
- // actually an unsigned value. We use a uint32_t so we can deal with the
- // unsigned and then check for overflow if the user actually signed the value.
- // The Permissions flag is listed in Table 3.20 PDF 1.7 spec.
- pdfium::base::CheckedNumeric<uint32_t> integer = 0;
- bool bNegative = false;
- bool bSigned = false;
- size_t cc = 0;
- if (strc[0] == '+') {
- cc++;
- bSigned = true;
- } else if (strc[0] == '-') {
- bNegative = true;
- bSigned = true;
- cc++;
- }
-
- while (cc < strc.GetLength() && std::isdigit(strc[cc])) {
- integer = integer * 10 + FXSYS_DecimalCharToInt(strc.CharAt(cc));
- if (!integer.IsValid())
- break;
- cc++;
- }
-
- // We have a sign, and the value was greater then a regular integer
- // we've overflowed, reset to the default value.
- if (bSigned) {
- if (bNegative) {
- if (integer.ValueOrDefault(0) >
- static_cast<uint32_t>(std::numeric_limits<int>::max()) + 1) {
- integer = 0;
- }
- } else if (integer.ValueOrDefault(0) >
- static_cast<uint32_t>(std::numeric_limits<int>::max())) {
- integer = 0;
- }
- }
-
- // Switch back to the int space so we can flip to a negative if we need.
- uint32_t uValue = integer.ValueOrDefault(0);
- int32_t value = static_cast<int>(uValue);
- if (bNegative) {
- // |value| is usually positive, except in the corner case of "-2147483648",
- // where |uValue| is 2147483648. When it gets casted to an int, |value|
- // becomes -2147483648. For this case, avoid undefined behavior, because an
- // integer cannot represent 2147483648.
- static constexpr int kMinInt = std::numeric_limits<int>::min();
- value = LIKELY(value != kMinInt) ? -value : kMinInt;
- }
-
- int* pInt = static_cast<int*>(pData);
- *pInt = value;
- return true;
-}
-
float FX_atof(const ByteStringView& strc) {
if (strc.IsEmpty())
return 0.0;