Revert "Introduce FX_Number class as a replacement for FX_atonum()."

This reverts commit a5d7ad3aa8feb08a14b5cca173d673054c1ade23.

Reason for revert: Speculative revert to get back before flake.

Original change's description:
> Introduce FX_Number class as a replacement for FX_atonum().
> 
> The issue with FX_atonum() is that it doesn't return any information
> about whether it range-checked its integer values as a signed or
> unsigned type, even though it knows this as part of its processing.
> 
> Rather than adding another out parameter to that function, create
> a class to hold all this information together.
> 
> This is the first place things went astray while diagnosing
> bug 882959, in that a large positive value was cast to float as a
> negative value. Unfortunately, this doesn't affect the related bug,
> but is a step in the right direction.
> 
> Change-Id: I0977ec8fccf85e2632a962507bdd30a1cbe6d33c
> Reviewed-on: https://pdfium-review.googlesource.com/42353
> Reviewed-by: Lei Zhang <thestig@chromium.org>
> Commit-Queue: Tom Sepez <tsepez@chromium.org>

TBR=thestig@chromium.org,tsepez@chromium.org

Change-Id: Ia56270c3daa80408fc2b23eb4384a77f03f45b82
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://pdfium-review.googlesource.com/42392
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>

1 files changed, 63 insertions, 0 deletions

diff --git a/core/fxcrt/fx_string.cpp b/core/fxcrt/fx_string.cpp
index 31eb8e917d..c9993f9ab8 100644
--- a/core/fxcrt/fx_string.cpp
+++ b/core/fxcrt/fx_string.cpp
@@ -47,6 +47,69 @@ float FractionalScale(size_t scale_factor, int value) {
 
 }  // namespace
 
+bool FX_atonum(const ByteStringView& strc, void* pData) {
+  if (strc.Contains('.')) {
+    float* pFloat = static_cast<float*>(pData);
+    *pFloat = FX_atof(strc);
+    return false;
+  }
+
+  // Note, numbers in PDF are typically of the form 123, -123, etc. But,
+  // for things like the Permissions on the encryption hash the number is
+  // actually an unsigned value. We use a uint32_t so we can deal with the
+  // unsigned and then check for overflow if the user actually signed the value.
+  // The Permissions flag is listed in Table 3.20 PDF 1.7 spec.
+  pdfium::base::CheckedNumeric<uint32_t> integer = 0;
+  bool bNegative = false;
+  bool bSigned = false;
+  size_t cc = 0;
+  if (strc[0] == '+') {
+    cc++;
+    bSigned = true;
+  } else if (strc[0] == '-') {
+    bNegative = true;
+    bSigned = true;
+    cc++;
+  }
+
+  while (cc < strc.GetLength() && std::isdigit(strc[cc])) {
+    integer = integer * 10 + FXSYS_DecimalCharToInt(strc.CharAt(cc));
+    if (!integer.IsValid())
+      break;
+    cc++;
+  }
+
+  // We have a sign, and the value was greater then a regular integer
+  // we've overflowed, reset to the default value.
+  if (bSigned) {
+    if (bNegative) {
+      if (integer.ValueOrDefault(0) >
+          static_cast<uint32_t>(std::numeric_limits<int>::max()) + 1) {
+        integer = 0;
+      }
+    } else if (integer.ValueOrDefault(0) >
+               static_cast<uint32_t>(std::numeric_limits<int>::max())) {
+      integer = 0;
+    }
+  }
+
+  // Switch back to the int space so we can flip to a negative if we need.
+  uint32_t uValue = integer.ValueOrDefault(0);
+  int32_t value = static_cast<int>(uValue);
+  if (bNegative) {
+    // |value| is usually positive, except in the corner case of "-2147483648",
+    // where |uValue| is 2147483648. When it gets casted to an int, |value|
+    // becomes -2147483648. For this case, avoid undefined behavior, because an
+    // integer cannot represent 2147483648.
+    static constexpr int kMinInt = std::numeric_limits<int>::min();
+    value = LIKELY(value != kMinInt) ? -value : kMinInt;
+  }
+
+  int* pInt = static_cast<int*>(pData);
+  *pInt = value;
+  return true;
+}
+
 float FX_atof(const ByteStringView& strc) {
   if (strc.IsEmpty())
     return 0.0;