diff options
| author | Tom Sepez <tsepez@chromium.org> | 2018-09-13 17:41:52 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-09-13 17:41:52 +0000 |
| commit | a5d7ad3aa8feb08a14b5cca173d673054c1ade23 (patch) | |
| tree | 259f0c17f5b7a2e09f80948f8b5cc8a04fdb7874 /core/fxcrt/fx_string.cpp | |
| parent | aebace3bd14eaf72d43f63d90700cd1b0fa049ca (diff) | |
| download | pdfium-a5d7ad3aa8feb08a14b5cca173d673054c1ade23.tar.xz | |
Introduce FX_Number class as a replacement for FX_atonum().
The issue with FX_atonum() is that it doesn't return any information
about whether it range-checked its integer values as a signed or
unsigned type, even though it knows this as part of its processing.
Rather than adding another out parameter to that function, create
a class to hold all this information together.
This is the first place things went astray while diagnosing
bug 882959, in that a large positive value was cast to float as a
negative value. Unfortunately, this doesn't affect the related bug,
but is a step in the right direction.
Change-Id: I0977ec8fccf85e2632a962507bdd30a1cbe6d33c
Reviewed-on: https://pdfium-review.googlesource.com/42353
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcrt/fx_string.cpp')
| -rw-r--r-- | core/fxcrt/fx_string.cpp | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/core/fxcrt/fx_string.cpp b/core/fxcrt/fx_string.cpp index c9993f9ab8..31eb8e917d 100644 --- a/core/fxcrt/fx_string.cpp +++ b/core/fxcrt/fx_string.cpp @@ -47,69 +47,6 @@ float FractionalScale(size_t scale_factor, int value) { } // namespace -bool FX_atonum(const ByteStringView& strc, void* pData) { - if (strc.Contains('.')) { - float* pFloat = static_cast<float*>(pData); - *pFloat = FX_atof(strc); - return false; - } - - // Note, numbers in PDF are typically of the form 123, -123, etc. But, - // for things like the Permissions on the encryption hash the number is - // actually an unsigned value. We use a uint32_t so we can deal with the - // unsigned and then check for overflow if the user actually signed the value. - // The Permissions flag is listed in Table 3.20 PDF 1.7 spec. - pdfium::base::CheckedNumeric<uint32_t> integer = 0; - bool bNegative = false; - bool bSigned = false; - size_t cc = 0; - if (strc[0] == '+') { - cc++; - bSigned = true; - } else if (strc[0] == '-') { - bNegative = true; - bSigned = true; - cc++; - } - - while (cc < strc.GetLength() && std::isdigit(strc[cc])) { - integer = integer * 10 + FXSYS_DecimalCharToInt(strc.CharAt(cc)); - if (!integer.IsValid()) - break; - cc++; - } - - // We have a sign, and the value was greater then a regular integer - // we've overflowed, reset to the default value. - if (bSigned) { - if (bNegative) { - if (integer.ValueOrDefault(0) > - static_cast<uint32_t>(std::numeric_limits<int>::max()) + 1) { - integer = 0; - } - } else if (integer.ValueOrDefault(0) > - static_cast<uint32_t>(std::numeric_limits<int>::max())) { - integer = 0; - } - } - - // Switch back to the int space so we can flip to a negative if we need. - uint32_t uValue = integer.ValueOrDefault(0); - int32_t value = static_cast<int>(uValue); - if (bNegative) { - // |value| is usually positive, except in the corner case of "-2147483648", - // where |uValue| is 2147483648. When it gets casted to an int, |value| - // becomes -2147483648. For this case, avoid undefined behavior, because an - // integer cannot represent 2147483648. - static constexpr int kMinInt = std::numeric_limits<int>::min(); - value = LIKELY(value != kMinInt) ? -value : kMinInt; - } - - int* pInt = static_cast<int*>(pData); - *pInt = value; - return true; -} - float FX_atof(const ByteStringView& strc) { if (strc.IsEmpty()) return 0.0; |