diff options
author | Tom Sepez <tsepez@chromium.org> | 2017-04-17 13:08:36 -0700 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-04-17 20:51:44 +0000 |
commit | c329d59b16b89f3533f9d309ed297938af865ae0 (patch) | |
tree | 987d3c29056bc074185a2aa3c5963b8589139f81 /core/fxcrt/xml/cfx_saxreader.h | |
parent | e190e7ce1e03ac536ecf825550482b84f7a3dfaa (diff) | |
download | pdfium-c329d59b16b89f3533f9d309ed297938af865ae0.tar.xz |
Fix buffer management issues in CFX_SAXReader.
Re-write to use std::vectors rather than self-managed buffers.
Includes test case that breaks before patch.
Formerly, we had two independent buffers whose position were
tracked by the same variable, assuming that only one was
being written to at a given time. This is a bad idea because
it's easy to forget to zero the index when switching buffers,
and start indexing into one using previously computed offsets
from the other.
Additionally, there were cases where the location of a partial
entity wasn't discarded when switching states thus clearing the
buffer tracking said entity.
Bug: 711459
Change-Id: I008f69517d4319a5fe8abda8d54c5b9975551697
Reviewed-on: https://pdfium-review.googlesource.com/4230
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcrt/xml/cfx_saxreader.h')
-rw-r--r-- | core/fxcrt/xml/cfx_saxreader.h | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/core/fxcrt/xml/cfx_saxreader.h b/core/fxcrt/xml/cfx_saxreader.h index 45f0d07084..47ef79c50f 100644 --- a/core/fxcrt/xml/cfx_saxreader.h +++ b/core/fxcrt/xml/cfx_saxreader.h @@ -9,6 +9,7 @@ #include <memory> #include <stack> +#include <vector> #include "core/fxcrt/fx_basic.h" @@ -124,6 +125,14 @@ class CFX_SAXReader { void ParseTagEnd(); void ParseTargetData(); void Reset(); + void ClearData(); + void ClearName(); + void AppendToData(uint8_t ch); + void AppendToName(uint8_t ch); + void BackUpAndReplaceDataAt(int32_t index, uint8_t ch); + bool IsEntityStart(uint8_t ch) const; + bool IsEntityEnd(uint8_t ch) const; + int32_t CurrentDataIndex() const; void Push(); void Pop(); CFX_SAXItem* GetCurrentItem() const; @@ -153,14 +162,9 @@ class CFX_SAXReader { std::stack<char> m_SkipStack; uint8_t m_SkipChar; uint32_t m_dwNodePos; - uint8_t* m_pszData; - int32_t m_iDataSize; - int32_t m_iDataLength; - int32_t m_iEntityStart; - int32_t m_iDataPos; - uint8_t* m_pszName; - int32_t m_iNameSize; - int32_t m_iNameLength; + std::vector<uint8_t> m_Data; + int32_t m_iEntityStart; // Index into m_Data. + std::vector<uint8_t> m_Name; uint32_t m_dwParseMode; std::unique_ptr<CFX_SAXCommentContext> m_pCommentContext; }; |