Update safe numerics package to get bitwise ops

Fix callers conventions to avoid ambiguity.
Fix bad bounds check unmasked by change.
Directly include headers no longer pulled in by numerics itself.

Review-Url: https://codereview.chromium.org/2640143003

4 files changed, 13 insertions, 15 deletions

diff --git a/core/fxcrt/cfx_string_data_template.h b/core/fxcrt/cfx_string_data_template.h
index affd610011..c3e090fef0 100644
--- a/core/fxcrt/cfx_string_data_template.h
+++ b/core/fxcrt/cfx_string_data_template.h
@@ -30,7 +30,8 @@ class CFX_StringDataTemplate {
     // where we can save a re-alloc when adding a few characters to a string
     // by using this otherwise wasted space.
     nSize += 7;
-    int totalSize = nSize.ValueOrDie() & ~7;
+    nSize &= ~7;
+    int totalSize = nSize.ValueOrDie();
     int usableLen = (totalSize - overhead) / sizeof(CharType);
     ASSERT(usableLen >= nLen);
 
diff --git a/core/fxcrt/fx_basic_array.cpp b/core/fxcrt/fx_basic_array.cpp
index 92df0e00f8..83c981e9e7 100644
--- a/core/fxcrt/fx_basic_array.cpp
+++ b/core/fxcrt/fx_basic_array.cpp
@@ -33,7 +33,8 @@ bool CFX_BasicArray::SetSize(int nNewSize) {
       m_nSize = m_nMaxSize = 0;
       return false;
     }
-    m_pData = FX_Alloc(uint8_t, totalSize.ValueOrDie());
+    m_pData =
+        FX_Alloc(uint8_t, pdfium::base::ValueOrDieForType<size_t>(totalSize));
     m_nSize = m_nMaxSize = nNewSize;
   } else if (nNewSize <= m_nMaxSize) {
     if (nNewSize > m_nSize) {
@@ -48,7 +49,8 @@ bool CFX_BasicArray::SetSize(int nNewSize) {
     if (!totalSize.IsValid() || nNewMax < m_nSize) {
       return false;
     }
-    uint8_t* pNewData = FX_Realloc(uint8_t, m_pData, totalSize.ValueOrDie());
+    uint8_t* pNewData = FX_Realloc(
+        uint8_t, m_pData, pdfium::base::ValueOrDieForType<size_t>(totalSize));
     if (!pNewData) {
       return false;
     }
diff --git a/core/fxcrt/fx_basic_util.cpp b/core/fxcrt/fx_basic_util.cpp
index e52ff2ecee..f608e290a2 100644
--- a/core/fxcrt/fx_basic_util.cpp
+++ b/core/fxcrt/fx_basic_util.cpp
@@ -12,12 +12,6 @@
 #include <limits>
 #include <memory>
 
-namespace {
-
-const int kDefaultIntValue = 0;
-
-}  // namespace
-
 bool FX_atonum(const CFX_ByteStringC& strc, void* pData) {
   if (strc.Find('.') != -1) {
     FX_FLOAT* pFloat = static_cast<FX_FLOAT*>(pData);
@@ -54,18 +48,19 @@ bool FX_atonum(const CFX_ByteStringC& strc, void* pData) {
   // we've overflowed, reset to the default value.
   if (bSigned) {
     if (bNegative) {
-      if (integer.ValueOrDefault(kDefaultIntValue) >
+      if (integer.ValueOrDefault(0) >
           static_cast<uint32_t>(std::numeric_limits<int>::max()) + 1) {
-        integer = kDefaultIntValue;
+        integer = 0;
       }
-    } else if (integer.ValueOrDefault(kDefaultIntValue) >
+    } else if (integer.ValueOrDefault(0) >
                static_cast<uint32_t>(std::numeric_limits<int>::max())) {
-      integer = kDefaultIntValue;
+      integer = 0;
     }
   }
 
   // Switch back to the int space so we can flip to a negative if we need.
-  int value = static_cast<int>(integer.ValueOrDefault(kDefaultIntValue));
+  uint32_t uValue = integer.ValueOrDefault(0);
+  int32_t value = static_cast<int>(uValue);
   if (bNegative)
     value = -value;
 
diff --git a/core/fxcrt/fx_extension.cpp b/core/fxcrt/fx_extension.cpp
index f1e2583b40..5b577f745c 100644
--- a/core/fxcrt/fx_extension.cpp
+++ b/core/fxcrt/fx_extension.cpp
@@ -204,7 +204,7 @@ FX_FILESIZE CFX_MemoryStream::GetPosition() {
 bool CFX_MemoryStream::ReadBlock(void* buffer,
                                  FX_FILESIZE offset,
                                  size_t size) {
-  if (!buffer || !size)
+  if (!buffer || !size || offset < 0)
     return false;
 
   FX_SAFE_SIZE_T newPos = size;