summaryrefslogtreecommitdiff
path: root/core/fxcrt
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2018-04-12 18:33:55 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-04-12 18:33:55 +0000
commit154e18f9a862975abecebe77b8f5fb418418d14c (patch)
tree18e9381c1a4324abcd98296e1e1714c2f926e006 /core/fxcrt
parent7f821c11081fe90346823333622253ec7949b583 (diff)
downloadpdfium-154e18f9a862975abecebe77b8f5fb418418d14c.tar.xz
Return pdfium::span<wchar_t> from WideString::GetBuffer().
Adds bounds checking "for free", but beware of span outliving a ReleaseBuffer() call. Scoping as such avoids the possibility of using an invalid span (and it is flagged as a lifetime issue). Change-Id: Ica63f4b1429823d0254ec6951aeaeb08160cb93c Reviewed-on: https://pdfium-review.googlesource.com/30310 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcrt')
-rw-r--r--core/fxcrt/cfx_blockbuffer.cpp55
-rw-r--r--core/fxcrt/widestring.cpp65
-rw-r--r--core/fxcrt/widestring.h7
-rw-r--r--core/fxcrt/widestring_unittest.cpp21
4 files changed, 82 insertions, 66 deletions
diff --git a/core/fxcrt/cfx_blockbuffer.cpp b/core/fxcrt/cfx_blockbuffer.cpp
index 13134f0e7b..6a7d98aa18 100644
--- a/core/fxcrt/cfx_blockbuffer.cpp
+++ b/core/fxcrt/cfx_blockbuffer.cpp
@@ -77,36 +77,39 @@ WideString CFX_BlockBuffer::GetTextData(size_t start, size_t length) const {
size_t maybeDataLength = m_BufferSize - 1 - m_StartPosition;
if (start > maybeDataLength)
return WideString();
- length = std::min(length, maybeDataLength);
- WideString wsTextData;
- wchar_t* pBuf = wsTextData.GetBuffer(length);
- if (!pBuf)
+ length = std::min(length, maybeDataLength);
+ if (!length)
return WideString();
- size_t startBlock = 0;
- size_t startInner = 0;
- std::tie(startBlock, startInner) = TextDataIndex2BufIndex(start);
-
- size_t endBlock = 0;
- size_t endInner = 0;
- std::tie(endBlock, endInner) = TextDataIndex2BufIndex(start + length);
-
- size_t pointer = 0;
- for (size_t i = startBlock; i <= endBlock; ++i) {
- size_t bufferPointer = 0;
- size_t copyLength = kAllocStep;
- if (i == startBlock) {
- copyLength -= startInner;
- bufferPointer = startInner;
+ WideString wsTextData;
+ {
+ // Span's lifetime must end before ReleaseBuffer() below.
+ pdfium::span<wchar_t> pBuf = wsTextData.GetBuffer(length);
+ size_t startBlock = 0;
+ size_t startInner = 0;
+ std::tie(startBlock, startInner) = TextDataIndex2BufIndex(start);
+
+ size_t endBlock = 0;
+ size_t endInner = 0;
+ std::tie(endBlock, endInner) = TextDataIndex2BufIndex(start + length);
+
+ size_t pointer = 0;
+ for (size_t i = startBlock; i <= endBlock; ++i) {
+ size_t bufferPointer = 0;
+ size_t copyLength = kAllocStep;
+ if (i == startBlock) {
+ copyLength -= startInner;
+ bufferPointer = startInner;
+ }
+ if (i == endBlock)
+ copyLength -= ((kAllocStep - 1) - endInner);
+
+ wchar_t* pBlockBuf = m_BlockArray[i].get();
+ memcpy(&pBuf[pointer], pBlockBuf + bufferPointer,
+ copyLength * sizeof(wchar_t));
+ pointer += copyLength;
}
- if (i == endBlock)
- copyLength -= ((kAllocStep - 1) - endInner);
-
- wchar_t* pBlockBuf = m_BlockArray[i].get();
- memcpy(pBuf + pointer, pBlockBuf + bufferPointer,
- copyLength * sizeof(wchar_t));
- pointer += copyLength;
}
wsTextData.ReleaseBuffer(length);
return wsTextData;
diff --git a/core/fxcrt/widestring.cpp b/core/fxcrt/widestring.cpp
index 7b5bf66fd3..a3525593ee 100644
--- a/core/fxcrt/widestring.cpp
+++ b/core/fxcrt/widestring.cpp
@@ -252,22 +252,27 @@ Optional<size_t> GuessSizeForVSWPrintf(const wchar_t* pFormat,
Optional<WideString> TryVSWPrintf(size_t size,
const wchar_t* pFormat,
va_list argList) {
- WideString str;
- wchar_t* buffer = str.GetBuffer(size);
-
- // In the following two calls, there's always space in the buffer for
- // a terminating NUL that's not included in nMaxLen.
- // For vswprintf(), MSAN won't untaint the buffer on a truncated write's
- // -1 return code even though the buffer is written. Probably just as well
- // not to trust the vendor's implementation to write anything anyways.
- // See https://crbug.com/705912.
- memset(buffer, 0, (size + 1) * sizeof(wchar_t));
- int ret = vswprintf(buffer, size + 1, pFormat, argList);
-
- bool bSufficientBuffer = ret >= 0 || buffer[size - 1] == 0;
- if (!bSufficientBuffer)
+ if (!size)
return {};
+ WideString str;
+ {
+ // Span's lifetime must end before ReleaseBuffer() below.
+ pdfium::span<wchar_t> buffer = str.GetBuffer(size);
+
+ // In the following two calls, there's always space in the WideString
+ // for a terminating NUL that's not included in the span.
+ // For vswprintf(), MSAN won't untaint the buffer on a truncated write's
+ // -1 return code even though the buffer is written. Probably just as well
+ // not to trust the vendor's implementation to write anything anyways.
+ // See https://crbug.com/705912.
+ memset(buffer.data(), 0, (size + 1) * sizeof(wchar_t));
+ int ret = vswprintf(buffer.data(), size + 1, pFormat, argList);
+
+ bool bSufficientBuffer = ret >= 0 || buffer[size - 1] == 0;
+ if (!bSufficientBuffer)
+ return {};
+ }
str.ReleaseBuffer(str.GetStringLength());
return {str};
}
@@ -299,9 +304,12 @@ WideString GetWideString(uint16_t codepage, const ByteStringView& bstr) {
return WideString();
WideString wstr;
- wchar_t* dest_buf = wstr.GetBuffer(dest_len);
- FXSYS_MultiByteToWideChar(codepage, 0, bstr.unterminated_c_str(), src_len,
- dest_buf, dest_len);
+ {
+ // Span's lifetime must end before ReleaseBuffer() below.
+ pdfium::span<wchar_t> dest_buf = wstr.GetBuffer(dest_len);
+ FXSYS_MultiByteToWideChar(codepage, 0, bstr.unterminated_c_str(), src_len,
+ dest_buf.data(), dest_len);
+ }
wstr.ReleaseBuffer(dest_len);
return wstr;
}
@@ -586,29 +594,29 @@ void WideString::Reserve(size_t len) {
GetBuffer(len);
}
-wchar_t* WideString::GetBuffer(size_t nMinBufLength) {
+pdfium::span<wchar_t> WideString::GetBuffer(size_t nMinBufLength) {
if (!m_pData) {
if (nMinBufLength == 0)
- return nullptr;
+ return pdfium::span<wchar_t>();
m_pData.Reset(StringData::Create(nMinBufLength));
m_pData->m_nDataLength = 0;
m_pData->m_String[0] = 0;
- return m_pData->m_String;
+ return pdfium::span<wchar_t>(m_pData->m_String, m_pData->m_nAllocLength);
}
if (m_pData->CanOperateInPlace(nMinBufLength))
- return m_pData->m_String;
+ return pdfium::span<wchar_t>(m_pData->m_String, m_pData->m_nAllocLength);
nMinBufLength = std::max(nMinBufLength, m_pData->m_nDataLength);
if (nMinBufLength == 0)
- return nullptr;
+ return pdfium::span<wchar_t>();
RetainPtr<StringData> pNewData(StringData::Create(nMinBufLength));
pNewData->CopyContents(*m_pData);
pNewData->m_nDataLength = m_pData->m_nDataLength;
m_pData.Swap(pNewData);
- return m_pData->m_String;
+ return pdfium::span<wchar_t>(m_pData->m_String, m_pData->m_nAllocLength);
}
size_t WideString::Delete(size_t index, size_t count) {
@@ -885,14 +893,15 @@ WideString WideString::FromUTF8(const ByteStringView& str) {
// static
WideString WideString::FromUTF16LE(const unsigned short* wstr, size_t wlen) {
- if (!wstr || wlen == 0) {
+ if (!wstr || wlen == 0)
return WideString();
- }
WideString result;
- wchar_t* buf = result.GetBuffer(wlen);
- for (size_t i = 0; i < wlen; i++) {
- buf[i] = wstr[i];
+ {
+ // Span's lifetime must end before ReleaseBuffer() below.
+ pdfium::span<wchar_t> buf = result.GetBuffer(wlen);
+ for (size_t i = 0; i < wlen; i++)
+ buf[i] = wstr[i];
}
result.ReleaseBuffer(wlen);
return result;
diff --git a/core/fxcrt/widestring.h b/core/fxcrt/widestring.h
index 30a423d9aa..f6c24375a0 100644
--- a/core/fxcrt/widestring.h
+++ b/core/fxcrt/widestring.h
@@ -17,7 +17,7 @@
#include "core/fxcrt/string_data_template.h"
#include "core/fxcrt/string_view_template.h"
#include "third_party/base/optional.h"
-
+#include "third_party/base/span.h"
namespace fxcrt {
@@ -163,7 +163,10 @@ class WideString {
void TrimRight(const WideStringView& targets);
void Reserve(size_t len);
- wchar_t* GetBuffer(size_t len);
+
+ // Note: any modification of the string (including ReleaseBuffer()) may
+ // invalidate the span, which must not outlive its buffer.
+ pdfium::span<wchar_t> GetBuffer(size_t len);
void ReleaseBuffer(size_t len);
int GetInteger() const;
diff --git a/core/fxcrt/widestring_unittest.cpp b/core/fxcrt/widestring_unittest.cpp
index 473d59c491..ad91249c8e 100644
--- a/core/fxcrt/widestring_unittest.cpp
+++ b/core/fxcrt/widestring_unittest.cpp
@@ -813,20 +813,21 @@ TEST(WideString, Reserve) {
}
TEST(WideString, GetBuffer) {
+ WideString str1;
{
- WideString str;
- wchar_t* buffer = str.GetBuffer(12);
- wcscpy(buffer, L"clams");
- str.ReleaseBuffer(str.GetStringLength());
- EXPECT_EQ(L"clams", str);
+ pdfium::span<wchar_t> buffer = str1.GetBuffer(12);
+ wcscpy(buffer.data(), L"clams");
}
+ str1.ReleaseBuffer(str1.GetStringLength());
+ EXPECT_EQ(L"clams", str1);
+
+ WideString str2(L"cl");
{
- WideString str(L"cl");
- wchar_t* buffer = str.GetBuffer(12);
- wcscpy(buffer + 2, L"ams");
- str.ReleaseBuffer(str.GetStringLength());
- EXPECT_EQ(L"clams", str);
+ pdfium::span<wchar_t> buffer = str2.GetBuffer(12);
+ wcscpy(buffer.data() + 2, L"ams");
}
+ str2.ReleaseBuffer(str2.GetStringLength());
+ EXPECT_EQ(L"clams", str2);
}
TEST(WideString, ReleaseBuffer) {