diff options
author | Tom Sepez <tsepez@chromium.org> | 2018-04-12 18:33:55 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-04-12 18:33:55 +0000 |
commit | 154e18f9a862975abecebe77b8f5fb418418d14c (patch) | |
tree | 18e9381c1a4324abcd98296e1e1714c2f926e006 /core/fxcrt | |
parent | 7f821c11081fe90346823333622253ec7949b583 (diff) | |
download | pdfium-154e18f9a862975abecebe77b8f5fb418418d14c.tar.xz |
Return pdfium::span<wchar_t> from WideString::GetBuffer().
Adds bounds checking "for free", but beware of span outliving
a ReleaseBuffer() call. Scoping as such avoids the possibility
of using an invalid span (and it is flagged as a lifetime issue).
Change-Id: Ica63f4b1429823d0254ec6951aeaeb08160cb93c
Reviewed-on: https://pdfium-review.googlesource.com/30310
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcrt')
-rw-r--r-- | core/fxcrt/cfx_blockbuffer.cpp | 55 | ||||
-rw-r--r-- | core/fxcrt/widestring.cpp | 65 | ||||
-rw-r--r-- | core/fxcrt/widestring.h | 7 | ||||
-rw-r--r-- | core/fxcrt/widestring_unittest.cpp | 21 |
4 files changed, 82 insertions, 66 deletions
diff --git a/core/fxcrt/cfx_blockbuffer.cpp b/core/fxcrt/cfx_blockbuffer.cpp index 13134f0e7b..6a7d98aa18 100644 --- a/core/fxcrt/cfx_blockbuffer.cpp +++ b/core/fxcrt/cfx_blockbuffer.cpp @@ -77,36 +77,39 @@ WideString CFX_BlockBuffer::GetTextData(size_t start, size_t length) const { size_t maybeDataLength = m_BufferSize - 1 - m_StartPosition; if (start > maybeDataLength) return WideString(); - length = std::min(length, maybeDataLength); - WideString wsTextData; - wchar_t* pBuf = wsTextData.GetBuffer(length); - if (!pBuf) + length = std::min(length, maybeDataLength); + if (!length) return WideString(); - size_t startBlock = 0; - size_t startInner = 0; - std::tie(startBlock, startInner) = TextDataIndex2BufIndex(start); - - size_t endBlock = 0; - size_t endInner = 0; - std::tie(endBlock, endInner) = TextDataIndex2BufIndex(start + length); - - size_t pointer = 0; - for (size_t i = startBlock; i <= endBlock; ++i) { - size_t bufferPointer = 0; - size_t copyLength = kAllocStep; - if (i == startBlock) { - copyLength -= startInner; - bufferPointer = startInner; + WideString wsTextData; + { + // Span's lifetime must end before ReleaseBuffer() below. + pdfium::span<wchar_t> pBuf = wsTextData.GetBuffer(length); + size_t startBlock = 0; + size_t startInner = 0; + std::tie(startBlock, startInner) = TextDataIndex2BufIndex(start); + + size_t endBlock = 0; + size_t endInner = 0; + std::tie(endBlock, endInner) = TextDataIndex2BufIndex(start + length); + + size_t pointer = 0; + for (size_t i = startBlock; i <= endBlock; ++i) { + size_t bufferPointer = 0; + size_t copyLength = kAllocStep; + if (i == startBlock) { + copyLength -= startInner; + bufferPointer = startInner; + } + if (i == endBlock) + copyLength -= ((kAllocStep - 1) - endInner); + + wchar_t* pBlockBuf = m_BlockArray[i].get(); + memcpy(&pBuf[pointer], pBlockBuf + bufferPointer, + copyLength * sizeof(wchar_t)); + pointer += copyLength; } - if (i == endBlock) - copyLength -= ((kAllocStep - 1) - endInner); - - wchar_t* pBlockBuf = m_BlockArray[i].get(); - memcpy(pBuf + pointer, pBlockBuf + bufferPointer, - copyLength * sizeof(wchar_t)); - pointer += copyLength; } wsTextData.ReleaseBuffer(length); return wsTextData; diff --git a/core/fxcrt/widestring.cpp b/core/fxcrt/widestring.cpp index 7b5bf66fd3..a3525593ee 100644 --- a/core/fxcrt/widestring.cpp +++ b/core/fxcrt/widestring.cpp @@ -252,22 +252,27 @@ Optional<size_t> GuessSizeForVSWPrintf(const wchar_t* pFormat, Optional<WideString> TryVSWPrintf(size_t size, const wchar_t* pFormat, va_list argList) { - WideString str; - wchar_t* buffer = str.GetBuffer(size); - - // In the following two calls, there's always space in the buffer for - // a terminating NUL that's not included in nMaxLen. - // For vswprintf(), MSAN won't untaint the buffer on a truncated write's - // -1 return code even though the buffer is written. Probably just as well - // not to trust the vendor's implementation to write anything anyways. - // See https://crbug.com/705912. - memset(buffer, 0, (size + 1) * sizeof(wchar_t)); - int ret = vswprintf(buffer, size + 1, pFormat, argList); - - bool bSufficientBuffer = ret >= 0 || buffer[size - 1] == 0; - if (!bSufficientBuffer) + if (!size) return {}; + WideString str; + { + // Span's lifetime must end before ReleaseBuffer() below. + pdfium::span<wchar_t> buffer = str.GetBuffer(size); + + // In the following two calls, there's always space in the WideString + // for a terminating NUL that's not included in the span. + // For vswprintf(), MSAN won't untaint the buffer on a truncated write's + // -1 return code even though the buffer is written. Probably just as well + // not to trust the vendor's implementation to write anything anyways. + // See https://crbug.com/705912. + memset(buffer.data(), 0, (size + 1) * sizeof(wchar_t)); + int ret = vswprintf(buffer.data(), size + 1, pFormat, argList); + + bool bSufficientBuffer = ret >= 0 || buffer[size - 1] == 0; + if (!bSufficientBuffer) + return {}; + } str.ReleaseBuffer(str.GetStringLength()); return {str}; } @@ -299,9 +304,12 @@ WideString GetWideString(uint16_t codepage, const ByteStringView& bstr) { return WideString(); WideString wstr; - wchar_t* dest_buf = wstr.GetBuffer(dest_len); - FXSYS_MultiByteToWideChar(codepage, 0, bstr.unterminated_c_str(), src_len, - dest_buf, dest_len); + { + // Span's lifetime must end before ReleaseBuffer() below. + pdfium::span<wchar_t> dest_buf = wstr.GetBuffer(dest_len); + FXSYS_MultiByteToWideChar(codepage, 0, bstr.unterminated_c_str(), src_len, + dest_buf.data(), dest_len); + } wstr.ReleaseBuffer(dest_len); return wstr; } @@ -586,29 +594,29 @@ void WideString::Reserve(size_t len) { GetBuffer(len); } -wchar_t* WideString::GetBuffer(size_t nMinBufLength) { +pdfium::span<wchar_t> WideString::GetBuffer(size_t nMinBufLength) { if (!m_pData) { if (nMinBufLength == 0) - return nullptr; + return pdfium::span<wchar_t>(); m_pData.Reset(StringData::Create(nMinBufLength)); m_pData->m_nDataLength = 0; m_pData->m_String[0] = 0; - return m_pData->m_String; + return pdfium::span<wchar_t>(m_pData->m_String, m_pData->m_nAllocLength); } if (m_pData->CanOperateInPlace(nMinBufLength)) - return m_pData->m_String; + return pdfium::span<wchar_t>(m_pData->m_String, m_pData->m_nAllocLength); nMinBufLength = std::max(nMinBufLength, m_pData->m_nDataLength); if (nMinBufLength == 0) - return nullptr; + return pdfium::span<wchar_t>(); RetainPtr<StringData> pNewData(StringData::Create(nMinBufLength)); pNewData->CopyContents(*m_pData); pNewData->m_nDataLength = m_pData->m_nDataLength; m_pData.Swap(pNewData); - return m_pData->m_String; + return pdfium::span<wchar_t>(m_pData->m_String, m_pData->m_nAllocLength); } size_t WideString::Delete(size_t index, size_t count) { @@ -885,14 +893,15 @@ WideString WideString::FromUTF8(const ByteStringView& str) { // static WideString WideString::FromUTF16LE(const unsigned short* wstr, size_t wlen) { - if (!wstr || wlen == 0) { + if (!wstr || wlen == 0) return WideString(); - } WideString result; - wchar_t* buf = result.GetBuffer(wlen); - for (size_t i = 0; i < wlen; i++) { - buf[i] = wstr[i]; + { + // Span's lifetime must end before ReleaseBuffer() below. + pdfium::span<wchar_t> buf = result.GetBuffer(wlen); + for (size_t i = 0; i < wlen; i++) + buf[i] = wstr[i]; } result.ReleaseBuffer(wlen); return result; diff --git a/core/fxcrt/widestring.h b/core/fxcrt/widestring.h index 30a423d9aa..f6c24375a0 100644 --- a/core/fxcrt/widestring.h +++ b/core/fxcrt/widestring.h @@ -17,7 +17,7 @@ #include "core/fxcrt/string_data_template.h" #include "core/fxcrt/string_view_template.h" #include "third_party/base/optional.h" - +#include "third_party/base/span.h" namespace fxcrt { @@ -163,7 +163,10 @@ class WideString { void TrimRight(const WideStringView& targets); void Reserve(size_t len); - wchar_t* GetBuffer(size_t len); + + // Note: any modification of the string (including ReleaseBuffer()) may + // invalidate the span, which must not outlive its buffer. + pdfium::span<wchar_t> GetBuffer(size_t len); void ReleaseBuffer(size_t len); int GetInteger() const; diff --git a/core/fxcrt/widestring_unittest.cpp b/core/fxcrt/widestring_unittest.cpp index 473d59c491..ad91249c8e 100644 --- a/core/fxcrt/widestring_unittest.cpp +++ b/core/fxcrt/widestring_unittest.cpp @@ -813,20 +813,21 @@ TEST(WideString, Reserve) { } TEST(WideString, GetBuffer) { + WideString str1; { - WideString str; - wchar_t* buffer = str.GetBuffer(12); - wcscpy(buffer, L"clams"); - str.ReleaseBuffer(str.GetStringLength()); - EXPECT_EQ(L"clams", str); + pdfium::span<wchar_t> buffer = str1.GetBuffer(12); + wcscpy(buffer.data(), L"clams"); } + str1.ReleaseBuffer(str1.GetStringLength()); + EXPECT_EQ(L"clams", str1); + + WideString str2(L"cl"); { - WideString str(L"cl"); - wchar_t* buffer = str.GetBuffer(12); - wcscpy(buffer + 2, L"ams"); - str.ReleaseBuffer(str.GetStringLength()); - EXPECT_EQ(L"clams", str); + pdfium::span<wchar_t> buffer = str2.GetBuffer(12); + wcscpy(buffer.data() + 2, L"ams"); } + str2.ReleaseBuffer(str2.GetStringLength()); + EXPECT_EQ(L"clams", str2); } TEST(WideString, ReleaseBuffer) { |