summaryrefslogtreecommitdiff
path: root/core/src/fxcrt
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2015-05-18 14:29:22 -0700
committerTom Sepez <tsepez@chromium.org>2015-05-18 14:29:22 -0700
commit038cd084817aca8017255a6b3782fcba2688d2cb (patch)
tree2f6a4e2c6969139dedc64961102b0dc8d0b8661d /core/src/fxcrt
parented099befbb300d6f9c393cb415fdb2a68c2ef471 (diff)
downloadpdfium-038cd084817aca8017255a6b3782fcba2688d2cb.tar.xz
Merge to XFA: Add safe FX_Alloc2D() macro
Original Review URL: https://codereview.chromium.org/1143663004 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1136673005
Diffstat (limited to 'core/src/fxcrt')
-rw-r--r--core/src/fxcrt/fx_basic_array.cpp5
-rw-r--r--core/src/fxcrt/fx_basic_memmgr_unittest.cpp7
2 files changed, 8 insertions, 4 deletions
diff --git a/core/src/fxcrt/fx_basic_array.cpp b/core/src/fxcrt/fx_basic_array.cpp
index 9bdc607bfe..5a2a2e54a1 100644
--- a/core/src/fxcrt/fx_basic_array.cpp
+++ b/core/src/fxcrt/fx_basic_array.cpp
@@ -189,10 +189,7 @@ void* CFX_BaseSegmentedArray::Add()
if (m_DataSize % m_SegmentSize) {
return GetAt(m_DataSize ++);
}
- void* pSegment = FX_Alloc(FX_BYTE, m_UnitSize * m_SegmentSize);
- if (!pSegment) {
- return NULL;
- }
+ void* pSegment = FX_Alloc2D(FX_BYTE, m_UnitSize, m_SegmentSize);
if (m_pIndex == NULL) {
m_pIndex = pSegment;
m_DataSize ++;
diff --git a/core/src/fxcrt/fx_basic_memmgr_unittest.cpp b/core/src/fxcrt/fx_basic_memmgr_unittest.cpp
index 565021d29e..c70f3b197d 100644
--- a/core/src/fxcrt/fx_basic_memmgr_unittest.cpp
+++ b/core/src/fxcrt/fx_basic_memmgr_unittest.cpp
@@ -12,6 +12,8 @@ namespace {
const size_t kMaxByteAlloc = std::numeric_limits<size_t>::max();
const size_t kMaxIntAlloc = kMaxByteAlloc / sizeof(int);
const size_t kOverflowIntAlloc = kMaxIntAlloc + 100;
+const size_t kWidth = 640;
+const size_t kOverflowIntAlloc2D = kMaxIntAlloc / kWidth + 10;
} // namespace
@@ -35,6 +37,11 @@ TEST(fxcrt, FX_AllocOverflow) {
FX_Free(ptr);
}
+TEST(fxcrt, FX_AllocOverflow2D) {
+ EXPECT_DEATH_IF_SUPPORTED(
+ FX_Alloc2D(int, kWidth, kOverflowIntAlloc2D), "");
+}
+
TEST(fxcrt, DISABLED_FX_TryAllocOOM) {
EXPECT_FALSE(FX_TryAlloc(int, kMaxIntAlloc));