summaryrefslogtreecommitdiff
path: root/core/src
diff options
context:
space:
mode:
authorChris Palmer <palmer@google.com>2014-07-23 15:00:32 -0700
committerChris Palmer <palmer@google.com>2014-07-23 15:00:32 -0700
commita08cf99d066b16e4e16393efc15174193e002371 (patch)
tree8199f4122d1bdb2ca7211eb817002e97e11ee251 /core/src
parent141d61d1f6255923f46b6f0b97614e27c9c4dc86 (diff)
downloadpdfium-chromium/2107.tar.xz
The |nGrowBy| argument to |SetSize| was always -1, which caused the effective m_nGrowBy value to always be its default value: 0. So it was not needed, and was cluttering up the logic. BUG=384662 Check for integer overflow in CFX_BasicArray. BUG=384662 R=bo_xu@foxitsoftware.com, rsesek@chromium.org Review URL: https://codereview.chromium.org/415803002
Diffstat (limited to 'core/src')
-rw-r--r--core/src/fxcrt/extension.h2
-rw-r--r--core/src/fxcrt/fx_basic_array.cpp26
2 files changed, 7 insertions, 21 deletions
diff --git a/core/src/fxcrt/extension.h b/core/src/fxcrt/extension.h
index a736425d57..a2d0a1462f 100644
--- a/core/src/fxcrt/extension.h
+++ b/core/src/fxcrt/extension.h
@@ -358,7 +358,7 @@ protected:
}
FX_INT32 iCount = m_Blocks.GetSize();
size = (size - m_nTotalSize + m_nGrowSize - 1) / m_nGrowSize;
- m_Blocks.SetSize(m_Blocks.GetSize() + (FX_INT32)size, -1);
+ m_Blocks.SetSize(m_Blocks.GetSize() + (FX_INT32)size);
while (size --) {
FX_LPBYTE pBlock = FX_Alloc(FX_BYTE, m_nGrowSize);
if (!pBlock) {
diff --git a/core/src/fxcrt/fx_basic_array.cpp b/core/src/fxcrt/fx_basic_array.cpp
index f65d8efcd9..0694cf9cbd 100644
--- a/core/src/fxcrt/fx_basic_array.cpp
+++ b/core/src/fxcrt/fx_basic_array.cpp
@@ -11,7 +11,6 @@ CFX_BasicArray::CFX_BasicArray(int unit_size)
: m_pData(NULL)
, m_nSize(0)
, m_nMaxSize(0)
- , m_nGrowBy(0)
{
if (unit_size < 0 || unit_size > (1 << 28)) {
m_nUnitSize = 4;
@@ -23,7 +22,7 @@ CFX_BasicArray::~CFX_BasicArray()
{
FX_Free(m_pData);
}
-FX_BOOL CFX_BasicArray::SetSize(int nNewSize, int nGrowBy)
+FX_BOOL CFX_BasicArray::SetSize(int nNewSize)
{
if (nNewSize <= 0) {
FX_Free(m_pData);
@@ -32,8 +31,6 @@ FX_BOOL CFX_BasicArray::SetSize(int nNewSize, int nGrowBy)
return 0 == nNewSize;
}
- m_nGrowBy = nGrowBy >= 0 ? nGrowBy : m_nGrowBy;
-
if (m_pData == NULL) {
base::CheckedNumeric<int> totalSize = nNewSize;
totalSize *= m_nUnitSize;
@@ -53,18 +50,7 @@ FX_BOOL CFX_BasicArray::SetSize(int nNewSize, int nGrowBy)
}
m_nSize = nNewSize;
} else {
- int nGrowBy = m_nGrowBy;
- if (nGrowBy == 0) {
- nGrowBy = m_nSize / 8;
- nGrowBy = (nGrowBy < 4) ? 4 : ((nGrowBy > 1024) ? 1024 : nGrowBy);
- }
- int nNewMax;
- if (nNewSize < m_nMaxSize + nGrowBy) {
- nNewMax = m_nMaxSize + nGrowBy;
- } else {
- nNewMax = nNewSize;
- }
-
+ int nNewMax = nNewSize < m_nMaxSize ? m_nMaxSize : nNewSize;
base::CheckedNumeric<int> totalSize = nNewMax;
totalSize *= m_nUnitSize;
if (!totalSize.IsValid() || nNewMax < m_nSize) {
@@ -86,7 +72,7 @@ FX_BOOL CFX_BasicArray::Append(const CFX_BasicArray& src)
int nOldSize = m_nSize;
base::CheckedNumeric<int> newSize = m_nSize;
newSize += src.m_nSize;
- if (m_nUnitSize != src.m_nUnitSize || !newSize.IsValid() || !SetSize(newSize.ValueOrDie(), -1)) {
+ if (m_nUnitSize != src.m_nUnitSize || !newSize.IsValid() || !SetSize(newSize.ValueOrDie())) {
return FALSE;
}
@@ -95,7 +81,7 @@ FX_BOOL CFX_BasicArray::Append(const CFX_BasicArray& src)
}
FX_BOOL CFX_BasicArray::Copy(const CFX_BasicArray& src)
{
- if (!SetSize(src.m_nSize, -1)) {
+ if (!SetSize(src.m_nSize)) {
return FALSE;
}
FXSYS_memcpy32(m_pData, src.m_pData, src.m_nSize * m_nUnitSize);
@@ -107,12 +93,12 @@ FX_LPBYTE CFX_BasicArray::InsertSpaceAt(int nIndex, int nCount)
return NULL;
}
if (nIndex >= m_nSize) {
- if (!SetSize(nIndex + nCount, -1)) {
+ if (!SetSize(nIndex + nCount)) {
return NULL;
}
} else {
int nOldSize = m_nSize;
- if (!SetSize(m_nSize + nCount, -1)) {
+ if (!SetSize(m_nSize + nCount)) {
return NULL;
}
FXSYS_memmove32(m_pData + (nIndex + nCount)*m_nUnitSize, m_pData + nIndex * m_nUnitSize,