Update safe numerics package to get bitwise ops

Fix callers conventions to avoid ambiguity. Fix bad bounds check unmasked by change. Directly include headers no longer pulled in by numerics itself. Review-Url: https://codereview.chromium.org/2640143003
author: tsepez <tsepez@chromium.org> 2017-01-23 14:36:20 -0800
committer: Commit bot <commit-bot@chromium.org> 2017-01-23 14:36:20 -0800
commit: 4022f87eb8716155291543efaaf289e51d7cbf43 (patch)
tree: 28e2a3b99367932ee84a92b1f6c913245e62afb1 /core
parent: b76f49b36baffea2b2ecb90d67c7b6bb734e7bb9 (diff)
download: pdfium-4022f87eb8716155291543efaaf289e51d7cbf43.tar.xz
11 files changed, 30 insertions, 26 deletions
diff --git a/core/fpdfapi/font/fpdf_font_cid.cpp b/core/fpdfapi/font/fpdf_font_cid.cpp
index 386eec334a..afb186d070 100644
--- a/core/fpdfapi/font/fpdf_font_cid.cpp
+++ b/core/fpdfapi/font/fpdf_font_cid.cpp
@@ -18,6 +18,7 @@
 #include "core/fpdfapi/parser/cpdf_simple_parser.h"
 #include "core/fxcrt/fx_ext.h"
 #include "core/fxge/fx_freetype.h"
+#include "third_party/base/logging.h"
 #include "third_party/base/stl_util.h"
 
 namespace {
diff --git a/core/fpdfapi/page/cpdf_psengine.h b/core/fpdfapi/page/cpdf_psengine.h
index 9bdaa67464..659ca82f6b 100644
--- a/core/fpdfapi/page/cpdf_psengine.h
+++ b/core/fpdfapi/page/cpdf_psengine.h
@@ -88,7 +88,6 @@ class CPDF_PSEngine {
   bool DoOperator(PDF_PSOP op);
   void Reset() { m_StackCount = 0; }
   void Push(FX_FLOAT value);
-  void Push(int value) { Push((FX_FLOAT)value); }
   FX_FLOAT Pop();
   uint32_t GetStackSize() const { return m_StackCount; }
 
diff --git a/core/fpdfapi/page/fpdf_page_func.cpp b/core/fpdfapi/page/fpdf_page_func.cpp
index 672bfc02be..9949e052c9 100644
--- a/core/fpdfapi/page/fpdf_page_func.cpp
+++ b/core/fpdfapi/page/fpdf_page_func.cpp
@@ -574,10 +574,9 @@ bool CPDF_SampledFunc::v_Call(FX_FLOAT* inputs, FX_FLOAT* results) const {
   if (!pSampleData)
     return false;
 
-  for (uint32_t j = 0; j < m_nOutputs; j++) {
+  for (uint32_t j = 0; j < m_nOutputs; j++, bitpos += m_nBitsPerSample) {
     uint32_t sample =
-        GetBits32(pSampleData, bitpos.ValueOrDie() + j * m_nBitsPerSample,
-                  m_nBitsPerSample);
+        GetBits32(pSampleData, bitpos.ValueOrDie(), m_nBitsPerSample);
     FX_FLOAT encoded = (FX_FLOAT)sample;
     for (uint32_t i = 0; i < m_nInputs; i++) {
       if (index[i] == m_EncodeInfo[i].sizes - 1) {
diff --git a/core/fpdfapi/parser/cpdf_hint_tables.cpp b/core/fpdfapi/parser/cpdf_hint_tables.cpp
index 5c0f2a7fbe..e000188e7d 100644
--- a/core/fpdfapi/parser/cpdf_hint_tables.cpp
+++ b/core/fpdfapi/parser/cpdf_hint_tables.cpp
@@ -257,7 +257,7 @@ bool CPDF_HintTables::ReadSharedObjHintTable(CFX_BitStream* hStream,
   bit_offset *= 8;
   if (!bit_offset.IsValid() || hStream->GetPos() > bit_offset.ValueOrDie())
     return false;
-  hStream->SkipBits(bit_offset.ValueOrDie() - hStream->GetPos());
+  hStream->SkipBits((bit_offset - hStream->GetPos()).ValueOrDie());
 
   const uint32_t kHeaderSize = 192;
   if (hStream->BitsRemaining() < kHeaderSize)
diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
index efb9f84059..ef3de92f76 100644
--- a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
+++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
@@ -11,6 +11,7 @@
 
 #include "core/fpdfapi/parser/cpdf_object.h"
 #include "core/fpdfapi/parser/cpdf_parser.h"
+#include "third_party/base/logging.h"
 
 CPDF_IndirectObjectHolder::CPDF_IndirectObjectHolder()
     : m_LastObjNum(0),
diff --git a/core/fxcrt/cfx_string_data_template.h b/core/fxcrt/cfx_string_data_template.h
index affd610011..c3e090fef0 100644
--- a/core/fxcrt/cfx_string_data_template.h
+++ b/core/fxcrt/cfx_string_data_template.h
@@ -30,7 +30,8 @@ class CFX_StringDataTemplate {
     // where we can save a re-alloc when adding a few characters to a string
     // by using this otherwise wasted space.
     nSize += 7;
-    int totalSize = nSize.ValueOrDie() & ~7;
+    nSize &= ~7;
+    int totalSize = nSize.ValueOrDie();
     int usableLen = (totalSize - overhead) / sizeof(CharType);
     ASSERT(usableLen >= nLen);
 
diff --git a/core/fxcrt/fx_basic_array.cpp b/core/fxcrt/fx_basic_array.cpp
index 92df0e00f8..83c981e9e7 100644
--- a/core/fxcrt/fx_basic_array.cpp
+++ b/core/fxcrt/fx_basic_array.cpp
@@ -33,7 +33,8 @@ bool CFX_BasicArray::SetSize(int nNewSize) {
       m_nSize = m_nMaxSize = 0;
       return false;
     }
-    m_pData = FX_Alloc(uint8_t, totalSize.ValueOrDie());
+    m_pData =
+        FX_Alloc(uint8_t, pdfium::base::ValueOrDieForType<size_t>(totalSize));
     m_nSize = m_nMaxSize = nNewSize;
   } else if (nNewSize <= m_nMaxSize) {
     if (nNewSize > m_nSize) {
@@ -48,7 +49,8 @@ bool CFX_BasicArray::SetSize(int nNewSize) {
     if (!totalSize.IsValid() || nNewMax < m_nSize) {
       return false;
     }
-    uint8_t* pNewData = FX_Realloc(uint8_t, m_pData, totalSize.ValueOrDie());
+    uint8_t* pNewData = FX_Realloc(
+        uint8_t, m_pData, pdfium::base::ValueOrDieForType<size_t>(totalSize));
     if (!pNewData) {
       return false;
     }
diff --git a/core/fxcrt/fx_basic_util.cpp b/core/fxcrt/fx_basic_util.cpp
index e52ff2ecee..f608e290a2 100644
--- a/core/fxcrt/fx_basic_util.cpp
+++ b/core/fxcrt/fx_basic_util.cpp
@@ -12,12 +12,6 @@
 #include <limits>
 #include <memory>
 
-namespace {
-
-const int kDefaultIntValue = 0;
-
-}  // namespace
-
 bool FX_atonum(const CFX_ByteStringC& strc, void* pData) {
   if (strc.Find('.') != -1) {
     FX_FLOAT* pFloat = static_cast<FX_FLOAT*>(pData);
@@ -54,18 +48,19 @@ bool FX_atonum(const CFX_ByteStringC& strc, void* pData) {
   // we've overflowed, reset to the default value.
   if (bSigned) {
     if (bNegative) {
-      if (integer.ValueOrDefault(kDefaultIntValue) >
+      if (integer.ValueOrDefault(0) >
           static_cast<uint32_t>(std::numeric_limits<int>::max()) + 1) {
-        integer = kDefaultIntValue;
+        integer = 0;
       }
-    } else if (integer.ValueOrDefault(kDefaultIntValue) >
+    } else if (integer.ValueOrDefault(0) >
                static_cast<uint32_t>(std::numeric_limits<int>::max())) {
-      integer = kDefaultIntValue;
+      integer = 0;
     }
   }
 
   // Switch back to the int space so we can flip to a negative if we need.
-  int value = static_cast<int>(integer.ValueOrDefault(kDefaultIntValue));
+  uint32_t uValue = integer.ValueOrDefault(0);
+  int32_t value = static_cast<int>(uValue);
   if (bNegative)
     value = -value;
 
diff --git a/core/fxcrt/fx_extension.cpp b/core/fxcrt/fx_extension.cpp
index f1e2583b40..5b577f745c 100644
--- a/core/fxcrt/fx_extension.cpp
+++ b/core/fxcrt/fx_extension.cpp
@@ -204,7 +204,7 @@ FX_FILESIZE CFX_MemoryStream::GetPosition() {
 bool CFX_MemoryStream::ReadBlock(void* buffer,
                                  FX_FILESIZE offset,
                                  size_t size) {
-  if (!buffer || !size)
+  if (!buffer || !size || offset < 0)
     return false;
 
   FX_SAFE_SIZE_T newPos = size;
diff --git a/core/fxge/ge/cfx_renderdevice.cpp b/core/fxge/ge/cfx_renderdevice.cpp
index 9c67a7d1e7..0e6a4e74af 100644
--- a/core/fxge/ge/cfx_renderdevice.cpp
+++ b/core/fxge/ge/cfx_renderdevice.cpp
@@ -1022,13 +1022,15 @@ bool CFX_RenderDevice::DrawNormalText(int nChars,
     bool bBGRStripe = !!(text_flags & FXTEXT_BGR_STRIPE);
     ncols /= 3;
     int x_subpixel = (int)(glyph.m_fOriginX * 3) % 3;
-    int start_col = std::max(left.ValueOrDie(), 0);
+    int start_col =
+        pdfium::base::ValueOrDieForType<int>(pdfium::base::CheckMax(left, 0));
     pdfium::base::CheckedNumeric<int> end_col_safe = left;
     end_col_safe += ncols;
     if (!end_col_safe.IsValid())
       return false;
 
-    int end_col = std::min(end_col_safe.ValueOrDie(), dest_width);
+    int end_col =
+        std::min(static_cast<int>(end_col_safe.ValueOrDie<int>()), dest_width);
     if (start_col >= end_col)
       continue;
 
diff --git a/core/fxge/ge/fx_ge_text.cpp b/core/fxge/ge/fx_ge_text.cpp
index ca88879d10..cc7ef7c6d7 100644
--- a/core/fxge/ge/fx_ge_text.cpp
+++ b/core/fxge/ge/fx_ge_text.cpp
@@ -79,10 +79,14 @@ FX_RECT FXGE_GetGlyphsBBox(const std::vector<FXTEXT_GLYPHPOS>& glyphs,
       continue;
 
     if (bStarted) {
-      rect.left = std::min(rect.left, char_left.ValueOrDie());
-      rect.right = std::max(rect.right, char_right.ValueOrDie());
-      rect.top = std::min(rect.top, char_top.ValueOrDie());
-      rect.bottom = std::max(rect.bottom, char_bottom.ValueOrDie());
+      rect.left = pdfium::base::ValueOrDieForType<int32_t>(
+          pdfium::base::CheckMin(rect.left, char_left));
+      rect.right = pdfium::base::ValueOrDieForType<int32_t>(
+          pdfium::base::CheckMax(rect.right, char_right));
+      rect.top = pdfium::base::ValueOrDieForType<int32_t>(
+          pdfium::base::CheckMin(rect.top, char_top));
+      rect.bottom = pdfium::base::ValueOrDieForType<int32_t>(
+          pdfium::base::CheckMax(rect.bottom, char_bottom));
       continue;
     }
author	tsepez <tsepez@chromium.org>	2017-01-23 14:36:20 -0800
committer	Commit bot <commit-bot@chromium.org>	2017-01-23 14:36:20 -0800
commit	4022f87eb8716155291543efaaf289e51d7cbf43 (patch)
tree	28e2a3b99367932ee84a92b1f6c913245e62afb1 /core
parent	b76f49b36baffea2b2ecb90d67c7b6bb734e7bb9 (diff)
download	pdfium-4022f87eb8716155291543efaaf289e51d7cbf43.tar.xz