diff options
author | Henrique Nakashima <hnakashima@chromium.org> | 2017-07-19 14:12:03 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-07-19 19:07:42 +0000 |
commit | eed247e9cb3b0e9ce5dcb8bf6ee7673c9dd3e544 (patch) | |
tree | 1fdf5130073a7567e5c88acb1c33fa8b81ae917c /core | |
parent | 88f474346523d64f64e444be0115c6226c9c62b3 (diff) | |
download | pdfium-eed247e9cb3b0e9ce5dcb8bf6ee7673c9dd3e544.tar.xz |
Converting CFX_ByteTextBuf to ostringstream in SAX.
Respin of https://pdfium-review.googlesource.com/c/6592 with fixes
that avoid invalid reads.
Bug: pdfium:731
Change-Id: I9395063505ba1a5c610e21b089ab8aa1a0a5b86f
Reviewed-on: https://pdfium-review.googlesource.com/8290
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/fxcrt/xml/cfx_saxcontext.cpp | 9 | ||||
-rw-r--r-- | core/fxcrt/xml/cfx_saxcontext.h | 7 | ||||
-rw-r--r-- | core/fxcrt/xml/cfx_saxreaderhandler.cpp | 28 |
3 files changed, 28 insertions, 16 deletions
diff --git a/core/fxcrt/xml/cfx_saxcontext.cpp b/core/fxcrt/xml/cfx_saxcontext.cpp new file mode 100644 index 0000000000..4e2f0c58c9 --- /dev/null +++ b/core/fxcrt/xml/cfx_saxcontext.cpp @@ -0,0 +1,9 @@ +// Copyright 2017 PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "core/fxcrt/xml/cfx_saxcontext.h" + +CFX_SAXContext::CFX_SAXContext() : m_eNode(CFX_SAXItem::Type::Unknown) {} + +CFX_SAXContext::~CFX_SAXContext() {} diff --git a/core/fxcrt/xml/cfx_saxcontext.h b/core/fxcrt/xml/cfx_saxcontext.h index 7afebed98d..fcc889f7a3 100644 --- a/core/fxcrt/xml/cfx_saxcontext.h +++ b/core/fxcrt/xml/cfx_saxcontext.h @@ -7,15 +7,18 @@ #ifndef CORE_FXCRT_XML_CFX_SAXCONTEXT_H_ #define CORE_FXCRT_XML_CFX_SAXCONTEXT_H_ +#include <sstream> + #include "core/fxcrt/fx_basic.h" #include "core/fxcrt/fx_string.h" #include "core/fxcrt/xml/cfx_saxreader.h" class CFX_SAXContext { public: - CFX_SAXContext() : m_eNode(CFX_SAXItem::Type::Unknown) {} + CFX_SAXContext(); + ~CFX_SAXContext(); - CFX_ByteTextBuf m_TextBuf; + std::ostringstream m_TextBuf; CFX_ByteString m_bsTagName; CFX_SAXItem::Type m_eNode; }; diff --git a/core/fxcrt/xml/cfx_saxreaderhandler.cpp b/core/fxcrt/xml/cfx_saxreaderhandler.cpp index e7b6cd186c..b8399ff5cc 100644 --- a/core/fxcrt/xml/cfx_saxreaderhandler.cpp +++ b/core/fxcrt/xml/cfx_saxreaderhandler.cpp @@ -6,6 +6,8 @@ #include "core/fxcrt/xml/cfx_saxreaderhandler.h" +#include <string> + #include "core/fxcrt/cfx_checksumcontext.h" CFX_SAXReaderHandler::CFX_SAXReaderHandler(CFX_ChecksumContext* pContext) @@ -26,12 +28,11 @@ CFX_SAXContext* CFX_SAXReaderHandler::OnTagEnter( } m_SAXContext.m_eNode = eType; - CFX_ByteTextBuf& textBuf = m_SAXContext.m_TextBuf; - textBuf << "<"; + m_SAXContext.m_TextBuf << "<"; if (eType == CFX_SAXItem::Type::Instruction) - textBuf << "?"; + m_SAXContext.m_TextBuf << "?"; - textBuf << bsTagName; + m_SAXContext.m_TextBuf << bsTagName; m_SAXContext.m_bsTagName = bsTagName; return &m_SAXContext; } @@ -59,24 +60,22 @@ void CFX_SAXReaderHandler::OnTagData(CFX_SAXContext* pTag, if (!pTag) return; - CFX_ByteTextBuf& textBuf = pTag->m_TextBuf; if (eType == CFX_SAXItem::Type::CharData) - textBuf << "<![CDATA["; + pTag->m_TextBuf << "<![CDATA["; - textBuf << bsData; + pTag->m_TextBuf << bsData; if (eType == CFX_SAXItem::Type::CharData) - textBuf << "]]>"; + pTag->m_TextBuf << "]]>"; } void CFX_SAXReaderHandler::OnTagClose(CFX_SAXContext* pTag, uint32_t dwEndPos) { if (!pTag) return; - CFX_ByteTextBuf& textBuf = pTag->m_TextBuf; if (pTag->m_eNode == CFX_SAXItem::Type::Instruction) - textBuf << "?>"; + pTag->m_TextBuf << "?>"; else if (pTag->m_eNode == CFX_SAXItem::Type::Tag) - textBuf << "></" << pTag->m_bsTagName.AsStringC() << ">"; + pTag->m_TextBuf << "></" << pTag->m_bsTagName.AsStringC() << ">"; UpdateChecksum(false); } @@ -107,11 +106,12 @@ void CFX_SAXReaderHandler::OnTargetData(CFX_SAXContext* pTag, } void CFX_SAXReaderHandler::UpdateChecksum(bool bCheckSpace) { - int32_t iLength = m_SAXContext.m_TextBuf.GetLength(); + int32_t iLength = m_SAXContext.m_TextBuf.tellp(); if (iLength < 1) return; - uint8_t* pBuffer = m_SAXContext.m_TextBuf.GetBuffer(); + std::string sBuffer = m_SAXContext.m_TextBuf.str(); + const uint8_t* pBuffer = reinterpret_cast<const uint8_t*>(sBuffer.c_str()); bool bUpdata = true; if (bCheckSpace) { bUpdata = false; @@ -124,5 +124,5 @@ void CFX_SAXReaderHandler::UpdateChecksum(bool bCheckSpace) { if (bUpdata) m_pContext->Update(CFX_ByteStringC(pBuffer, iLength)); - m_SAXContext.m_TextBuf.Clear(); + m_SAXContext.m_TextBuf.str(""); } |