diff options
| author | Dan Sinclair <dsinclair@chromium.org> | 2018-05-10 21:21:05 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-05-10 21:21:05 +0000 |
| commit | 5e0b271b69355b5692b6afd1cd2c04d08c3b380c (patch) | |
| tree | 8e7874577842b36d028198ddcda09884b8c7c93e /core | |
| parent | 5ad45e2f68bb796c562302e9fc2d963c279334c7 (diff) | |
| download | pdfium-5e0b271b69355b5692b6afd1cd2c04d08c3b380c.tar.xz | |
Fixup ASSERT in Bidi handling; Add bidi fuzzer.
This CL converts several asserts in the FX_Bidi code to continue instead
of asserting in the face of unexpected input.
A BIDI fuzzer has been added as well.
Bug: chromium:839695
Change-Id: If61f822bde7442c008d50be58f7cecffb6e5d658
Reviewed-on: https://pdfium-review.googlesource.com/32191
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core')
| -rw-r--r-- | core/fxcrt/fx_bidi.cpp | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/core/fxcrt/fx_bidi.cpp b/core/fxcrt/fx_bidi.cpp index 48504e5821..7261d80af3 100644 --- a/core/fxcrt/fx_bidi.cpp +++ b/core/fxcrt/fx_bidi.cpp @@ -329,12 +329,11 @@ class CFX_BidiLine { int32_t iLevelCur = 0; int32_t iState = FX_BWSxl; - size_t i = 0; size_t iNum = 0; int32_t iClsCur; int32_t iClsRun; int32_t iClsNew; - int32_t iAction; + size_t i = 0; for (; i <= iCount; ++i) { CFX_Char* pTC = &(*chars)[i]; iClsCur = pTC->m_iBidiClass; @@ -365,9 +364,10 @@ class CFX_BidiLine { continue; } } + if (iClsCur > FX_BIDICLASS_BN) + continue; - ASSERT(iClsCur <= FX_BIDICLASS_BN); - iAction = gc_FX_BidiWeakActions[iState][iClsCur]; + int32_t iAction = gc_FX_BidiWeakActions[iState][iClsCur]; iClsRun = GetDeferredType(iAction); if (iClsRun != FX_BWAXX && iNum > 0) { SetDeferredRun(chars, true, i, iNum, iClsRun); @@ -412,8 +412,9 @@ class CFX_BidiLine { ++iNum; continue; } + if (iClsCur >= FX_BIDICLASS_AL) + continue; - ASSERT(iClsCur < FX_BIDICLASS_AL); iAction = gc_FX_BidiNeutralActions[iState][iClsCur]; iClsRun = GetDeferredNeutrals(iAction, iLevel); if (iClsRun != FX_BIDICLASS_N && iNum > 0) { @@ -445,8 +446,9 @@ class CFX_BidiLine { int32_t iCls = (*chars)[i].m_iBidiClass; if (iCls == FX_BIDICLASS_BN) continue; + if (iCls <= FX_BIDICLASS_ON || iCls >= FX_BIDICLASS_AL) + continue; - ASSERT(iCls > FX_BIDICLASS_ON && iCls < FX_BIDICLASS_AL); int32_t iLevel = (*chars)[i].m_iBidiLevel; iLevel += gc_FX_BidiAddLevel[FX_IsOdd(iLevel)][iCls - 1]; (*chars)[i].m_iBidiLevel = (int16_t)iLevel; |