diff options
author | Bo Xu <bo_xu@foxitsoftware.com> | 2014-07-14 12:13:53 -0700 |
---|---|---|
committer | Bo Xu <bo_xu@foxitsoftware.com> | 2014-07-14 12:13:53 -0700 |
commit | 8daab317ff959905e926b861a7d2aa876fd10429 (patch) | |
tree | d42dbefe9bbdf4492c537253fbc23abf21585fb5 /fpdfsdk/src/javascript/app.cpp | |
parent | 456cde93a928629bbf2ac64bda13ef7923359823 (diff) | |
download | pdfium-8daab317ff959905e926b861a7d2aa876fd10429.tar.xz |
Fix an out-of-boundary issue for wide string
BUG=381521
R=palmer@chromium.org
Review URL: https://codereview.chromium.org/383563002
Diffstat (limited to 'fpdfsdk/src/javascript/app.cpp')
-rw-r--r-- | fpdfsdk/src/javascript/app.cpp | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/fpdfsdk/src/javascript/app.cpp b/fpdfsdk/src/javascript/app.cpp index a3e61c01ab..3b92a992d9 100644 --- a/fpdfsdk/src/javascript/app.cpp +++ b/fpdfsdk/src/javascript/app.cpp @@ -886,15 +886,15 @@ FX_BOOL app::browseForDoc(OBJ_METHOD_PARAMS) { JSObject pObj = (JSObject )params[0]; - v8::Handle<v8::Value> pValue = JS_GetObjectElement(isolate,pObj,L"bSave"); - bSave = (bool)CJS_Value(isolate,pValue,GET_VALUE_TYPE(pValue)); - + v8::Handle<v8::Value> pValue = JS_GetObjectElement(isolate,pObj,L"bSave"); + bSave = (bool)CJS_Value(isolate,pValue,GET_VALUE_TYPE(pValue)); + pValue = JS_GetObjectElement(isolate, pObj,L"cFilenameInit"); { CJS_Value t = CJS_Value(isolate, pValue, GET_VALUE_TYPE(pValue)); - cFilenameInit = t.operator CFX_ByteString(); + cFilenameInit = t.operator CFX_ByteString(); } - + pValue = JS_GetObjectElement(isolate,pObj,L"cFSInit"); { CJS_Value t = CJS_Value(isolate, pValue, GET_VALUE_TYPE(pValue)); @@ -1097,25 +1097,23 @@ FX_BOOL app::response(OBJ_METHOD_PARAMS) } CJS_Context* pContext = (CJS_Context *)cc; - ASSERT(pContext != NULL); + ASSERT(pContext != NULL); CPDFDoc_Environment* pApp = pContext->GetReaderApp(); - ASSERT(pApp != NULL); + ASSERT(pApp != NULL); int nLength = 2048; char* pBuff = new char[nLength]; nLength = pApp->JS_appResponse(swQuestion, swTitle, swDefault, swLabel, bPassWord, pBuff, nLength); if(nLength<=0) { + delete[] pBuff; vRet.SetNull(); return FALSE; } else { - nLength = nLength>2046?2046:nLength; - pBuff[nLength] = 0; - pBuff[nLength+1] = 0; - swResponse = CFX_WideString::FromUTF16LE((unsigned short*)pBuff, nLength); - vRet = swResponse; + nLength = nLength > sizeof(pBuff) ? sizeof(pBuff) : nLength; + vRet = swResponse = CFX_WideString::FromUTF16LE((unsigned short*)pBuff, nLength / 2); } delete[] pBuff; |