diff options
| author | Chris Palmer <palmer@google.com> | 2014-06-20 16:30:49 -0700 |
|---|---|---|
| committer | Chris Palmer <palmer@google.com> | 2014-06-20 16:30:49 -0700 |
| commit | d9713f05fdcecab8428d39034c6b84cd0bbd2920 (patch) | |
| tree | 1bf7cf8f0aff9f917f4e7e0bec1dc51e974c9832 /fpdfsdk/src/javascript | |
| parent | 63412bf0ec2f6bab77e60dddfb5fc65d0dd95a74 (diff) | |
| download | pdfium-d9713f05fdcecab8428d39034c6b84cd0bbd2920.tar.xz | |
Import Chromium base/numerics to resolve integer overflow.
We'll use this for integer overflows going forward.
BUG=382606
R=bo_xu@foxitsoftware.com, jschuh@chromium.org
Review URL: https://codereview.chromium.org/341533007
Diffstat (limited to 'fpdfsdk/src/javascript')
| -rw-r--r-- | fpdfsdk/src/javascript/Document.cpp | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/fpdfsdk/src/javascript/Document.cpp b/fpdfsdk/src/javascript/Document.cpp index 0a6acfaea7..2318d9b834 100644 --- a/fpdfsdk/src/javascript/Document.cpp +++ b/fpdfsdk/src/javascript/Document.cpp @@ -18,6 +18,8 @@ #include "../../include/javascript/Icon.h" #include "../../include/javascript/Field.h" +#include "../../../third_party/numerics/safe_math.h" + static v8::Isolate* GetIsolate(IFXJS_Context* cc) { CJS_Context* pContext = (CJS_Context *)cc; @@ -1425,16 +1427,17 @@ FX_BOOL Document::documentFileName(OBJ_PROP_PARAMS) CFX_WideString Document::ReversalStr(CFX_WideString cbFrom) { - wchar_t* pFrom = NULL; - int iLenth = cbFrom.GetLength(); - wchar_t* pResult = (wchar_t*)malloc((iLenth+1) * sizeof(wchar_t)); - memset(pResult, 0, (iLenth+1)); - pFrom = (wchar_t*)cbFrom.GetBuffer(iLenth); + size_t iLength = cbFrom.GetLength(); + base::CheckedNumeric<size_t> iSize = sizeof(wchar_t); + iSize *= (iLength + 1); + wchar_t* pResult = (wchar_t*)malloc(iSize.ValueOrDie()); + wchar_t* pFrom = (wchar_t*)cbFrom.GetBuffer(iLength); - for (int i = 0; i < iLenth; i++) + for (size_t i = 0; i < iLength; i++) { - pResult[i] = *(pFrom + iLenth - i - 1); + pResult[i] = *(pFrom + iLength - i - 1); } + pResult[iLength] = L'\0'; cbFrom.ReleaseBuffer(); CFX_WideString cbRet = CFX_WideString(pResult); @@ -1445,18 +1448,22 @@ CFX_WideString Document::ReversalStr(CFX_WideString cbFrom) CFX_WideString Document::CutString(CFX_WideString cbFrom) { - wchar_t* pFrom = NULL; - int iLenth = cbFrom.GetLength(); - wchar_t* pResult = (wchar_t*)malloc((iLenth+1) * sizeof(wchar_t)); - memset(pResult, 0, (iLenth+1)); - pFrom = (wchar_t*)cbFrom.GetBuffer(iLenth); + size_t iLength = cbFrom.GetLength(); + base::CheckedNumeric<size_t> iSize = sizeof(wchar_t); + iSize *= (iLength + 1); + wchar_t* pResult = (wchar_t*)malloc(iSize.ValueOrDie()); + wchar_t* pFrom = (wchar_t*)cbFrom.GetBuffer(iLength); - for (int i = 0; i < iLenth; i++) + for (int i = 0; i < iLength; i++) { if (pFrom[i] == L'\\' || pFrom[i] == L'/') + { + pResult[i] = L'\0'; break; + } pResult[i] = pFrom[i]; } + pResult[iLength] = L'\0'; cbFrom.ReleaseBuffer(); CFX_WideString cbRet = CFX_WideString(pResult); |