summaryrefslogtreecommitdiff
path: root/xfa/fde/xml/fde_xml_imp_unittest.cpp
diff options
context:
space:
mode:
authordsinclair <dsinclair@chromium.org>2016-08-11 07:50:08 -0700
committerCommit bot <commit-bot@chromium.org>2016-08-11 07:50:08 -0700
commit22eeccb34f91f9932f7cec295bcaf641ba249e3a (patch)
tree9775d10c30ff05cabd4d8238a037d3865588ec94 /xfa/fde/xml/fde_xml_imp_unittest.cpp
parentb4d1b576bccb5ca6cebe29288af014bd0f512af1 (diff)
downloadpdfium-22eeccb34f91f9932f7cec295bcaf641ba249e3a.tar.xz
Guard against undefined shift.
This Cl fixes the CFDE_XMLSyntaxParser::ParseTextChar() to handle entities where the value goes negative. Currently this could cause an undefined-shift as due to the (ch << 4) calls. Instead, detect if the value has gone negative and return a space character. BUG=chromium:603489 Review-Url: https://codereview.chromium.org/2223823003
Diffstat (limited to 'xfa/fde/xml/fde_xml_imp_unittest.cpp')
-rw-r--r--xfa/fde/xml/fde_xml_imp_unittest.cpp123
1 files changed, 123 insertions, 0 deletions
diff --git a/xfa/fde/xml/fde_xml_imp_unittest.cpp b/xfa/fde/xml/fde_xml_imp_unittest.cpp
index 0db63e4965..03cc426d32 100644
--- a/xfa/fde/xml/fde_xml_imp_unittest.cpp
+++ b/xfa/fde/xml/fde_xml_imp_unittest.cpp
@@ -520,3 +520,126 @@ TEST(CFDE_XMLSyntaxParser, CommentTwoDash) {
EXPECT_EQ(FDE_XmlSyntaxResult::EndOfString, parser.DoSyntaxParse());
}
+
+TEST(CFDE_XMLSyntaxParser, Entities) {
+ const FX_WCHAR* input =
+ L"<script contentType=\"application/x-javascript\">"
+ L"&#66;"
+ L"&#x54;"
+ L"&#x00000000000000000048;"
+ L"&#x0000000000000000AB48;"
+ L"&#x0000000000000000000;"
+ L"</script>";
+
+ // We * sizeof(FX_WCHAR) because we pass in the uint8_t, not the FX_WCHAR.
+ size_t len = FXSYS_wcslen(input) * sizeof(FX_WCHAR);
+ std::unique_ptr<IFX_Stream> stream(IFX_Stream::CreateStream(
+ reinterpret_cast<uint8_t*>(const_cast<FX_WCHAR*>(input)), len, 0));
+ CFDE_XMLSyntaxParser parser;
+ parser.Init(stream.get(), 256);
+
+ CFX_WideString data;
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::ElementOpen, parser.DoSyntaxParse());
+ EXPECT_EQ(FDE_XmlSyntaxResult::TagName, parser.DoSyntaxParse());
+ parser.GetTagName(data);
+ EXPECT_EQ(L"script", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::AttriName, parser.DoSyntaxParse());
+ parser.GetAttributeName(data);
+ EXPECT_EQ(L"contentType", data);
+ EXPECT_EQ(FDE_XmlSyntaxResult::AttriValue, parser.DoSyntaxParse());
+ parser.GetAttributeValue(data);
+ EXPECT_EQ(L"application/x-javascript", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::ElementBreak, parser.DoSyntaxParse());
+ EXPECT_EQ(FDE_XmlSyntaxResult::Text, parser.DoSyntaxParse());
+ parser.GetTextData(data);
+ EXPECT_EQ(L"BTH\xab48", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::ElementClose, parser.DoSyntaxParse());
+ parser.GetTagName(data);
+ EXPECT_EQ(L"script", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::EndOfString, parser.DoSyntaxParse());
+}
+
+TEST(CFDE_XMLSyntaxParser, EntityOverflowHex) {
+ const FX_WCHAR* input =
+ L"<script contentType=\"application/x-javascript\">"
+ L"&#xaDBDFFFFF;"
+ L"&#xafffffffffffffffffffffffffffffffff;"
+ L"</script>";
+
+ // We * sizeof(FX_WCHAR) because we pass in the uint8_t, not the FX_WCHAR.
+ size_t len = FXSYS_wcslen(input) * sizeof(FX_WCHAR);
+ std::unique_ptr<IFX_Stream> stream(IFX_Stream::CreateStream(
+ reinterpret_cast<uint8_t*>(const_cast<FX_WCHAR*>(input)), len, 0));
+ CFDE_XMLSyntaxParser parser;
+ parser.Init(stream.get(), 256);
+
+ CFX_WideString data;
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::ElementOpen, parser.DoSyntaxParse());
+ EXPECT_EQ(FDE_XmlSyntaxResult::TagName, parser.DoSyntaxParse());
+ parser.GetTagName(data);
+ EXPECT_EQ(L"script", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::AttriName, parser.DoSyntaxParse());
+ parser.GetAttributeName(data);
+ EXPECT_EQ(L"contentType", data);
+ EXPECT_EQ(FDE_XmlSyntaxResult::AttriValue, parser.DoSyntaxParse());
+ parser.GetAttributeValue(data);
+ EXPECT_EQ(L"application/x-javascript", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::ElementBreak, parser.DoSyntaxParse());
+ EXPECT_EQ(FDE_XmlSyntaxResult::Text, parser.DoSyntaxParse());
+ parser.GetTextData(data);
+ EXPECT_EQ(L" ", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::ElementClose, parser.DoSyntaxParse());
+ parser.GetTagName(data);
+ EXPECT_EQ(L"script", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::EndOfString, parser.DoSyntaxParse());
+}
+
+TEST(CFDE_XMLSyntaxParser, EntityOverflowDecimal) {
+ const FX_WCHAR* input =
+ L"<script contentType=\"application/x-javascript\">"
+ L"&#2914910205;"
+ L"&#29149102052342342134521341234512351234213452315;"
+ L"</script>";
+
+ // We * sizeof(FX_WCHAR) because we pass in the uint8_t, not the FX_WCHAR.
+ size_t len = FXSYS_wcslen(input) * sizeof(FX_WCHAR);
+ std::unique_ptr<IFX_Stream> stream(IFX_Stream::CreateStream(
+ reinterpret_cast<uint8_t*>(const_cast<FX_WCHAR*>(input)), len, 0));
+ CFDE_XMLSyntaxParser parser;
+ parser.Init(stream.get(), 256);
+
+ CFX_WideString data;
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::ElementOpen, parser.DoSyntaxParse());
+ EXPECT_EQ(FDE_XmlSyntaxResult::TagName, parser.DoSyntaxParse());
+ parser.GetTagName(data);
+ EXPECT_EQ(L"script", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::AttriName, parser.DoSyntaxParse());
+ parser.GetAttributeName(data);
+ EXPECT_EQ(L"contentType", data);
+ EXPECT_EQ(FDE_XmlSyntaxResult::AttriValue, parser.DoSyntaxParse());
+ parser.GetAttributeValue(data);
+ EXPECT_EQ(L"application/x-javascript", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::ElementBreak, parser.DoSyntaxParse());
+ EXPECT_EQ(FDE_XmlSyntaxResult::Text, parser.DoSyntaxParse());
+ parser.GetTextData(data);
+ EXPECT_EQ(L" ", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::ElementClose, parser.DoSyntaxParse());
+ parser.GetTagName(data);
+ EXPECT_EQ(L"script", data);
+
+ EXPECT_EQ(FDE_XmlSyntaxResult::EndOfString, parser.DoSyntaxParse());
+}