Do not walk off end of formcalc string

The fm2js code takes a pointer to the input string and then walks along that pointer. There are currently no checks to verify we haven't walked off the end of the pointer into random memory. If this happens, we can end up allocating large chunks of memory and copying random bits. BUG=chromium:721533 Change-Id: Ia61fe96c1ff9eb9ded63cf8326b7be44986bd9e1 Reviewed-on: https://pdfium-review.googlesource.com/5550 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
author: Dan Sinclair <dsinclair@chromium.org> 2017-05-16 11:45:23 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-05-16 16:00:10 +0000
commit: 2eef64cba5c8e08a9e625f4aba5a7fbdc8e62bad (patch)
tree: 38a70cf1d91fc56a64a4525c041447c203b07f49 /xfa/fxfa/fm2js/xfa_error.h
parent: 2a835b7b902bc0b61b1a3618f5c82b91571ecd72 (diff)
download: pdfium-2eef64cba5c8e08a9e625f4aba5a7fbdc8e62bad.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/xfa/fxfa/fm2js/xfa_error.h b/xfa/fxfa/fm2js/xfa_error.h
index b6621da440..27ed1879cf 100644
--- a/xfa/fxfa/fm2js/xfa_error.h
+++ b/xfa/fxfa/fm2js/xfa_error.h
@@ -18,6 +18,7 @@ extern const wchar_t kFMErrExpectedEndIf[];
 extern const wchar_t kFMErrUnexpectedExpression[];
 extern const wchar_t kFMErrExpectedNonEmptyExpression[];
 extern const wchar_t kFMErrLongAssignmentChain[];
+extern const wchar_t kFMErrEndOfInput[];
 
 class CXFA_FMErrorInfo {
  public:
author	Dan Sinclair <dsinclair@chromium.org>	2017-05-16 11:45:23 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-05-16 16:00:10 +0000
commit	2eef64cba5c8e08a9e625f4aba5a7fbdc8e62bad (patch)
tree	38a70cf1d91fc56a64a4525c041447c203b07f49 /xfa/fxfa/fm2js/xfa_error.h
parent	2a835b7b902bc0b61b1a3618f5c82b91571ecd72 (diff)
download	pdfium-2eef64cba5c8e08a9e625f4aba5a7fbdc8e62bad.tar.xz