diff options
| -rw-r--r-- | BUILD.gn | 1 | ||||
| -rw-r--r-- | pdfium.gyp | 1 | ||||
| -rw-r--r-- | xfa/fxfa/fm2js/xfa_simpleexpression.cpp | 5 | ||||
| -rw-r--r-- | xfa/fxfa/fm2js/xfa_simpleexpression_unittest.cpp | 42 |
4 files changed, 48 insertions, 1 deletions
@@ -1578,6 +1578,7 @@ test("pdfium_unittests") { "xfa/fde/xml/fde_xml_imp_unittest.cpp", "xfa/fxbarcode/pdf417/BC_PDF417HighLevelEncoder_unittest.cpp", "xfa/fxfa/app/xfa_textlayout_unittest.cpp", + "xfa/fxfa/fm2js/xfa_simpleexpression_unittest.cpp", "xfa/fxfa/parser/xfa_utils_unittest.cpp", ] } diff --git a/pdfium.gyp b/pdfium.gyp index 61890e81cd..26f46edba9 100644 --- a/pdfium.gyp +++ b/pdfium.gyp @@ -949,6 +949,7 @@ 'xfa/fde/xml/fde_xml_imp_unittest.cpp', 'xfa/fxbarcode/pdf417/BC_PDF417HighLevelEncoder_unittest.cpp', 'xfa/fxfa/app/xfa_textlayout_unittest.cpp', + 'xfa/fxfa/fm2js/xfa_simpleexpression_unittest.cpp', 'xfa/fxfa/parser/xfa_utils_unittest.cpp', ], }], diff --git a/xfa/fxfa/fm2js/xfa_simpleexpression.cpp b/xfa/fxfa/fm2js/xfa_simpleexpression.cpp index 47bb9df235..a7a88ec30a 100644 --- a/xfa/fxfa/fm2js/xfa_simpleexpression.cpp +++ b/xfa/fxfa/fm2js/xfa_simpleexpression.cpp @@ -541,7 +541,10 @@ void CXFA_FMCallExpression::ToJavaScript(CFX_WideTextBuf& javascript) { uint32_t methodPara = IsMethodWithObjParam(funcName.AsStringC()); if (methodPara > 0) { for (int i = 0; i < m_pArguments->GetSize(); ++i) { - if ((methodPara & (0x01 << i)) > 0) { + // Currently none of our expressions use objects for a parameter over + // the 6th. Make sure we don't overflow the shift when doing this + // check. If we ever need more the 32 object params we can revisit. + if (i < 32 && (methodPara & (0x01 << i)) > 0) { javascript << gs_lpStrExpFuncName[GETFMJSOBJ]; } else { javascript << gs_lpStrExpFuncName[GETFMVALUE]; diff --git a/xfa/fxfa/fm2js/xfa_simpleexpression_unittest.cpp b/xfa/fxfa/fm2js/xfa_simpleexpression_unittest.cpp new file mode 100644 index 0000000000..171922aecd --- /dev/null +++ b/xfa/fxfa/fm2js/xfa_simpleexpression_unittest.cpp @@ -0,0 +1,42 @@ +// Copyright 2016 PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "xfa/fxfa/fm2js/xfa_simpleexpression.h" + +#include <memory> + +#include "testing/gtest/include/gtest/gtest.h" +#include "xfa/fxfa/fm2js/xfa_lexer.h" + +TEST(FMCallExpression, more_than_32_arguments) { + // Use sign as it has 3 object parameters at positions 0, 5, and 6. + std::unique_ptr<CXFA_FMIdentifierExpressionn> exp( + new CXFA_FMIdentifierExpressionn(0, CFX_WideStringC(L"sign"))); + + std::unique_ptr<CFX_ArrayTemplate<CXFA_FMSimpleExpression*>> args( + new CFX_ArrayTemplate<CXFA_FMSimpleExpression*>()); + for (size_t i = 0; i < 50; i++) + args->Add(new CXFA_FMSimpleExpression(0, TOKnan)); + + CXFA_FMCallExpression callExp(0, exp.release(), args.release(), TRUE); + CFX_WideTextBuf js; + callExp.ToJavaScript(js); + + // Generate the result javascript string. + CFX_WideString result = L"sign("; + for (size_t i = 0; i < 50; i++) { + if (i > 0) + result += L", "; + + result += L"foxit_xfa_formcalc_runtime.get_fm_"; + // Object positions for sign() method. + if (i == 0 || i == 5 || i == 6) + result += L"jsobj()"; + else + result += L"value()"; + } + result += L")"; + + EXPECT_EQ(result.AsStringC(), js.AsStringC()); +} |