diff options
-rw-r--r-- | core/include/fxcrt/fx_string.h | 20 | ||||
-rw-r--r-- | core/src/fxcrt/fx_basic_bstring.cpp | 6 | ||||
-rw-r--r-- | core/src/fxcrt/fx_basic_wstring.cpp | 5 |
3 files changed, 19 insertions, 12 deletions
diff --git a/core/include/fxcrt/fx_string.h b/core/include/fxcrt/fx_string.h index a7cf2e1c16..c98a77cfe1 100644 --- a/core/include/fxcrt/fx_string.h +++ b/core/include/fxcrt/fx_string.h @@ -7,6 +7,7 @@ #ifndef _FX_STRING_H_ #define _FX_STRING_H_ +#include <stdint.h> // For intptr_t. #include <algorithm> #include "fx_memory.h" @@ -168,14 +169,17 @@ private: typedef const CFX_ByteStringC& FX_BSTR; #define FX_BSTRC(str) CFX_ByteStringC(str, sizeof str-1) #define FXBSTR_ID(c1, c2, c3, c4) ((c1 << 24) | (c2 << 16) | (c3 << 8) | (c4)) -struct CFX_StringData { - - long m_nRefs; +// To ensure ref counts do not overflow, consider the worst possible case: +// the entire address space contains nothing but pointers to this object. +// Since the count increments with each new pointer, the largest value is +// the number of pointers that can fit into the address space. The size of +// the address space itself is a good upper bound on it; we need not go +// larger. +struct CFX_StringData { + intptr_t m_nRefs; // Would prefer ssize_t, but no windows support. FX_STRSIZE m_nDataLength; - FX_STRSIZE m_nAllocLength; - FX_CHAR m_String[1]; }; class CFX_ByteString @@ -586,13 +590,9 @@ private: typedef const CFX_WideStringC& FX_WSTR; #define FX_WSTRC(wstr) CFX_WideStringC(wstr, FX_ArraySize(wstr) - 1) struct CFX_StringDataW { - - long m_nRefs; - + intptr_t m_nRefs; // Would prefer ssize_t, but no windows support. FX_STRSIZE m_nDataLength; - FX_STRSIZE m_nAllocLength; - FX_WCHAR m_String[1]; }; class CFX_WideString diff --git a/core/src/fxcrt/fx_basic_bstring.cpp b/core/src/fxcrt/fx_basic_bstring.cpp index 2c8f7a766b..9cf084c2fb 100644 --- a/core/src/fxcrt/fx_basic_bstring.cpp +++ b/core/src/fxcrt/fx_basic_bstring.cpp @@ -4,6 +4,8 @@ // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com +#include <stddef.h> // For offsetof(). + #include "../../include/fxcrt/fx_basic.h" #include "../../../third_party/base/numerics/safe_math.h" @@ -53,7 +55,9 @@ static CFX_StringData* FX_AllocString(int nLen) return NULL; } - int overhead = sizeof(long) * 3 + 1; // 3 longs in header plus 1 for NUL. + // Fixed portion of header plus a NUL char not included in m_nAllocLength. + // sizeof(FX_CHAR) is always 1, used for consistency with CFX_Widestring. + int overhead = offsetof(CFX_StringData, m_String) + sizeof(FX_CHAR); pdfium::base::CheckedNumeric<int> nSize = nLen; nSize += overhead; diff --git a/core/src/fxcrt/fx_basic_wstring.cpp b/core/src/fxcrt/fx_basic_wstring.cpp index 42a7ad72a6..742f249e37 100644 --- a/core/src/fxcrt/fx_basic_wstring.cpp +++ b/core/src/fxcrt/fx_basic_wstring.cpp @@ -4,6 +4,8 @@ // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com +#include <stddef.h> // For offsetof(). + #include "../../include/fxcrt/fx_basic.h" #include "../../../third_party/base/numerics/safe_math.h" @@ -15,7 +17,8 @@ static CFX_StringDataW* FX_AllocStringW(int nLen) return NULL; } - int overhead = 3 * sizeof(long) + sizeof(FX_WCHAR); // +WCHAR is for NUL. + // Fixed portion of header plus a NUL wide char not in m_nAllocLength. + int overhead = offsetof(CFX_StringDataW, m_String) + sizeof(FX_WCHAR); pdfium::base::CheckedNumeric<int> iSize = nLen; iSize *= sizeof(FX_WCHAR); iSize += overhead; |