diff options
-rw-r--r-- | fxjs/cfxjse_formcalc_context.cpp | 7 | ||||
-rw-r--r-- | fxjs/cfxjse_formcalc_context_embeddertest.cpp | 10 |
2 files changed, 11 insertions, 6 deletions
diff --git a/fxjs/cfxjse_formcalc_context.cpp b/fxjs/cfxjse_formcalc_context.cpp index 3ed8a78da3..15401a010e 100644 --- a/fxjs/cfxjse_formcalc_context.cpp +++ b/fxjs/cfxjse_formcalc_context.cpp @@ -3891,17 +3891,12 @@ void CFXJSE_FormCalcContext::Lower(CFXJSE_Value* pThis, CFX_WideTextBuf lowStringBuf; ByteString argString = ValueToUTF8String(argOne.get()); WideString wsArgString = WideString::FromUTF8(argString.AsStringView()); - const wchar_t* pData = wsArgString.c_str(); - size_t i = 0; - while (i < argString.GetLength()) { - int32_t ch = pData[i]; + for (auto ch : wsArgString) { if ((ch >= 0x41 && ch <= 0x5A) || (ch >= 0xC0 && ch <= 0xDE)) ch += 32; else if (ch == 0x100 || ch == 0x102 || ch == 0x104) ch += 1; - lowStringBuf.AppendChar(ch); - ++i; } lowStringBuf.AppendChar(0); diff --git a/fxjs/cfxjse_formcalc_context_embeddertest.cpp b/fxjs/cfxjse_formcalc_context_embeddertest.cpp index 58cb34b6d9..22e6b25afc 100644 --- a/fxjs/cfxjse_formcalc_context_embeddertest.cpp +++ b/fxjs/cfxjse_formcalc_context_embeddertest.cpp @@ -1176,6 +1176,16 @@ TEST_F(CFXJSE_FormCalcContextEmbedderTest, Lower) { } } +// This is testing for an OOB read, so will likely only fail under ASAN. +TEST_F(CFXJSE_FormCalcContextEmbedderTest, bug_854623) { + ASSERT_TRUE(OpenDocument("simple_xfa.pdf")); + + const uint8_t test_string[] = { + 0x4c, 0x6f, 0x77, 0x65, 0x72, 0x28, 0x22, 0xc3, + 0x85, 0xc3, 0x85, 0xc3, 0x85, 0x22, 0x29}; // Lower("ÅÅÅ") + Execute(ByteString(test_string, sizeof(test_string)).AsStringView()); +} + TEST_F(CFXJSE_FormCalcContextEmbedderTest, Ltrim) { ASSERT_TRUE(OpenDocument("simple_xfa.pdf")); |