summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
Diffstat (limited to 'core')
-rw-r--r--core/include/fxcrt/fx_string.h20
-rw-r--r--core/src/fxcrt/fx_basic_bstring.cpp6
-rw-r--r--core/src/fxcrt/fx_basic_wstring.cpp5
3 files changed, 19 insertions, 12 deletions
diff --git a/core/include/fxcrt/fx_string.h b/core/include/fxcrt/fx_string.h
index a7cf2e1c16..c98a77cfe1 100644
--- a/core/include/fxcrt/fx_string.h
+++ b/core/include/fxcrt/fx_string.h
@@ -7,6 +7,7 @@
#ifndef _FX_STRING_H_
#define _FX_STRING_H_
+#include <stdint.h> // For intptr_t.
#include <algorithm>
#include "fx_memory.h"
@@ -168,14 +169,17 @@ private:
typedef const CFX_ByteStringC& FX_BSTR;
#define FX_BSTRC(str) CFX_ByteStringC(str, sizeof str-1)
#define FXBSTR_ID(c1, c2, c3, c4) ((c1 << 24) | (c2 << 16) | (c3 << 8) | (c4))
-struct CFX_StringData {
-
- long m_nRefs;
+// To ensure ref counts do not overflow, consider the worst possible case:
+// the entire address space contains nothing but pointers to this object.
+// Since the count increments with each new pointer, the largest value is
+// the number of pointers that can fit into the address space. The size of
+// the address space itself is a good upper bound on it; we need not go
+// larger.
+struct CFX_StringData {
+ intptr_t m_nRefs; // Would prefer ssize_t, but no windows support.
FX_STRSIZE m_nDataLength;
-
FX_STRSIZE m_nAllocLength;
-
FX_CHAR m_String[1];
};
class CFX_ByteString
@@ -586,13 +590,9 @@ private:
typedef const CFX_WideStringC& FX_WSTR;
#define FX_WSTRC(wstr) CFX_WideStringC(wstr, FX_ArraySize(wstr) - 1)
struct CFX_StringDataW {
-
- long m_nRefs;
-
+ intptr_t m_nRefs; // Would prefer ssize_t, but no windows support.
FX_STRSIZE m_nDataLength;
-
FX_STRSIZE m_nAllocLength;
-
FX_WCHAR m_String[1];
};
class CFX_WideString
diff --git a/core/src/fxcrt/fx_basic_bstring.cpp b/core/src/fxcrt/fx_basic_bstring.cpp
index 2c8f7a766b..9cf084c2fb 100644
--- a/core/src/fxcrt/fx_basic_bstring.cpp
+++ b/core/src/fxcrt/fx_basic_bstring.cpp
@@ -4,6 +4,8 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
+#include <stddef.h> // For offsetof().
+
#include "../../include/fxcrt/fx_basic.h"
#include "../../../third_party/base/numerics/safe_math.h"
@@ -53,7 +55,9 @@ static CFX_StringData* FX_AllocString(int nLen)
return NULL;
}
- int overhead = sizeof(long) * 3 + 1; // 3 longs in header plus 1 for NUL.
+ // Fixed portion of header plus a NUL char not included in m_nAllocLength.
+ // sizeof(FX_CHAR) is always 1, used for consistency with CFX_Widestring.
+ int overhead = offsetof(CFX_StringData, m_String) + sizeof(FX_CHAR);
pdfium::base::CheckedNumeric<int> nSize = nLen;
nSize += overhead;
diff --git a/core/src/fxcrt/fx_basic_wstring.cpp b/core/src/fxcrt/fx_basic_wstring.cpp
index 42a7ad72a6..742f249e37 100644
--- a/core/src/fxcrt/fx_basic_wstring.cpp
+++ b/core/src/fxcrt/fx_basic_wstring.cpp
@@ -4,6 +4,8 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
+#include <stddef.h> // For offsetof().
+
#include "../../include/fxcrt/fx_basic.h"
#include "../../../third_party/base/numerics/safe_math.h"
@@ -15,7 +17,8 @@ static CFX_StringDataW* FX_AllocStringW(int nLen)
return NULL;
}
- int overhead = 3 * sizeof(long) + sizeof(FX_WCHAR); // +WCHAR is for NUL.
+ // Fixed portion of header plus a NUL wide char not in m_nAllocLength.
+ int overhead = offsetof(CFX_StringDataW, m_String) + sizeof(FX_WCHAR);
pdfium::base::CheckedNumeric<int> iSize = nLen;
iSize *= sizeof(FX_WCHAR);
iSize += overhead;