summaryrefslogtreecommitdiff
path: root/xfa/fxfa/fm2js
AgeCommit message (Collapse)Author
2017-08-11Add checks of index operations on string classesRyan Harrison
Specifically the index parameter passed in to GetAt(), SetAt() and operator[] are now being tested to be in bounds. BUG=chromium:752480, pdfium:828 Change-Id: I9e94d58c98a8eaaaae53cd0e3ffe2123ea17d8c4 Reviewed-on: https://pdfium-review.googlesource.com/10651 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-01Replace raw value for constant error value in string operationsRyan Harrison
Currently Find() and other methods that return a FX_STRSIZE return -1 to indicate error/failure. This means that there is a lot of magic numbers and magic checks floating around. The standard library for similar operations uses a npos constant. This CL implements FX_STRNPOS, and replaces usages of magic number checking. It also does some type cleanup along the way where it was obvious that FX_STRSIZE should be being used. Removing the magic numbers should make eventually changing FX_STRSIZE to be unsigned easier in the future. BUG=pdfium:828 Change-Id: I67e481e44cf2f75a1698afa8fbee4f375a74c490 Reviewed-on: https://pdfium-review.googlesource.com/9651 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-31Remove null derefence case caught by fuzzersRyan Harrison
This change also removes some variable shadowing that was going on here. BUG=chromium:750013 Change-Id: I7314166af3ecd55ea5e1105afbe171443b1b22ae Reviewed-on: https://pdfium-review.googlesource.com/9630 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-28Convert calls to Mid() to Left() or Right() if possibleRyan Harrison
The various string/byte classes support Mid(), Left(), and Right() for extracting substrings. Mid() can handle all possible cases, but Left() and Right() are useful for common cases and more explicit about what is going on. Calls like Mid(offset, length - offset) can be converted to Right(length - offset). Calls like Mid(0, length) can be converted to Left(length). If the substring being extracted does not extend all the way to one of the edges of the string, then Mid() still needs to be used. BUG=pdfium:828 Change-Id: I2ec46ad3d71aac0f7b513e103c69cbe8c854cf62 Reviewed-on: https://pdfium-review.googlesource.com/9510 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-27Remove single param Mid() method from string classesRyan Harrison
This support is being removed from CFX_ByteString, CFX_ByteStringC, CFX_WideString, and CFX_WideStringC. This standardizes all of these classes to only have one Mid method that takes in 2 params, offset and count. Count now must be positive. The old behaviour of calculating the length for the user if -1 is passed in for the count has been removed. This work is in preperation for converting these classes to not accept negative lengths anywhere and thus make the underlying size type unsigned. BUG=pdfium:828 Change-Id: I5f15e7b7b00b264231817f143e2da88ee6f69e7b Reviewed-on: https://pdfium-review.googlesource.com/9430 Reviewed-by: (OOO Jul 28 - Aug 8) dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-27Move CXFA_FMParse to CFXA_FMParserRyan Harrison
Minor nit I had with this code and want to fix. Bug: Change-Id: I2494667d580bf982a4359153123d9e8afb75e349 Reviewed-on: https://pdfium-review.googlesource.com/9370 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: (OOO Jul 28 - Aug 8) dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-27Remove CFX_ByteTextBuf from cxfa_fm2jscontext.cppHenrique Nakashima
Bug: pdfium:731 Change-Id: I3b7e4e88d44afcb8590ce4b7e7de7c0eccdc623a Reviewed-on: https://pdfium-review.googlesource.com/7350 Reviewed-by: (OOO Jul 28 - Aug 8) dsinclair <dsinclair@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-07-27Remove 0 from the valid FormCalc charactersRyan Harrison
0 is not actually in the spec for characters and was only included due quirks in how the lexing code was written. Due to changes in the lexer, it is no longer needed and a potential source of errors. Bug: Change-Id: I6fbba027e40aaa286ed4c89a6c569d26e3d4cd8b Reviewed-on: https://pdfium-review.googlesource.com/9350 Reviewed-by: (OOO Jul 28 - Aug 8) dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-27Refactor whitespace lexing to be explicitRyan Harrison
Removed 'case 0xf00:' to either be the character being checked or moved to a IsWhitespaceCharacter() check. BUG=pdfium:815 Change-Id: I34727a00f6d54ecf8de2f9e4eb785b3c10b6c521 Reviewed-on: https://pdfium-review.googlesource.com/9310 Reviewed-by: (OOO Jul 28 - Aug 8) dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-27Rewrite FMLexer to use nullptr for errorsRyan Harrison
This CL rewrites how FMLexer returns errors, instead of having a flag that gets flipped and needs to be checked, it now returns nullptr for NextToken() when an error occurs. The Lexer's behaviour has also been changed to only return nullptr once an error has occurred, instead of advancing the lexing on further calls. FMParse now checks the returned value from the lexer instead of testing the error flag on the parser object. For any operation that might cause the error state of the parser to change, i.e. consuming a token, an error check has been added. In the event this check fails the related function returns nullptr. This will cause the parse to short circuit and exit. BUG=pdfium:814 Change-Id: I669012c4732c18d13009be7cd7bf1ae682950904 Reviewed-on: https://pdfium-review.googlesource.com/8950 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: (OOO Jul 28 - Aug 8) dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-27Add conversion from FMTokens to stringsRyan Harrison
This is to aid with debugging, since the getting things like the type is a pain due to it being a enum. Bug: Change-Id: I89bae7103b476d7fd09ba78699367a1a413ee700 Reviewed-on: https://pdfium-review.googlesource.com/9190 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-27Removed unused helper functionRyan Harrison
XFA_FM_KeywordToString is no longer used, and there are no plans to use it in the future, so should be removed. Bug: Change-Id: I44652a40f6396b25262f840c42036fb00a14aca1 Reviewed-on: https://pdfium-review.googlesource.com/9210 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-25Clean up data passing in FormCalc Lexerchromium/3167Ryan Harrison
This CL removes the pattern used in the lexer of passing the lexing member variables around as args to methods. Instead it uses the fact that they are member variables in the methods. This CL also includes renaming of variable and function names to remove unneeded details or make them more precise. BUG=pdfium:814 Change-Id: Id4c592338db9ff462835314252d39ab3b4b2b2ab Reviewed-on: https://pdfium-review.googlesource.com/8850 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-24Rename FMLexer methods to be more descriptiveRyan Harrison
The existing methods had either very bare passive or in some cases misleading names, so this CL changes them active names that describe what they do. This also extracts the IsKeyword method into a helper function since it is actually static. BUG=pdfium:816 Change-Id: I47a113bc9ea8d88a77822a4441266ec56e6b4cbc Reviewed-on: https://pdfium-review.googlesource.com/8730 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-24Remove extracting characters from inputRyan Harrison
Throughout the lexer there is use of a pattern where a character is extracted from the location currently being pointed at in the input and tests are done on this value. This is uneeded, since normally the pointer isn't being modified while the character is stored, so the pointer can be dereferenced directly. This CL also cleans ups the implementation of string extraction from the input to be easier to read, since it did depend on the character being extracted to work. The IsFooCharacter methods are also changed to take in a character instead of a pointer, since they are only testing the character value not the pointer. BUG=pdfium:814 Change-Id: I8eda01e0af59ff1f6c6e97d6fb504856c7a08a24 Reviewed-on: https://pdfium-review.googlesource.com/8690 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-24Move xfa/fxfa/app to xfa/fxfachromium/3166Dan Sinclair
There currently exists a weird split where some files exist in xfa/fxfa and some files exist in xfa/fxfa/app. This CL removes the app/ folder and moves all files up to the parent directory. Change-Id: I00c87851a1ebc5a7a636eb9a17b58ba3f1708a84 Reviewed-on: https://pdfium-review.googlesource.com/8810 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-07-19Rename StringCs c_str() to unterminated_c_str().Tom Sepez
Since there is no guarantee of termination if the StringC was extracted from a snippet of another string. Make it more obvious that things like strlen(str.unterminated_c_str()) might be a bad idea. Change-Id: I7832248ed89ebbddf5c0bcd402aac7d40ec2adc2 Reviewed-on: https://pdfium-review.googlesource.com/8170 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-07-18Correct lexer handling of FormCalc identifiersRyan Harrison
This makes the lexer stricter on valid characters for identifiers, and conform to the grammar in the FormCalc spec. This should remove a class of inputs that ClusterFuzz is attempting that are breaking later stages of the transpile. BUG: chromium:736234, pdfium:783, pdfium:784 Change-Id: I3987d6778a82b71d768fa751035993c0af2577ee Reviewed-on: https://pdfium-review.googlesource.com/8010 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-07Remove a static initializer introduced in commit 573b10a.Lei Zhang
Change-Id: Ic81df89078241c75ae2da6309b22022ba225100f Reviewed-on: https://pdfium-review.googlesource.com/7370 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-07-05Extract comparison functions from std::lower_bound argsRyan Harrison
Cleanup of code I changed earlier last week, to match the style recommended in later reviews and make it more readable. BUG=pdfium:786 Change-Id: I2ff8b980a229718e389ad1a8063bd5059aedb66c Reviewed-on: https://pdfium-review.googlesource.com/7212 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-04Removed hand rolled bsearch from IsKeyword methodRyan Harrison
BUG=pdfium:786 Change-Id: I7a852566cdde301ee896c12d9d29043047c31ad4 Reviewed-on: https://pdfium-review.googlesource.com/7211 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-06-30Remove hand rolled bsearch from HTMLSTR2CodeRyan Harrison
BUG=pdfium:786 Change-Id: I0779dccb6db0e6ea3933279914153ef7961d9a5b Reviewed-on: https://pdfium-review.googlesource.com/7152 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-06-30Remove hand rolled bsearch from HTMLCode2STRRyan Harrison
BUG=pdfium:786 Change-Id: I84f4012b5225f81df604fcc6e0836ac5d19f1414 Reviewed-on: https://pdfium-review.googlesource.com/7153 Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-06-29Cleaning up SomMethod handling in fm2jsRyan Harrison
Removing hand rolled hash table and binrary search. BUG=pdfium:786 Change-Id: Iac18f02c9f560f484b974762474dbb51597d2353 Reviewed-on: https://pdfium-review.googlesource.com/7092 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-06-29Cleanup call expression handling in fm2jsRyan Harrison
Remove handling of arbitrary function calls, and only allow supported function calls. Issues with the lexer being overly permissive led to large blobs of javascript being dropped into the output. Specifically driver code was assuming that anything marked as a function would just be an identifier that could be inserted into the javascript, but the lexer marks things like ()()() as a function, which would lead to the following JS being inserted as an identifier. This change is intended to be a patch for the specific issue that was being seen from the fuzzer test, and further work will be needed to make the lexer more strict. BUG=724913 TEST=Ran fuzzer test case. Ran unittests,embeddertests,corpustests. Change-Id: Ib7d9239bf6fece853bea0f4915ee4ad72d3cd290 Reviewed-on: https://pdfium-review.googlesource.com/7032 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-06-28XFA: Add test to show Oneof() works correctly.Lei Zhang
The new embedder test shows Oneof() works, whereas the corpus test does not. It turns out the corpus test was bad, and trying to fix it exposed a different bug. So roll DEPS for the testing corpus anyway to get improved tests, but keep the suppression for now. BUG=pdfium:781 Change-Id: I3cc6b9a414384c917f205eff064c5dd2175d09fe Reviewed-on: https://pdfium-review.googlesource.com/6973 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-06-14Fix bad format string in CXFA_FM2JSContext.Lei Zhang
PDFium's vswprintf() is based on the win32 version to be consistent across platforms. On Windows, %s has different meanings depending on whether the printf() variant is wide or not. BUG=chromium:732533 Change-Id: I7437ecd253da1234728c1e0897f02b7f907aada8 Reviewed-on: https://pdfium-review.googlesource.com/6550 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-06-02Prevent OOB access in CXFA_FM2JSContext::IsIsoTimeFormat().Lei Zhang
Change-Id: I3fe0460f3a4cfd7d48ccfc79d0256fc83d7fbac8 Reviewed-on: https://pdfium-review.googlesource.com/6235 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-06-01Tag CFXJSE_HostObject sub-classes.Tom Sepez
CXFA_FM2JSContext and CXFA_Object both subclass CFXJSE_HostObject. When a CFXJSE_HostObject is obtained from an opaque pointer inside a V8 object internal slot, there is no way to distinguish one from the other. Bug: 728158 Change-Id: Iabc648e8b7226e2819d8795227442c3f6c61a793 Reviewed-on: https://pdfium-review.googlesource.com/6211 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-25Split apart remaining xfa/fxfa/app filesDan Sinclair
This CL splits the remaining files in xfa/fxfa/app into individual files named after the classes. Change-Id: I84bd8938937641bb6897614ed15558a2682f456c Reviewed-on: https://pdfium-review.googlesource.com/6010 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-25Mass conversion of all const-lifetime class membersTom Sepez
Sed + minimal conversions to compile, including moving some constructors into the .cpp file. Any that caused ASAN issues during the tests were omitted rather than trying to resolve the underlying issue. Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335 Reviewed-on: https://pdfium-review.googlesource.com/5891 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Fix FM2JSContext Round return typeDan Sinclair
This Cl fixes the return type of the Round method to return a double instead of a string. Change-Id: I740e375bdedfe22cb9f81d4beeaa079eac64b1bd Reviewed-on: https://pdfium-review.googlesource.com/5896 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-25Enable remaining boolean FM2JSContext testsdan sinclair
This CL updates the return type of the remaining boolean tests to be Integer and enables the tests. Change-Id: Ie2856ad31d17ffb496f33e6969912d0aae9678c5 Reviewed-on: https://pdfium-review.googlesource.com/5895 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-25Enable the FM2JSContext Exists testdan sinclair
This Cl fixes the Exists test of FM2JSContext to handle the return type of Integer instead of Boolean. Change-Id: I51c43e22eff5330de5ab5e63a925006af483f0ab Reviewed-on: https://pdfium-review.googlesource.com/5894 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-25Enable FM2JSContext Choose testsdan sinclair
This Cl enables the Choose tests for FM2JSContext. The Choose tests always return a String. Change-Id: I29b3ce4ed38f94886c6036f3766182fecb6e787b Reviewed-on: https://pdfium-review.googlesource.com/5893 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-25Enable most FM2JSContext boolean testsdan sinclair
This CL enables most of the FM2JSContext boolean tests. The return type is updated to Integer from Boolean. Change-Id: Ie3f665bd23a86e843cadb2ae8963767466bd1714 Reviewed-on: https://pdfium-review.googlesource.com/5892 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-24More FM2JSContext testsDan Sinclair
This CL adds tests for the FormCalc methods that don't require passing in a formcalc object reference. Change-Id: Ica6f15704cce525d38d25a27d1628089d2fc5a5a Reviewed-on: https://pdfium-review.googlesource.com/5691 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-23Use NOTREACHED() in more places.Lei Zhang
Change-Id: I88466943171f19259f84add69679741d44c8e123 Reviewed-on: https://pdfium-review.googlesource.com/5551 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-18Use UnownedPtr to check CFX_*StringC lifetimeschromium/3104Tom Sepez
Change interform to avoid temp StringC with dangling ptr. Change-Id: I8d8659973bcdf2cdbcaa6efa6012e4acce5f1604 Reviewed-on: https://pdfium-review.googlesource.com/5571 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-18Adding fm2js embedder testsDan Sinclair
This Cl adds the basis of the test framework to execute the javascript produced by CXFA_FM2JSContext and verify the results are correct. Change-Id: Ie46625b7e27ca0808e9cc41fdc00b7c0a212837d Reviewed-on: https://pdfium-review.googlesource.com/5651 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-18Remove CXFA_FMErrorInfodan sinclair
This Cl removes the CXFA_FMErrorInfo class. The message was never output, just used as a flag to determine if there was an error. The class has been replaced with a boolean. Change-Id: I1cde99ce6957f5f8c6be0755a198d80ec8378b3a Reviewed-on: https://pdfium-review.googlesource.com/5653 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-17Shorten internal JS prefixes.Dan Sinclair
This Cl shortens the prefix applied in JavaScript to reduce the size of the generated JavaScript string. Change-Id: Ica5d02cc89b17140ba42deae72484cd159f8e3e5 Reviewed-on: https://pdfium-review.googlesource.com/5590 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-17Adding CXFA_Parse unittestsDan Sinclair
This CL adds the beginning of unittests for the CXFA_Parse code. Change-Id: I06e556f1a35405bc683c536d390071917ee330a6 Reviewed-on: https://pdfium-review.googlesource.com/5556 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-17Rename formcalc files to better match contentsDan Sinclair
Most files match the contents. The expression files are named to match their base type even though they contain all the expression subclasses. Change-Id: I3b7705c7b206a9fa1afae8b677f765e8b788e84d Reviewed-on: https://pdfium-review.googlesource.com/5492 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-16Handle when XFA parser error handlers cannot format error messages.Lei Zhang
Limit the length of error messages to avoid string formatting failure. Simplify some CXFA_FMParse error handling code too. BUG=chromium:708428 Change-Id: I2f5fdb61349a90b3ba681dcc04a26ce0d7f2bdda Reviewed-on: https://pdfium-review.googlesource.com/5331 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-16Add formcalc lexer tests.Dan Sinclair
This CL adds tests for CXFA_FMLexer. Change-Id: I4cb7000212dda6d2b32211005a1c22deabb813ae Reviewed-on: https://pdfium-review.googlesource.com/5554 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-16Update formcalc return typesDan Sinclair
Update return types to be bools instead of ints. Make some methods private. Change-Id: I5d55c48a861f90e9bd116ef835c11cdb515002a6 Reviewed-on: https://pdfium-review.googlesource.com/5553 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-16Do not walk off end of formcalc stringDan Sinclair
The fm2js code takes a pointer to the input string and then walks along that pointer. There are currently no checks to verify we haven't walked off the end of the pointer into random memory. If this happens, we can end up allocating large chunks of memory and copying random bits. BUG=chromium:721533 Change-Id: Ia61fe96c1ff9eb9ded63cf8326b7be44986bd9e1 Reviewed-on: https://pdfium-review.googlesource.com/5550 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-16Minor xfa_lexer.cpp cleanupDan Sinclair
Remove the inc/dec/get methods that aren't helpful. Change methods to return void instead of uint32_t and make sure they set the proper error messages. Change-Id: I741316e7990a776d528625f34fd941316c524c15 Reviewed-on: https://pdfium-review.googlesource.com/5530 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-15Return unique_ptr from xfa lexer Scan() methodTom Sepez
Change-Id: I7586194b59d2c8e28fc24b698ea93f4a2ab636e2 Reviewed-on: https://pdfium-review.googlesource.com/5474 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>