From 23a5d7ea73f11ffac00239305e67c1bb46409878 Mon Sep 17 00:00:00 2001
From: Dan Sinclair <dsinclair@chromium.org>
Date: Tue, 14 Mar 2017 15:01:29 -0400
Subject: Convert CPDF_Creator::m_Pos to uint32_t

Currently m_Pos is a FX_POSITION. The value stored into the void* is
typically a uint32_t. We sometimes read that uint32_t value as a size_t
to compare against vector lengths. This Cl converts all usages to be
uint32_t and uses pdfium::CollectionSize to get the correct typed vector
size.

Change-Id: I5f452817ab6049e03477945e4622c6911c89f877
Reviewed-on: https://pdfium-review.googlesource.com/3032
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
---
 core/fpdfapi/edit/cpdf_creator.h       |  3 +-
 core/fpdfapi/edit/fpdf_edit_create.cpp | 52 +++++++++++++++++-----------------
 2 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/core/fpdfapi/edit/cpdf_creator.h b/core/fpdfapi/edit/cpdf_creator.h
index 0840e4b7a6..ba5a7439fa 100644
--- a/core/fpdfapi/edit/cpdf_creator.h
+++ b/core/fpdfapi/edit/cpdf_creator.h
@@ -90,9 +90,10 @@ class CPDF_Creator {
   uint32_t m_dwLastObjNum;
   CFX_FileBufferArchive m_File;
   FX_FILESIZE m_Offset;
+  FX_FILESIZE m_SavedOffset;
   int32_t m_iStage;
   uint32_t m_dwFlags;
-  FX_POSITION m_Pos;
+  uint32_t m_CurObjNum;
   FX_FILESIZE m_XrefStart;
   CFX_FileSizeListArray m_ObjectOffset;
   std::vector<uint32_t> m_NewObjNumArray;  // Sorted, ascending.
diff --git a/core/fpdfapi/edit/fpdf_edit_create.cpp b/core/fpdfapi/edit/fpdf_edit_create.cpp
index 75d6765927..1184e758f0 100644
--- a/core/fpdfapi/edit/fpdf_edit_create.cpp
+++ b/core/fpdfapi/edit/fpdf_edit_create.cpp
@@ -889,9 +889,10 @@ CPDF_Creator::CPDF_Creator(CPDF_Document* pDoc)
       m_ObjectStreamSize(200),
       m_dwLastObjNum(m_pDocument->GetLastObjNum()),
       m_Offset(0),
+      m_SavedOffset(0),
       m_iStage(-1),
       m_dwFlags(0),
-      m_Pos(nullptr),
+      m_CurObjNum(0),
       m_XrefStart(0),
       m_pIDArray(nullptr),
       m_FileVersion(0) {}
@@ -1297,8 +1298,7 @@ int32_t CPDF_Creator::WriteOldObjs(IFX_Pause* pPause) {
   if (!m_pParser->IsValidObjectNumber(nLastObjNum))
     return 0;
 
-  uint32_t objnum = (uint32_t)(uintptr_t)m_Pos;
-  for (; objnum <= nLastObjNum; ++objnum) {
+  for (uint32_t objnum = m_CurObjNum; objnum <= nLastObjNum; ++objnum) {
     int32_t iRet = WriteOldIndirectObject(objnum);
     if (iRet < 0)
       return iRet;
@@ -1307,7 +1307,7 @@ int32_t CPDF_Creator::WriteOldObjs(IFX_Pause* pPause) {
       continue;
 
     if (pPause && pPause->NeedToPauseNow()) {
-      m_Pos = (void*)(uintptr_t)(objnum + 1);
+      m_CurObjNum = objnum + 1;
       return 1;
     }
   }
@@ -1315,8 +1315,8 @@ int32_t CPDF_Creator::WriteOldObjs(IFX_Pause* pPause) {
 }
 
 int32_t CPDF_Creator::WriteNewObjs(bool bIncremental, IFX_Pause* pPause) {
-  size_t iCount = m_NewObjNumArray.size();
-  size_t index = (size_t)(uintptr_t)m_Pos;
+  uint32_t iCount = pdfium::CollectionSize<uint32_t>(m_NewObjNumArray);
+  uint32_t index = m_CurObjNum;
   while (index < iCount) {
     uint32_t objnum = m_NewObjNumArray[index];
     CPDF_Object* pObj = m_pDocument->GetIndirectObject(objnum);
@@ -1330,7 +1330,7 @@ int32_t CPDF_Creator::WriteNewObjs(bool bIncremental, IFX_Pause* pPause) {
 
     index++;
     if (pPause && pPause->NeedToPauseNow()) {
-      m_Pos = (FX_POSITION)(uintptr_t)index;
+      m_CurObjNum = index;
       return 1;
     }
   }
@@ -1338,9 +1338,9 @@ int32_t CPDF_Creator::WriteNewObjs(bool bIncremental, IFX_Pause* pPause) {
 }
 
 void CPDF_Creator::InitOldObjNumOffsets() {
-  if (!m_pParser) {
+  if (!m_pParser)
     return;
-  }
+
   uint32_t j = 0;
   uint32_t dwStart = 0;
   uint32_t dwEnd = m_pParser->GetLastObjNum();
@@ -1468,27 +1468,26 @@ int32_t CPDF_Creator::WriteDoc_Stage1(IFX_Pause* pPause) {
       CFX_RetainPtr<IFX_SeekableReadStream> pSrcFile =
           m_pParser->GetFileAccess();
       m_Offset = pSrcFile->GetSize();
-      m_Pos = (void*)(uintptr_t)m_Offset;
+      m_SavedOffset = m_Offset;
       m_iStage = 15;
     }
   }
   if (m_iStage == 15) {
-    if ((m_dwFlags & FPDFCREATE_NO_ORIGINAL) == 0 && m_Pos) {
+    if ((m_dwFlags & FPDFCREATE_NO_ORIGINAL) == 0 && m_SavedOffset > 0) {
       CFX_RetainPtr<IFX_SeekableReadStream> pSrcFile =
           m_pParser->GetFileAccess();
       uint8_t buffer[4096];  // TODO(tsepez): don't stack allocate.
-      uint32_t src_size = (uint32_t)(uintptr_t)m_Pos;
+      FX_FILESIZE src_size = m_SavedOffset;
       while (src_size) {
         uint32_t block_size = src_size > 4096 ? 4096 : src_size;
-        if (!pSrcFile->ReadBlock(buffer, m_Offset - src_size, block_size)) {
+        if (!pSrcFile->ReadBlock(buffer, m_Offset - src_size, block_size))
           return -1;
-        }
-        if (m_File.AppendBlock(buffer, block_size) < 0) {
+        if (m_File.AppendBlock(buffer, block_size) < 0)
           return -1;
-        }
+
         src_size -= block_size;
         if (pPause && pPause->NeedToPauseNow()) {
-          m_Pos = (void*)(uintptr_t)src_size;
+          m_SavedOffset = src_size;
           return 1;
         }
       }
@@ -1521,7 +1520,7 @@ int32_t CPDF_Creator::WriteDoc_Stage2(IFX_Pause* pPause) {
   ASSERT(m_iStage >= 20 || m_iStage < 30);
   if (m_iStage == 20) {
     if ((m_dwFlags & FPDFCREATE_INCREMENTAL) == 0 && m_pParser) {
-      m_Pos = (void*)(uintptr_t)0;
+      m_CurObjNum = 0;
       m_iStage = 21;
     } else {
       m_iStage = 25;
@@ -1535,7 +1534,7 @@ int32_t CPDF_Creator::WriteDoc_Stage2(IFX_Pause* pPause) {
     m_iStage = 25;
   }
   if (m_iStage == 25) {
-    m_Pos = (void*)(uintptr_t)0;
+    m_CurObjNum = 0;
     m_iStage = 26;
   }
   if (m_iStage == 26) {
@@ -1583,13 +1582,13 @@ int32_t CPDF_Creator::WriteDoc_Stage3(IFX_Pause* pPause) {
         if (m_File.AppendString(str.AsStringC()) < 0) {
           return -1;
         }
-        m_Pos = (void*)(uintptr_t)1;
+        m_CurObjNum = 1;
         m_iStage = 81;
       } else {
         if (m_File.AppendString("xref\r\n") < 0) {
           return -1;
         }
-        m_Pos = (void*)(uintptr_t)0;
+        m_CurObjNum = 0;
         m_iStage = 82;
       }
     } else {
@@ -1598,7 +1597,8 @@ int32_t CPDF_Creator::WriteDoc_Stage3(IFX_Pause* pPause) {
   }
   if (m_iStage == 81) {
     CFX_ByteString str;
-    uint32_t i = (uint32_t)(uintptr_t)m_Pos, j;
+    uint32_t i = m_CurObjNum;
+    uint32_t j;
     while (i <= dwLastObjNum) {
       while (i <= dwLastObjNum && !m_ObjectOffset.GetPtrAt(i)) {
         i++;
@@ -1628,7 +1628,7 @@ int32_t CPDF_Creator::WriteDoc_Stage3(IFX_Pause* pPause) {
         break;
       }
       if (pPause && pPause->NeedToPauseNow()) {
-        m_Pos = (void*)(uintptr_t)i;
+        m_CurObjNum = i;
         return 1;
       }
     }
@@ -1636,8 +1636,8 @@ int32_t CPDF_Creator::WriteDoc_Stage3(IFX_Pause* pPause) {
   }
   if (m_iStage == 82) {
     CFX_ByteString str;
-    size_t iCount = m_NewObjNumArray.size();
-    size_t i = (size_t)(uintptr_t)m_Pos;
+    uint32_t iCount = pdfium::CollectionSize<uint32_t>(m_NewObjNumArray);
+    uint32_t i = m_CurObjNum;
     while (i < iCount) {
       size_t j = i;
       uint32_t objnum = m_NewObjNumArray[i];
@@ -1665,7 +1665,7 @@ int32_t CPDF_Creator::WriteDoc_Stage3(IFX_Pause* pPause) {
           return -1;
       }
       if (pPause && (i % 100) == 0 && pPause->NeedToPauseNow()) {
-        m_Pos = (void*)(uintptr_t)i;
+        m_CurObjNum = i;
         return 1;
       }
     }
-- 
cgit v1.2.3