From 62120b79bbaca7430a8fc7ba0846b0a84f40542d Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Wed, 4 Feb 2015 10:37:17 -0800
Subject: Prevent base::CheckedNumeric from leaking outside of pdfium.

Headers in /include directories should be free of implementation details
from third_party.  Put the types into a new header outside of /include.

Requires https://codereview.chromium.org/902443003/ before a version containing this patch is rolled into chromium.

R=jam@chromium.org

Review URL: https://codereview.chromium.org/896023003
---
 BUILD.gn                                               |  1 +
 core/include/fxcrt/fx_stream.h                         |  1 -
 core/include/fxcrt/fx_system.h                         |  5 -----
 core/src/fdrm/crypto/fx_crypt.cpp                      |  2 ++
 core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp          |  5 ++++-
 core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp    |  2 +-
 core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp |  2 +-
 core/src/fpdfdoc/doc_link.cpp                          |  2 ++
 core/src/fxcrt/extension.h                             |  2 ++
 core/src/fxcrt/fx_safe_types.h                         | 17 +++++++++++++++++
 fpdfsdk/src/fpdfview.cpp                               |  1 +
 fpdfsdk/src/pdfwindow/PWL_Edit.cpp                     |  1 +
 pdfium.gyp                                             |  1 +
 13 files changed, 33 insertions(+), 9 deletions(-)
 create mode 100644 core/src/fxcrt/fx_safe_types.h

diff --git a/BUILD.gn b/BUILD.gn
index d71002d053..12842d3cd9 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -490,6 +490,7 @@ static_library("fxcrt") {
     "core/include/fxcrt/fx_ucd.h",
     "core/include/fxcrt/fx_xml.h",
     "core/src/fxcrt/extension.h",
+    "core/src/fxcrt/fx_safe_types.h",
     "core/src/fxcrt/fxcrt_platforms.cpp",
     "core/src/fxcrt/fxcrt_platforms.h",
     "core/src/fxcrt/fxcrt_posix.cpp",
diff --git a/core/include/fxcrt/fx_stream.h b/core/include/fxcrt/fx_stream.h
index e54af579b6..b3784501a9 100644
--- a/core/include/fxcrt/fx_stream.h
+++ b/core/include/fxcrt/fx_stream.h
@@ -30,7 +30,6 @@ FX_DEFINEHANDLE(FX_HFILE)
 #endif
 #define FX_FILESIZE			off_t
 #endif
-typedef base::CheckedNumeric<FX_FILESIZE>    FX_SAFE_FILESIZE;
 #define FX_GETBYTEOFFSET32(a)	0
 #define FX_GETBYTEOFFSET40(a)	0
 #define FX_GETBYTEOFFSET48(a)	0
diff --git a/core/include/fxcrt/fx_system.h b/core/include/fxcrt/fx_system.h
index 355bd74327..b31a60396b 100644
--- a/core/include/fxcrt/fx_system.h
+++ b/core/include/fxcrt/fx_system.h
@@ -276,11 +276,6 @@ int			FXSYS_round(FX_FLOAT f);
 #ifdef __cplusplus
 };
 
-#include "../../../third_party/numerics/safe_math.h"
-typedef base::CheckedNumeric<FX_DWORD> FX_SAFE_DWORD;
-typedef base::CheckedNumeric<FX_INT32> FX_SAFE_INT32;
-typedef base::CheckedNumeric<size_t>   FX_SAFE_SIZE_T;
-
 #if defined(__clang__) || _MSC_VER >= 1700
 #define FX_FINAL final
 #define FX_OVERRIDE override
diff --git a/core/src/fdrm/crypto/fx_crypt.cpp b/core/src/fdrm/crypto/fx_crypt.cpp
index 8128f91f89..1fbba993d2 100644
--- a/core/src/fdrm/crypto/fx_crypt.cpp
+++ b/core/src/fdrm/crypto/fx_crypt.cpp
@@ -6,6 +6,8 @@
 
 #include "../../../include/fxcrt/fx_basic.h"
 #include "../../../include/fdrm/fx_crypt.h"
+#include "../../../src/fxcrt/fx_safe_types.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp
index 3ceb0f7e8b..7d727f37fb 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp
@@ -4,11 +4,14 @@
  
 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
 
+#include <limits.h>
+
 #include "../../../include/fpdfapi/fpdf_page.h"
 #include "../../../include/fpdfapi/fpdf_module.h"
+#include "../../../src/fxcrt/fx_safe_types.h"
 #include "../../../third_party/numerics/safe_conversions_impl.h"
 #include "pageint.h"
-#include <limits.h>
+
 class CPDF_PSEngine;
 typedef enum {PSOP_ADD, PSOP_SUB, PSOP_MUL, PSOP_DIV, PSOP_IDIV, PSOP_MOD,
               PSOP_NEG, PSOP_ABS, PSOP_CEILING, PSOP_FLOOR, PSOP_ROUND, PSOP_TRUNCATE,
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index 3d999ecf19..340da6f66b 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -7,7 +7,7 @@
 #include "../../../include/fpdfapi/fpdf_parser.h"
 #include "../../../include/fpdfapi/fpdf_module.h"
 #include "../../../include/fpdfapi/fpdf_page.h"
-#include "../../../../third_party/numerics/safe_math.h"
+#include "../../../src/fxcrt/fx_safe_types.h"
 #include "../fpdf_page/pageint.h"
 #include <utility>
 #include <vector>
diff --git a/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp b/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
index 1637655e68..f938628f55 100644
--- a/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
+++ b/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
@@ -9,9 +9,9 @@
 #include "../../../include/fpdfapi/fpdf_module.h"
 #include "../../../include/fpdfapi/fpdf_render.h"
 #include "../../../include/fpdfapi/fpdf_pageobj.h"
+#include "../../../src/fxcrt/fx_safe_types.h"
 #include "../fpdf_page/pageint.h"
 #include "render_int.h"
-#include "../../../../third_party/numerics/safe_math.h"
 
 static unsigned int _GetBits8(FX_LPCBYTE pData, int bitpos, int nbits)
 {
diff --git a/core/src/fpdfdoc/doc_link.cpp b/core/src/fpdfdoc/doc_link.cpp
index 0d1b98e7b7..c27333e08b 100644
--- a/core/src/fpdfdoc/doc_link.cpp
+++ b/core/src/fpdfdoc/doc_link.cpp
@@ -5,6 +5,8 @@
 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
 
 #include "../../include/fpdfdoc/fpdf_doc.h"
+#include "../../src/fxcrt/fx_safe_types.h"
+
 CPDF_LinkList::~CPDF_LinkList()
 {
     FX_POSITION pos = m_PageMap.GetStartPosition();
diff --git a/core/src/fxcrt/extension.h b/core/src/fxcrt/extension.h
index c23a2e3369..961e0ecf3a 100644
--- a/core/src/fxcrt/extension.h
+++ b/core/src/fxcrt/extension.h
@@ -7,6 +7,8 @@
 #ifndef _FXCRT_EXTENSION_IMP_
 #define _FXCRT_EXTENSION_IMP_
 
+#include "fx_safe_types.h"
+
 class IFXCRT_FileAccess
 {
 public:
diff --git a/core/src/fxcrt/fx_safe_types.h b/core/src/fxcrt/fx_safe_types.h
new file mode 100644
index 0000000000..794e1f19dc
--- /dev/null
+++ b/core/src/fxcrt/fx_safe_types.h
@@ -0,0 +1,17 @@
+// Copyright 2014 PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef FX_SAFE_TYPES_H_
+#define FX_SAFE_TYPES_H_
+
+#include <stdlib.h>  // For size_t.
+
+#include "../../../third_party/numerics/safe_math.h"
+
+typedef base::CheckedNumeric<FX_DWORD> FX_SAFE_DWORD;
+typedef base::CheckedNumeric<FX_INT32> FX_SAFE_INT32;
+typedef base::CheckedNumeric<size_t> FX_SAFE_SIZE_T;
+typedef base::CheckedNumeric<FX_FILESIZE> FX_SAFE_FILESIZE;
+
+#endif  // FX_SAFE_TYPES_H_
diff --git a/fpdfsdk/src/fpdfview.cpp b/fpdfsdk/src/fpdfview.cpp
index fba5d65bce..b751091a99 100644
--- a/fpdfsdk/src/fpdfview.cpp
+++ b/fpdfsdk/src/fpdfview.cpp
@@ -10,6 +10,7 @@
 #include "../include/fsdk_rendercontext.h"
 #include "../include/fpdf_progressive.h"
 #include "../include/fpdf_ext.h"
+#include "../../../core/src/fxcrt/fx_safe_types.h"
 #include "../../third_party/numerics/safe_conversions_impl.h"
 
 CPDF_CustomAccess::CPDF_CustomAccess(FPDF_FILEACCESS* pFileAccess)
diff --git a/fpdfsdk/src/pdfwindow/PWL_Edit.cpp b/fpdfsdk/src/pdfwindow/PWL_Edit.cpp
index bbac382967..1cbbf9a17e 100644
--- a/fpdfsdk/src/pdfwindow/PWL_Edit.cpp
+++ b/fpdfsdk/src/pdfwindow/PWL_Edit.cpp
@@ -12,6 +12,7 @@
 #include "../../include/pdfwindow/PWL_Utils.h"
 #include "../../include/pdfwindow/PWL_Caret.h"
 #include "../../include/pdfwindow/PWL_FontMap.h"
+#include "../../../core/src/fxcrt/fx_safe_types.h"
 
 /* ---------------------------- CPWL_Edit ------------------------------ */
 
diff --git a/pdfium.gyp b/pdfium.gyp
index a09caa1bef..df85452a0d 100644
--- a/pdfium.gyp
+++ b/pdfium.gyp
@@ -516,6 +516,7 @@
         'core/include/fxcrt/fx_ucd.h',
         'core/include/fxcrt/fx_xml.h',
         'core/src/fxcrt/extension.h',
+        'core/src/fxcrt/fx_safe_types.h',
         'core/src/fxcrt/fxcrt_platforms.cpp',
         'core/src/fxcrt/fxcrt_platforms.h',
         'core/src/fxcrt/fxcrt_posix.cpp',
-- 
cgit v1.2.3