From 8d4e0d47f4cd0325be84ebf310fd8de989761939 Mon Sep 17 00:00:00 2001 From: weili Date: Fri, 3 Jun 2016 14:06:36 -0700 Subject: Fix more bugs found by /analyze tool Three more bugs are discovered: -- potientially used freed pointer; -- potientially used uninitialized variable; -- Used '&&' instead of bitwise operator '&' BUG=chromium:613623, chromium:427616 Review-Url: https://codereview.chromium.org/2040503002 --- core/fpdfapi/fpdf_parser/cpdf_stream_acc.cpp | 41 +++++++++------------------- xfa/fwl/core/cfwl_widgetmgr.cpp | 3 +- xfa/fxfa/app/xfa_ffchoicelist.cpp | 2 +- 3 files changed, 15 insertions(+), 31 deletions(-) diff --git a/core/fpdfapi/fpdf_parser/cpdf_stream_acc.cpp b/core/fpdfapi/fpdf_parser/cpdf_stream_acc.cpp index afac3ebf6f..81144919fe 100644 --- a/core/fpdfapi/fpdf_parser/cpdf_stream_acc.cpp +++ b/core/fpdfapi/fpdf_parser/cpdf_stream_acc.cpp @@ -42,55 +42,40 @@ void CPDF_StreamAcc::LoadAllData(const CPDF_Stream* pStream, } else { pSrcData = pStream->GetRawData(); } - uint8_t* pDecryptedData = pSrcData; - uint32_t dwDecryptedSize = dwSrcSize; if (!pStream->GetDict()->KeyExist("Filter") || bRawAccess) { - m_pData = pDecryptedData; - m_dwSize = dwDecryptedSize; + m_pData = pSrcData; + m_dwSize = dwSrcSize; } else { - FX_BOOL bRet = PDF_DataDecode( - pDecryptedData, dwDecryptedSize, m_pStream->GetDict(), m_pData, - m_dwSize, m_ImageDecoder, m_pImageParam, estimated_size, bImageAcc); + FX_BOOL bRet = PDF_DataDecode(pSrcData, dwSrcSize, m_pStream->GetDict(), + m_pData, m_dwSize, m_ImageDecoder, + m_pImageParam, estimated_size, bImageAcc); if (!bRet) { - m_pData = pDecryptedData; - m_dwSize = dwDecryptedSize; + m_pData = pSrcData; + m_dwSize = dwSrcSize; } } - if (pSrcData != pStream->GetRawData() && pSrcData != m_pData) { + if (pSrcData != pStream->GetRawData() && pSrcData != m_pData) FX_Free(pSrcData); - } - if (pDecryptedData != pSrcData && pDecryptedData != m_pData) { - FX_Free(pDecryptedData); - } m_pSrcData = nullptr; m_bNewBuf = m_pData != pStream->GetRawData(); } CPDF_StreamAcc::~CPDF_StreamAcc() { - if (m_bNewBuf) { + if (m_bNewBuf) FX_Free(m_pData); - } FX_Free(m_pSrcData); } const uint8_t* CPDF_StreamAcc::GetData() const { - if (m_bNewBuf) { + if (m_bNewBuf) return m_pData; - } - if (!m_pStream) { - return nullptr; - } - return m_pStream->GetRawData(); + return m_pStream ? m_pStream->GetRawData() : nullptr; } uint32_t CPDF_StreamAcc::GetSize() const { - if (m_bNewBuf) { + if (m_bNewBuf) return m_dwSize; - } - if (!m_pStream) { - return 0; - } - return m_pStream->GetRawSize(); + return m_pStream ? m_pStream->GetRawSize() : 0; } uint8_t* CPDF_StreamAcc::DetachData() { diff --git a/xfa/fwl/core/cfwl_widgetmgr.cpp b/xfa/fwl/core/cfwl_widgetmgr.cpp index 90d621477a..78d8206369 100644 --- a/xfa/fwl/core/cfwl_widgetmgr.cpp +++ b/xfa/fwl/core/cfwl_widgetmgr.cpp @@ -768,8 +768,7 @@ FX_BOOL CFWL_WidgetMgrDelegate::IsNeedRepaint(IFWL_Widget* pWidget, FX_BOOL bOrginPtIntersectWidthDirty = rtDirty.Contains(rtWidget.left, rtWidget.top); static FWL_NEEDREPAINTHITDATA hitPoint[kNeedRepaintHitPoints]; - int32_t iSize = sizeof(FWL_NEEDREPAINTHITDATA); - FXSYS_memset(hitPoint, 0, iSize); + FXSYS_memset(hitPoint, 0, sizeof(hitPoint)); FX_FLOAT fxPiece = rtWidget.width / kNeedRepaintHitPiece; FX_FLOAT fyPiece = rtWidget.height / kNeedRepaintHitPiece; hitPoint[2].hitPoint.x = hitPoint[6].hitPoint.x = rtWidget.left; diff --git a/xfa/fxfa/app/xfa_ffchoicelist.cpp b/xfa/fxfa/app/xfa_ffchoicelist.cpp index 51d693fa35..4258eef29b 100644 --- a/xfa/fxfa/app/xfa_ffchoicelist.cpp +++ b/xfa/fxfa/app/xfa_ffchoicelist.cpp @@ -91,7 +91,7 @@ FX_BOOL CXFA_FFListBox::IsDataChanged() { for (int32_t i = 0; i < iSels; ++i) { IFWL_ListItem* hlistItem = pListBox->GetItem(iSelArray[i]); - if (!(pListBox->GetItemStates(hlistItem) && FWL_ITEMSTATE_LTB_Selected)) + if (!(pListBox->GetItemStates(hlistItem) & FWL_ITEMSTATE_LTB_Selected)) return TRUE; } return FALSE; -- cgit v1.2.3