From 9ea57a43faeab85a9a431e987ff4c3ba670083a0 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Wed, 6 May 2015 15:58:32 -0700 Subject: Remove FX_STRSIZE casts, use safe conversions BUG=pdfium:153 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1124043003 --- core/include/fxcrt/fx_string.h | 22 ++++++------------ core/include/fxcrt/fx_system.h | 26 ++++++++++++++++++++-- .../src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp | 2 +- core/src/fxcrt/fx_basic_bstring.cpp | 24 ++++++++++---------- core/src/fxcrt/fx_basic_buffer.cpp | 10 ++++----- core/src/fxcrt/fx_basic_utf.cpp | 2 +- core/src/fxcrt/fx_basic_wstring.cpp | 24 ++++++++++---------- 7 files changed, 62 insertions(+), 48 deletions(-) diff --git a/core/include/fxcrt/fx_string.h b/core/include/fxcrt/fx_string.h index fe0985772d..18cd997ee8 100644 --- a/core/include/fxcrt/fx_string.h +++ b/core/include/fxcrt/fx_string.h @@ -11,12 +11,12 @@ #include #include "fx_memory.h" +#include "fx_system.h" class CFX_BinaryBuf; class CFX_ByteString; class CFX_WideString; struct CFX_CharMap; -typedef int FX_STRSIZE; // An immutable string with caller-provided storage which must outlive the // string itself. @@ -40,7 +40,7 @@ public: CFX_ByteStringC(FX_LPCSTR ptr) { m_Ptr = (FX_LPCBYTE)ptr; - m_Length = ptr ? (FX_STRSIZE)FXSYS_strlen(ptr) : 0; + m_Length = ptr ? FXSYS_strlen(ptr) : 0; } // |ch| must be an lvalue that outlives the the CFX_ByteStringC. However, @@ -59,11 +59,7 @@ public: CFX_ByteStringC(FX_LPCSTR ptr, FX_STRSIZE len) { m_Ptr = (FX_LPCBYTE)ptr; - if (len == -1) { - m_Length = (FX_STRSIZE)FXSYS_strlen(ptr); - } else { - m_Length = len; - } + m_Length = (len == -1) ? FXSYS_strlen(ptr) : len; } CFX_ByteStringC(const CFX_ByteStringC& src) @@ -77,7 +73,7 @@ public: CFX_ByteStringC& operator = (FX_LPCSTR src) { m_Ptr = (FX_LPCBYTE)src; - m_Length = m_Ptr ? (FX_STRSIZE)FXSYS_strlen(src) : 0; + m_Length = m_Ptr ? FXSYS_strlen(src) : 0; return *this; } @@ -466,7 +462,7 @@ public: CFX_WideStringC(FX_LPCWSTR ptr) { m_Ptr = ptr; - m_Length = ptr ? (FX_STRSIZE)FXSYS_wcslen(ptr) : 0; + m_Length = ptr ? FXSYS_wcslen(ptr) : 0; } CFX_WideStringC(FX_WCHAR& ch) @@ -478,11 +474,7 @@ public: CFX_WideStringC(FX_LPCWSTR ptr, FX_STRSIZE len) { m_Ptr = ptr; - if (len == -1) { - m_Length = (FX_STRSIZE)FXSYS_wcslen(ptr); - } else { - m_Length = len; - } + m_Length = (len == -1) ? FXSYS_wcslen(ptr) : len; } CFX_WideStringC(const CFX_WideStringC& src) @@ -496,7 +488,7 @@ public: CFX_WideStringC& operator = (FX_LPCWSTR src) { m_Ptr = src; - m_Length = (FX_STRSIZE)FXSYS_wcslen(src); + m_Length = FXSYS_wcslen(src); return *this; } diff --git a/core/include/fxcrt/fx_system.h b/core/include/fxcrt/fx_system.h index ce86d5ad5c..50d3344a89 100644 --- a/core/include/fxcrt/fx_system.h +++ b/core/include/fxcrt/fx_system.h @@ -14,6 +14,7 @@ #define _FXM_PLATFORM_LINUX_ 2 #define _FXM_PLATFORM_APPLE_ 3 #define _FXM_PLATFORM_ANDROID_ 4 + #ifndef _FX_OS_ #if defined(__ANDROID__) #define _FX_OS_ _FX_ANDROID_ @@ -29,9 +30,11 @@ #define _FXM_PLATFORM_ _FXM_PLATFORM_APPLE_ #endif #endif + #if !defined(_FX_OS_) || _FX_OS_ == 0 #error Sorry, can not figure out what OS you are targeting to. Please specify _FX_OS_ macro. #endif + #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ #define _CRT_SECURE_NO_WARNINGS #include @@ -46,6 +49,7 @@ #define _FX_WORDSIZE_ _FX_W32_ #endif #endif + #include #include #include @@ -54,6 +58,7 @@ #include #include #include + #if _FXM_PLATFORM_ == _FXM_PLATFORM_APPLE_ #include #if _FX_OS_ == _FX_MACOSX_ @@ -63,6 +68,7 @@ #include #endif #endif + #ifdef __cplusplus extern "C" { #endif @@ -110,6 +116,12 @@ typedef wchar_t* FX_LPWSTR; typedef wchar_t const* FX_LPCWSTR; typedef FX_DWORD FX_UINT32; typedef FX_UINT64 FX_QWORD; + +// PDFium string sizes are limited to 2^31-1, and the value is signed to +// allow -1 as a placeholder for "unknown". +// TODO(palmer): it should be a |size_t|, or at least unsigned. +typedef int FX_STRSIZE; + #if defined(DEBUG) && !defined(_DEBUG) #define _DEBUG #endif @@ -152,7 +164,6 @@ void FXSYS_vsnprintf(char *str, size_t size, const char* fmt, va_list ap); #define FXSYS_sprintf DO_NOT_USE_SPRINTF_DIE_DIE_DIE #define FXSYS_vsprintf DO_NOT_USE_VSPRINTF_DIE_DIE_DIE #define FXSYS_strchr strchr -#define FXSYS_strlen strlen #define FXSYS_strncmp strncmp #define FXSYS_strcmp strcmp #define FXSYS_strcpy strcpy @@ -169,6 +180,7 @@ void FXSYS_vsnprintf(char *str, size_t size, const char* fmt, va_list ap); #define FXSYS_fwrite fwrite #define FXSYS_fprintf fprintf #define FXSYS_fflush fflush + #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ #ifdef _NATIVE_WCHAR_T_DEFINED #define FXSYS_wfopen(f, m) _wfopen((const wchar_t*)(f), (const wchar_t*)(m)) @@ -179,7 +191,17 @@ void FXSYS_vsnprintf(char *str, size_t size, const char* fmt, va_list ap); FXSYS_FILE* FXSYS_wfopen(FX_LPCWSTR filename, FX_LPCWSTR mode); #endif -#define FXSYS_wcslen wcslen +#ifdef __cplusplus +} // extern "C" +#include "../../../third_party/base/numerics/safe_conversions.h" +#define FXSYS_strlen(ptr) pdfium::base::checked_cast(strlen(ptr)) +#define FXSYS_wcslen(ptr) pdfium::base::checked_cast(wcslen(ptr)) +extern "C" { +#else +#define FXSYS_strlen(ptr) ((FX_STRSIZE)strlen(ptr)) +#define FXSYS_wcslen(ptr) ((FX_STRSIZE)wcslen(ptr)) +#endif + #define FXSYS_wcscmp wcscmp #define FXSYS_wcschr wcschr #define FXSYS_wcsstr wcsstr diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp index 0bb66da209..8f5871df7f 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp @@ -439,7 +439,7 @@ CFX_WideString PDF_DecodeText(FX_LPCBYTE src_data, FX_DWORD src_len, CFX_CharMap CFX_ByteString PDF_EncodeText(FX_LPCWSTR pString, int len, CFX_CharMap* pCharMap) { if (len == -1) { - len = (FX_STRSIZE)FXSYS_wcslen(pString); + len = FXSYS_wcslen(pString); } CFX_ByteString result; if (pCharMap == NULL) { diff --git a/core/src/fxcrt/fx_basic_bstring.cpp b/core/src/fxcrt/fx_basic_bstring.cpp index f18ae0825c..31621490d7 100644 --- a/core/src/fxcrt/fx_basic_bstring.cpp +++ b/core/src/fxcrt/fx_basic_bstring.cpp @@ -103,7 +103,7 @@ CFX_ByteString::~CFX_ByteString() CFX_ByteString::CFX_ByteString(FX_LPCSTR lpsz, FX_STRSIZE nLen) { if (nLen < 0) { - nLen = lpsz ? (FX_STRSIZE)FXSYS_strlen(lpsz) : 0; + nLen = lpsz ? FXSYS_strlen(lpsz) : 0; } if (nLen) { m_pData = FX_AllocString(nLen); @@ -174,7 +174,7 @@ const CFX_ByteString& CFX_ByteString::operator=(FX_LPCSTR lpsz) if (lpsz == NULL || lpsz[0] == 0) { Empty(); } else { - AssignCopy((FX_STRSIZE)FXSYS_strlen(lpsz), lpsz); + AssignCopy(FXSYS_strlen(lpsz), lpsz); } return *this; } @@ -226,7 +226,7 @@ void CFX_ByteString::Load(FX_LPCBYTE buf, FX_STRSIZE len) const CFX_ByteString& CFX_ByteString::operator+=(FX_LPCSTR lpsz) { if (lpsz) { - ConcatInPlace((FX_STRSIZE)FXSYS_strlen(lpsz), lpsz); + ConcatInPlace(FXSYS_strlen(lpsz), lpsz); } return *this; } @@ -360,7 +360,7 @@ void CFX_ByteString::ReleaseBuffer(FX_STRSIZE nNewLength) } CopyBeforeWrite(); if (nNewLength == -1) { - nNewLength = (FX_STRSIZE)FXSYS_strlen((FX_LPCSTR)m_pData->m_String); + nNewLength = FXSYS_strlen((FX_LPCSTR)m_pData->m_String); } if (nNewLength == 0) { Empty(); @@ -523,7 +523,7 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList) int nMaxLen = 0; for (FX_LPCSTR lpsz = lpszFormat; *lpsz != 0; lpsz ++) { if (*lpsz != '%' || *(lpsz = lpsz + 1) == '%') { - nMaxLen += (FX_STRSIZE)FXSYS_strlen(lpsz); + nMaxLen += FXSYS_strlen(lpsz); continue; } int nItemLen = 0; @@ -609,7 +609,7 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList) if (pstrNextArg == NULL) { nItemLen = 6; } else { - nItemLen = (FX_STRSIZE)FXSYS_strlen(pstrNextArg); + nItemLen = FXSYS_strlen(pstrNextArg); if (nItemLen < 1) { nItemLen = 1; } @@ -621,7 +621,7 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList) if (pstrNextArg == NULL) { nItemLen = 6; } else { - nItemLen = (FX_STRSIZE)FXSYS_wcslen(pstrNextArg); + nItemLen = FXSYS_wcslen(pstrNextArg); if (nItemLen < 1) { nItemLen = 1; } @@ -634,7 +634,7 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList) if (pstrNextArg == NULL) { nItemLen = 6; } else { - nItemLen = (FX_STRSIZE)FXSYS_strlen(pstrNextArg); + nItemLen = FXSYS_strlen(pstrNextArg); if (nItemLen < 1) { nItemLen = 1; } @@ -647,7 +647,7 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList) if (pstrNextArg == NULL) { nItemLen = 6; } else { - nItemLen = (FX_STRSIZE)FXSYS_wcslen(pstrNextArg); + nItemLen = FXSYS_wcslen(pstrNextArg); if (nItemLen < 1) { nItemLen = 1; } @@ -700,7 +700,7 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList) double f = va_arg(argList, double); memset(pszTemp, 0, sizeof(pszTemp)); FXSYS_snprintf(pszTemp, sizeof(pszTemp) - 1, "%*.*f", nWidth, nPrecision + 6, f); - nItemLen = (FX_STRSIZE)FXSYS_strlen(pszTemp); + nItemLen = FXSYS_strlen(pszTemp); } break; case 'p': @@ -969,7 +969,7 @@ CFX_WideString CFX_ByteString::UTF8Decode() const CFX_ByteString CFX_ByteString::FromUnicode(FX_LPCWSTR str, FX_STRSIZE len) { if (len < 0) { - len = (FX_STRSIZE)FXSYS_wcslen(str); + len = FXSYS_wcslen(str); } CFX_ByteString bstr; bstr.ConvertFrom(CFX_WideString(str, len)); @@ -1135,7 +1135,7 @@ FX_STRSIZE FX_ftoa(FX_FLOAT d, FX_LPSTR buf) } int i = scaled / scale; FXSYS_itoa(i, buf2, 10); - FX_STRSIZE len = (FX_STRSIZE)FXSYS_strlen(buf2); + FX_STRSIZE len = FXSYS_strlen(buf2); FXSYS_memcpy32(buf + buf_size, buf2, len); buf_size += len; int fraction = scaled % scale; diff --git a/core/src/fxcrt/fx_basic_buffer.cpp b/core/src/fxcrt/fx_basic_buffer.cpp index eb5246acec..7903740e47 100644 --- a/core/src/fxcrt/fx_basic_buffer.cpp +++ b/core/src/fxcrt/fx_basic_buffer.cpp @@ -150,14 +150,14 @@ CFX_ByteTextBuf& CFX_ByteTextBuf::operator << (int i) { char buf[32]; FXSYS_itoa(i, buf, 10); - AppendBlock(buf, (FX_STRSIZE)FXSYS_strlen(buf)); + AppendBlock(buf, FXSYS_strlen(buf)); return *this; } CFX_ByteTextBuf& CFX_ByteTextBuf::operator << (FX_DWORD i) { char buf[32]; FXSYS_itoa(i, buf, 10); - AppendBlock(buf, (FX_STRSIZE)FXSYS_strlen(buf)); + AppendBlock(buf, FXSYS_strlen(buf)); return *this; } CFX_ByteTextBuf& CFX_ByteTextBuf::operator << (double f) @@ -199,7 +199,7 @@ CFX_WideTextBuf& CFX_WideTextBuf::operator << (int i) { char buf[32]; FXSYS_itoa(i, buf, 10); - FX_STRSIZE len = (FX_STRSIZE)FXSYS_strlen(buf); + FX_STRSIZE len = FXSYS_strlen(buf); if (m_AllocSize < m_DataSize + (FX_STRSIZE)(len * sizeof(FX_WCHAR))) { ExpandBuf(len * sizeof(FX_WCHAR)); } @@ -228,7 +228,7 @@ CFX_WideTextBuf& CFX_WideTextBuf::operator << (double f) } CFX_WideTextBuf& CFX_WideTextBuf::operator << (FX_LPCWSTR lpsz) { - AppendBlock(lpsz, (FX_STRSIZE)FXSYS_wcslen(lpsz)*sizeof(FX_WCHAR)); + AppendBlock(lpsz, FXSYS_wcslen(lpsz)*sizeof(FX_WCHAR)); return *this; } CFX_WideTextBuf& CFX_WideTextBuf::operator << (const CFX_WideTextBuf& buf) @@ -294,7 +294,7 @@ CFX_ArchiveSaver& CFX_ArchiveSaver::operator << (FX_BSTR bstr) } CFX_ArchiveSaver& CFX_ArchiveSaver::operator << (FX_LPCWSTR wstr) { - FX_STRSIZE len = (FX_STRSIZE)FXSYS_wcslen(wstr); + FX_STRSIZE len = FXSYS_wcslen(wstr); if (m_pStream) { m_pStream->WriteBlock(&len, sizeof(int)); m_pStream->WriteBlock(wstr, len); diff --git a/core/src/fxcrt/fx_basic_utf.cpp b/core/src/fxcrt/fx_basic_utf.cpp index 02c7d98a1b..f52b83efda 100644 --- a/core/src/fxcrt/fx_basic_utf.cpp +++ b/core/src/fxcrt/fx_basic_utf.cpp @@ -80,7 +80,7 @@ CFX_ByteString FX_UTF8Encode(FX_LPCWSTR pwsStr, FX_STRSIZE len) { FXSYS_assert(pwsStr != NULL); if (len < 0) { - len = (FX_STRSIZE)FXSYS_wcslen(pwsStr); + len = FXSYS_wcslen(pwsStr); } CFX_UTF8Encoder encoder; while (len -- > 0) { diff --git a/core/src/fxcrt/fx_basic_wstring.cpp b/core/src/fxcrt/fx_basic_wstring.cpp index 3465b4a926..ce3166b196 100644 --- a/core/src/fxcrt/fx_basic_wstring.cpp +++ b/core/src/fxcrt/fx_basic_wstring.cpp @@ -79,7 +79,7 @@ CFX_WideString::CFX_WideString(const CFX_WideString& stringSrc) } CFX_WideString::CFX_WideString(FX_LPCWSTR lpsz, FX_STRSIZE nLen) { if (nLen < 0) { - nLen = lpsz ? (FX_STRSIZE)FXSYS_wcslen(lpsz) : 0; + nLen = lpsz ? FXSYS_wcslen(lpsz) : 0; } if (nLen) { m_pData = FX_AllocStringW(nLen); @@ -128,7 +128,7 @@ void CFX_WideString::ReleaseBuffer(FX_STRSIZE nNewLength) } CopyBeforeWrite(); if (nNewLength == -1) { - nNewLength = m_pData ? (FX_STRSIZE)FXSYS_wcslen(m_pData->m_String) : 0; + nNewLength = m_pData ? FXSYS_wcslen(m_pData->m_String) : 0; } if (nNewLength == 0) { Empty(); @@ -143,7 +143,7 @@ const CFX_WideString& CFX_WideString::operator=(FX_LPCWSTR lpsz) if (lpsz == NULL || lpsz[0] == 0) { Empty(); } else { - AssignCopy((FX_STRSIZE)FXSYS_wcslen(lpsz), lpsz); + AssignCopy(FXSYS_wcslen(lpsz), lpsz); } return *this; } @@ -183,7 +183,7 @@ const CFX_WideString& CFX_WideString::operator+=(FX_WCHAR ch) const CFX_WideString& CFX_WideString::operator+=(FX_LPCWSTR lpsz) { if (lpsz) { - ConcatInPlace((FX_STRSIZE)FXSYS_wcslen(lpsz), lpsz); + ConcatInPlace(FXSYS_wcslen(lpsz), lpsz); } return *this; } @@ -658,11 +658,11 @@ FX_STRSIZE CFX_WideString::Replace(FX_LPCWSTR lpszOld, FX_LPCWSTR lpszNew) if (lpszOld == NULL) { return 0; } - FX_STRSIZE nSourceLen = (FX_STRSIZE)FXSYS_wcslen(lpszOld); + FX_STRSIZE nSourceLen = FXSYS_wcslen(lpszOld); if (nSourceLen == 0) { return 0; } - FX_STRSIZE nReplacementLen = lpszNew ? (FX_STRSIZE)FXSYS_wcslen(lpszNew) : 0; + FX_STRSIZE nReplacementLen = lpszNew ? FXSYS_wcslen(lpszNew) : 0; FX_STRSIZE nCount = 0; FX_LPWSTR lpszStart = m_pData->m_String; FX_LPWSTR lpszEnd = m_pData->m_String + m_pData->m_nDataLength; @@ -791,7 +791,7 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList) int nMaxLen = 0; for (FX_LPCWSTR lpsz = lpszFormat; *lpsz != 0; lpsz ++) { if (*lpsz != '%' || *(lpsz = lpsz + 1) == '%') { - nMaxLen += (FX_STRSIZE)FXSYS_wcslen(lpsz); + nMaxLen += FXSYS_wcslen(lpsz); continue; } int nItemLen = 0; @@ -877,7 +877,7 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList) if (pstrNextArg == NULL) { nItemLen = 6; } else { - nItemLen = (FX_STRSIZE)FXSYS_wcslen(pstrNextArg); + nItemLen = FXSYS_wcslen(pstrNextArg); if (nItemLen < 1) { nItemLen = 1; } @@ -889,7 +889,7 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList) if (pstrNextArg == NULL) { nItemLen = 6; } else { - nItemLen = (FX_STRSIZE)FXSYS_strlen(pstrNextArg); + nItemLen = FXSYS_strlen(pstrNextArg); if (nItemLen < 1) { nItemLen = 1; } @@ -902,7 +902,7 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList) if (pstrNextArg == NULL) { nItemLen = 6; } else { - nItemLen = (FX_STRSIZE)FXSYS_strlen(pstrNextArg); + nItemLen = FXSYS_strlen(pstrNextArg); if (nItemLen < 1) { nItemLen = 1; } @@ -915,7 +915,7 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList) if (pstrNextArg == NULL) { nItemLen = 6; } else { - nItemLen = (FX_STRSIZE)FXSYS_wcslen(pstrNextArg); + nItemLen = FXSYS_wcslen(pstrNextArg); if (nItemLen < 1) { nItemLen = 1; } @@ -968,7 +968,7 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList) char pszTemp[256]; f = va_arg(argList, double); FXSYS_snprintf(pszTemp, sizeof(pszTemp), "%*.*f", nWidth, nPrecision + 6, f ); - nItemLen = (FX_STRSIZE)FXSYS_strlen(pszTemp); + nItemLen = FXSYS_strlen(pszTemp); } break; case 'p': -- cgit v1.2.3