From bf4aa2cc93a67826247e887b2ba26a1b965eb616 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Tue, 19 May 2015 14:56:52 -0700 Subject: Revert "Remove FX_Alloc() null checks now that it can't return NULL." This reverts commit eb6527763171cdb4b0fbfea5a20d691f4d67b660. Reason for revert: broke javascript tests. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1145843005 --- core/include/fxcodec/fx_codec_def.h | 1 + core/include/fxge/fx_ge.h | 15 +++-- core/src/fpdfapi/fpdf_edit/fpdf_edit_create.cpp | 3 + core/src/fpdfapi/fpdf_edit/fpdf_edit_image.cpp | 18 ++++-- core/src/fpdfapi/fpdf_page/fpdf_page.cpp | 5 +- .../src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp | 8 ++- .../src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp | 6 ++ .../fpdfapi/fpdf_parser/fpdf_parser_objects.cpp | 5 +- .../src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 3 + .../fpdfapi/fpdf_render/fpdf_render_loadimage.cpp | 3 + core/src/fpdfdoc/doc_annot.cpp | 12 ++++ core/src/fpdftext/fpdf_text.cpp | 68 +++++++++++----------- core/src/fpdftext/fpdf_text_int.cpp | 6 ++ core/src/fxcodec/codec/fx_codec.cpp | 3 + core/src/fxcodec/codec/fx_codec_fax.cpp | 12 ++++ core/src/fxcodec/codec/fx_codec_flate.cpp | 42 ++++++++++++- core/src/fxcodec/codec/fx_codec_icc.cpp | 6 ++ core/src/fxcodec/codec/fx_codec_jbig.cpp | 6 ++ core/src/fxcodec/codec/fx_codec_jpx_opj.cpp | 6 ++ core/src/fxcrt/extension.h | 7 ++- core/src/fxcrt/fx_basic_array.cpp | 15 +++++ core/src/fxcrt/fx_basic_bstring.cpp | 3 + core/src/fxcrt/fx_basic_buffer.cpp | 9 ++- core/src/fxcrt/fx_basic_maps.cpp | 4 +- core/src/fxcrt/fx_basic_plex.cpp | 3 + core/src/fxcrt/fx_basic_wstring.cpp | 3 + core/src/fxcrt/fx_extension.cpp | 3 + core/src/fxcrt/fxcrt_platforms.cpp | 3 + core/src/fxcrt/fxcrt_posix.cpp | 3 + core/src/fxcrt/xml_int.h | 3 + core/src/fxge/agg/agg23/agg_array.h | 6 +- core/src/fxge/agg/agg23/fx_agg_path_storage.cpp | 3 + .../agg/agg23/fx_agg_rasterizer_scanline_aa.cpp | 6 ++ core/src/fxge/dib/fx_dib_composite.cpp | 37 ++++++++++++ core/src/fxge/dib/fx_dib_convert.cpp | 12 ++++ core/src/fxge/dib/fx_dib_engine.cpp | 6 ++ core/src/fxge/dib/fx_dib_main.cpp | 15 ++++- core/src/fxge/ge/fx_ge_font.cpp | 6 ++ core/src/fxge/ge/fx_ge_fontmap.cpp | 19 +++++- core/src/fxge/ge/fx_ge_path.cpp | 63 ++++++++++++++------ core/src/fxge/ge/fx_ge_ps.cpp | 10 ++++ core/src/fxge/ge/fx_ge_text.cpp | 3 + core/src/fxge/win32/fx_win32_device.cpp | 3 + core/src/fxge/win32/fx_win32_dib.cpp | 13 +++++ core/src/fxge/win32/fx_win32_gdipext.cpp | 28 +++++++++ core/src/fxge/win32/fx_win32_print.cpp | 3 + fpdfsdk/src/fsdk_baseform.cpp | 5 +- fpdfsdk/src/pdfwindow/PWL_Edit.cpp | 30 +++++----- 48 files changed, 455 insertions(+), 97 deletions(-) diff --git a/core/include/fxcodec/fx_codec_def.h b/core/include/fxcodec/fx_codec_def.h index 497d4d8fa6..0d08da699b 100644 --- a/core/include/fxcodec/fx_codec_def.h +++ b/core/include/fxcodec/fx_codec_def.h @@ -13,6 +13,7 @@ enum FXCODEC_STATUS { FXCODEC_STATUS_DECODE_READY, FXCODEC_STATUS_DECODE_TOBECONTINUE, FXCODEC_STATUS_DECODE_FINISH, + FXCODEC_STATUS_ERR_MEMORY, FXCODEC_STATUS_ERR_READ, FXCODEC_STATUS_ERR_FLUSH, FXCODEC_STATUS_ERR_FORMAT, diff --git a/core/include/fxge/fx_ge.h b/core/include/fxge/fx_ge.h index 147e24ce1f..f9c4e9b9ae 100644 --- a/core/include/fxge/fx_ge.h +++ b/core/include/fxge/fx_ge.h @@ -186,9 +186,11 @@ public: return m_pPoints; } - void SetPointCount(int nPoints); - void AllocPointCount(int nPoints); - void AddPointCount(int addPoints); + FX_BOOL SetPointCount(int nPoints); + + FX_BOOL AllocPointCount(int nPoints); + + FX_BOOL AddPointCount(int addPoints); CFX_FloatRect GetBoundingBox() const; @@ -202,14 +204,15 @@ public: FX_BOOL IsRect(const CFX_AffineMatrix* pMatrix, CFX_FloatRect* rect) const; - void Append(const CFX_PathData* pSrc, const CFX_AffineMatrix* pMatrix); - void AppendRect(FX_FLOAT left, FX_FLOAT bottom, FX_FLOAT right, FX_FLOAT top); + FX_BOOL Append(const CFX_PathData* pSrc, const CFX_AffineMatrix* pMatrix); + + FX_BOOL AppendRect(FX_FLOAT left, FX_FLOAT bottom, FX_FLOAT right, FX_FLOAT top); void SetPoint(int index, FX_FLOAT x, FX_FLOAT y, int flag); void TrimPoints(int nPoints); - void Copy(const CFX_PathData &src); + FX_BOOL Copy(const CFX_PathData &src); protected: friend class CPDF_Path; diff --git a/core/src/fpdfapi/fpdf_edit/fpdf_edit_create.cpp b/core/src/fpdfapi/fpdf_edit/fpdf_edit_create.cpp index 3abbcee046..0886d3ff53 100644 --- a/core/src/fpdfapi/fpdf_edit/fpdf_edit_create.cpp +++ b/core/src/fpdfapi/fpdf_edit/fpdf_edit_create.cpp @@ -415,6 +415,9 @@ FX_BOOL CPDF_Encryptor::Initialize(CPDF_CryptoHandler* pHandler, int objnum, FX_ } m_dwSize = pHandler->EncryptGetSize(objnum, 0, src_data, src_size); m_pData = FX_Alloc(FX_BYTE, m_dwSize); + if(!m_pData) { + return FALSE; + } pHandler->EncryptContent(objnum, 0, src_data, src_size, m_pData, m_dwSize); m_bNewBuf = TRUE; return TRUE; diff --git a/core/src/fpdfapi/fpdf_edit/fpdf_edit_image.cpp b/core/src/fpdfapi/fpdf_edit/fpdf_edit_image.cpp index a5a91ebc53..1328fcdf96 100644 --- a/core/src/fpdfapi/fpdf_edit/fpdf_edit_image.cpp +++ b/core/src/fpdfapi/fpdf_edit/fpdf_edit_image.cpp @@ -71,11 +71,17 @@ void CPDF_Image::SetJpegImage(IFX_FileRead *pFile) dwEstimateSize = 8192; } FX_LPBYTE pData = FX_Alloc(FX_BYTE, dwEstimateSize); + if (!pData) { + return; + } pFile->ReadBlock(pData, 0, dwEstimateSize); CPDF_Dictionary *pDict = InitJPEG(pData, dwEstimateSize); FX_Free(pData); if (!pDict && size > dwEstimateSize) { pData = FX_Alloc(FX_BYTE, size); + if (!pData) { + return; + } pFile->ReadBlock(pData, 0, size); pDict = InitJPEG(pData, size); FX_Free(pData); @@ -217,8 +223,8 @@ void CPDF_Image::SetImage(const CFX_DIBitmap* pBitmap, FX_INT32 iCompress, IFX_F } else if (pMaskBitmap->GetFormat() == FXDIB_1bppMask) { _JBIG2EncodeBitmap(pMaskDict, pMaskBitmap, m_pDocument, mask_buf, mask_size, TRUE); } else { - mask_buf = FX_Alloc2D(FX_BYTE, maskHeight, maskWidth); - mask_size = maskHeight * maskWidth; // Safe since checked alloc returned. + mask_size = maskHeight * maskWidth; + mask_buf = FX_Alloc(FX_BYTE, mask_size); for (FX_INT32 a = 0; a < maskHeight; a ++) { FXSYS_memcpy32(mask_buf + a * maskWidth, pMaskBitmap->GetScanline(a), maskWidth); } @@ -300,8 +306,8 @@ void CPDF_Image::SetImage(const CFX_DIBitmap* pBitmap, FX_INT32 iCompress, IFX_F } } else if (opType == 1) { if (!bStream) { - dest_buf = FX_Alloc2D(FX_BYTE, dest_pitch, BitmapHeight); - dest_size = dest_pitch * BitmapHeight; // Safe since checked alloc returned. + dest_size = dest_pitch * BitmapHeight; + dest_buf = FX_Alloc(FX_BYTE, dest_size); } FX_LPBYTE pDest = dest_buf; for (FX_INT32 i = 0; i < BitmapHeight; i ++) { @@ -315,8 +321,8 @@ void CPDF_Image::SetImage(const CFX_DIBitmap* pBitmap, FX_INT32 iCompress, IFX_F } } else if (opType == 2) { if (!bStream) { - dest_buf = FX_Alloc2D(FX_BYTE, dest_pitch, BitmapHeight); - dest_size = dest_pitch * BitmapHeight; // Safe since checked alloc returned. + dest_size = dest_pitch * BitmapHeight; + dest_buf = FX_Alloc(FX_BYTE, dest_size); } else { dest_buf = FX_Alloc(FX_BYTE, dest_pitch); } diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page.cpp index 5a9f1a8cb8..4ec753d751 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page.cpp @@ -204,10 +204,11 @@ void CPDF_TextObject::CopyData(const CPDF_PageObject* pSrc) if (m_nChars > 1) { m_pCharCodes = FX_Alloc(FX_DWORD, m_nChars); m_pCharPos = FX_Alloc(FX_FLOAT, m_nChars - 1); - for (int i = 0; i < m_nChars; i ++) { + int i; + for (i = 0; i < m_nChars; i ++) { m_pCharCodes[i] = pSrcObj->m_pCharCodes[i]; } - for (int i = 0; i < m_nChars - 1; i ++) { + for (i = 0; i < m_nChars - 1; i ++) { m_pCharPos[i] = pSrcObj->m_pCharPos[i]; } } else { diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp index d8b24593ef..952fe1d9a9 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp @@ -262,8 +262,8 @@ FX_DWORD _DecodeAllScanlines(ICodec_ScanlineDecoder* pDecoder, FX_LPBYTE& dest_b delete pDecoder; return -1; } - dest_buf = FX_Alloc2D(FX_BYTE, pitch, height); - dest_size = pitch * height; // Safe since checked alloc returned. + dest_size = pitch * height; + dest_buf = FX_Alloc( FX_BYTE, dest_size); for (int row = 0; row < height; row ++) { FX_LPBYTE pLine = pDecoder->GetScanline(row); if (pLine == NULL) { @@ -1050,6 +1050,10 @@ void CPDF_ContentParser::Continue(IFX_Pause* pPause) m_Size += size + 1; } m_pData = FX_Alloc(FX_BYTE, m_Size); + if (!m_pData) { + m_Status = Done; + return; + } FX_DWORD pos = 0; for (i = 0; i < m_nStreams; i ++) { FXSYS_memcpy32(m_pData + pos, m_pStreamArray[i]->GetData(), m_pStreamArray[i]->GetSize()); diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp index 691981cb10..8f5871df7f 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp @@ -40,6 +40,9 @@ FX_DWORD _A85Decode(const FX_BYTE* src_buf, FX_DWORD src_size, FX_LPBYTE& dest_b return (FX_DWORD) - 1; } dest_buf = FX_Alloc(FX_BYTE, zcount * 4 + (pos - zcount)); + if (dest_buf == NULL) { + return (FX_DWORD) - 1; + } int state = 0; FX_UINT32 res = 0; pos = dest_size = 0; @@ -150,6 +153,9 @@ FX_DWORD RunLengthDecode(const FX_BYTE* src_buf, FX_DWORD src_size, FX_LPBYTE& d return -1; } dest_buf = FX_Alloc( FX_BYTE, dest_size); + if (!dest_buf) { + return -1; + } i = 0; int dest_count = 0; while (i < src_size) { diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp index 341be13d44..3eac5ae74e 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp @@ -1086,7 +1086,7 @@ void CPDF_StreamAcc::LoadAllData(const CPDF_Stream* pStream, FX_BOOL bRawAccess, } if (!pStream->IsMemoryBased()) { pSrcData = m_pSrcData = FX_Alloc(FX_BYTE, dwSrcSize); - if (!pStream->ReadRawData(0, pSrcData, dwSrcSize)) { + if (!pSrcData || !pStream->ReadRawData(0, pSrcData, dwSrcSize)) { return; } } else { @@ -1165,6 +1165,9 @@ FX_LPBYTE CPDF_StreamAcc::DetachData() return p; } FX_LPBYTE p = FX_Alloc(FX_BYTE, m_dwSize); + if (p == NULL) { + return NULL; + } FXSYS_memcpy32(p, m_pData, m_dwSize); return p; } diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp index 0d4ed27c06..2772d9825e 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp @@ -2477,6 +2477,9 @@ CPDF_Stream* CPDF_SyntaxParser::ReadStream(CPDF_Dictionary* pDict, PARSE_CONTEXT } CPDF_Stream* pStream; FX_LPBYTE pData = FX_Alloc(FX_BYTE, len); + if (!pData) { + return NULL; + } ReadBlock(pData, len); if (pCryptoHandler) { CFX_BinaryBuf dest_buf; diff --git a/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp b/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp index b45d9c3e5d..7093edae47 100644 --- a/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp +++ b/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp @@ -500,6 +500,9 @@ DIB_COMP_DATA* CPDF_DIBSource::GetDecodeAndMaskArray(FX_BOOL& bDefaultDecode, FX return NULL; } DIB_COMP_DATA* pCompData = FX_Alloc(DIB_COMP_DATA, m_nComponents); + if (pCompData == NULL) { + return NULL; + } int max_data = (1 << m_bpc) - 1; CPDF_Array* pDecode = m_pDict->GetArray(FX_BSTRC("Decode")); if (pDecode) { diff --git a/core/src/fpdfdoc/doc_annot.cpp b/core/src/fpdfdoc/doc_annot.cpp index 0ddcb2305e..4ccce21f1c 100644 --- a/core/src/fpdfdoc/doc_annot.cpp +++ b/core/src/fpdfdoc/doc_annot.cpp @@ -339,6 +339,9 @@ CPDF_PageObject* CPDF_Annot::GetBorder(FX_BOOL bPrint, const CPDF_RenderOptions* dash_count ++; } pGraphState->m_DashArray = FX_Alloc(FX_FLOAT, dash_count); + if (pGraphState->m_DashArray == NULL) { + return NULL; + } pGraphState->m_DashCount = dash_count; FX_DWORD i; for (i = 0; i < pDashArray->GetCount(); i ++) { @@ -349,6 +352,9 @@ CPDF_PageObject* CPDF_Annot::GetBorder(FX_BOOL bPrint, const CPDF_RenderOptions* } } else { pGraphState->m_DashArray = FX_Alloc(FX_FLOAT, 2); + if (pGraphState->m_DashArray == NULL) { + return NULL; + } pGraphState->m_DashCount = 2; pGraphState->m_DashArray[0] = pGraphState->m_DashArray[1] = 3 * 1.0f; } @@ -435,6 +441,9 @@ void CPDF_Annot::DrawBorder(CFX_RenderDevice* pDevice, const CFX_AffineMatrix* p dash_count ++; } graph_state.m_DashArray = FX_Alloc(FX_FLOAT, dash_count); + if (graph_state.m_DashArray == NULL) { + return ; + } graph_state.m_DashCount = dash_count; FX_DWORD i; for (i = 0; i < pDashArray->GetCount(); i ++) { @@ -445,6 +454,9 @@ void CPDF_Annot::DrawBorder(CFX_RenderDevice* pDevice, const CFX_AffineMatrix* p } } else { graph_state.m_DashArray = FX_Alloc(FX_FLOAT, 2); + if (graph_state.m_DashArray == NULL) { + return ; + } graph_state.m_DashCount = 2; graph_state.m_DashArray[0] = graph_state.m_DashArray[1] = 3 * 1.0f; } diff --git a/core/src/fpdftext/fpdf_text.cpp b/core/src/fpdftext/fpdf_text.cpp index e58b50d182..a0b01042e1 100644 --- a/core/src/fpdftext/fpdf_text.cpp +++ b/core/src/fpdftext/fpdf_text.cpp @@ -223,42 +223,44 @@ void CTextPage::WriteOutput(CFX_WideStringArray& lines, int iMinWidth) } if (m_bAutoWidth) { int* widths = FX_Alloc(int, m_BaseLines.GetSize()); - for (i = 0; i < m_BaseLines.GetSize(); i ++) { - widths[i] = 0; - CTextBaseLine* pBaseLine = (CTextBaseLine*)m_BaseLines.GetAt(i); - int TotalChars = 0; - FX_FLOAT TotalWidth = 0; - int minchars; - pBaseLine->CountChars(TotalChars, TotalWidth, minchars); - if (TotalChars) { - FX_FLOAT charwidth = TotalWidth / TotalChars; - widths[i] = (int)((MaxRightX - MinLeftX) / charwidth); - } - if (widths[i] > 1000) { - widths[i] = 1000; - } - if (widths[i] < minchars) { - widths[i] = minchars; + if (widths) { + for (i = 0; i < m_BaseLines.GetSize(); i ++) { + widths[i] = 0; + CTextBaseLine* pBaseLine = (CTextBaseLine*)m_BaseLines.GetAt(i); + int TotalChars = 0; + FX_FLOAT TotalWidth = 0; + int minchars; + pBaseLine->CountChars(TotalChars, TotalWidth, minchars); + if (TotalChars) { + FX_FLOAT charwidth = TotalWidth / TotalChars; + widths[i] = (int)((MaxRightX - MinLeftX) / charwidth); + } + if (widths[i] > 1000) { + widths[i] = 1000; + } + if (widths[i] < minchars) { + widths[i] = minchars; + } } - } - int AvgWidth = 0, widthcount = 0; - for (i = 0; i < m_BaseLines.GetSize(); i ++) - if (widths[i]) { - AvgWidth += widths[i]; - widthcount ++; + int AvgWidth = 0, widthcount = 0; + for (i = 0; i < m_BaseLines.GetSize(); i ++) + if (widths[i]) { + AvgWidth += widths[i]; + widthcount ++; + } + AvgWidth = int((FX_FLOAT)AvgWidth / widthcount + 0.5); + int MaxWidth = 0; + for (i = 0; i < m_BaseLines.GetSize(); i ++) + if (MaxWidth < widths[i]) { + MaxWidth = widths[i]; + } + if (MaxWidth > AvgWidth * 6 / 5) { + MaxWidth = AvgWidth * 6 / 5; } - AvgWidth = int((FX_FLOAT)AvgWidth / widthcount + 0.5); - int MaxWidth = 0; - for (i = 0; i < m_BaseLines.GetSize(); i ++) - if (MaxWidth < widths[i]) { - MaxWidth = widths[i]; + FX_Free(widths); + if (iMinWidth < MaxWidth) { + iMinWidth = MaxWidth; } - if (MaxWidth > AvgWidth * 6 / 5) { - MaxWidth = AvgWidth * 6 / 5; - } - FX_Free(widths); - if (iMinWidth < MaxWidth) { - iMinWidth = MaxWidth; } } for (i = 0; i < m_BaseLines.GetSize(); i ++) { diff --git a/core/src/fpdftext/fpdf_text_int.cpp b/core/src/fpdftext/fpdf_text_int.cpp index 69d0bc574f..882b22ceec 100644 --- a/core/src/fpdftext/fpdf_text_int.cpp +++ b/core/src/fpdftext/fpdf_text_int.cpp @@ -1164,6 +1164,9 @@ void CPDF_TextPage::AddCharInfoByLRDirection(CFX_WideString& str, int i) FX_STRSIZE nCount = FX_Unicode_GetNormalization(wChar, pDst); if (nCount >= 1) { pDst = FX_Alloc(FX_WCHAR, nCount); + if (!pDst) { + return; + } FX_Unicode_GetNormalization(wChar, pDst); for (int nIndex = 0; nIndex < nCount; nIndex++) { PAGECHAR_INFO Info2 = Info; @@ -1196,6 +1199,9 @@ void CPDF_TextPage::AddCharInfoByRLDirection(CFX_WideString& str, int i) FX_STRSIZE nCount = FX_Unicode_GetNormalization(wChar, pDst); if (nCount >= 1) { pDst = FX_Alloc(FX_WCHAR, nCount); + if (!pDst) { + return; + } FX_Unicode_GetNormalization(wChar, pDst); for (int nIndex = 0; nIndex < nCount; nIndex++) { PAGECHAR_INFO Info2 = Info; diff --git a/core/src/fxcodec/codec/fx_codec.cpp b/core/src/fxcodec/codec/fx_codec.cpp index c325cccdd4..e8aad711f3 100644 --- a/core/src/fxcodec/codec/fx_codec.cpp +++ b/core/src/fxcodec/codec/fx_codec.cpp @@ -333,6 +333,9 @@ FX_BOOL CCodec_RLScanlineDecoder::Create(FX_LPCBYTE src_buf, FX_DWORD src_size, m_Pitch = (width * nComps * bpc + 31) / 32 * 4; m_dwLineBytes = (width * nComps * bpc + 7) / 8; m_pScanline = FX_Alloc(FX_BYTE, m_Pitch); + if (m_pScanline == NULL) { + return FALSE; + } return CheckDestSize(); } FX_BOOL CCodec_RLScanlineDecoder::v_Rewind() diff --git a/core/src/fxcodec/codec/fx_codec_fax.cpp b/core/src/fxcodec/codec/fx_codec_fax.cpp index dc2ee2aacd..33e89e4f92 100644 --- a/core/src/fxcodec/codec/fx_codec_fax.cpp +++ b/core/src/fxcodec/codec/fx_codec_fax.cpp @@ -622,7 +622,13 @@ FX_BOOL CCodec_FaxDecoder::Create(FX_LPCBYTE src_buf, FX_DWORD src_size, int wid m_OutputWidth = m_OrigWidth; m_OutputHeight = m_OrigHeight; m_pScanlineBuf = FX_Alloc(FX_BYTE, m_Pitch); + if (m_pScanlineBuf == NULL) { + return FALSE; + } m_pRefBuf = FX_Alloc(FX_BYTE, m_Pitch); + if (m_pRefBuf == NULL) { + return FALSE; + } m_pSrcBuf = src_buf; m_SrcSize = src_size; m_nComps = 1; @@ -699,6 +705,9 @@ extern "C" { pitch = (width + 7) / 8; } FX_LPBYTE ref_buf = FX_Alloc(FX_BYTE, pitch); + if (ref_buf == NULL) { + return; + } FXSYS_memset8(ref_buf, 0xff, pitch); int bitpos = *pbitpos; for (int iRow = 0; iRow < height; iRow ++) { @@ -936,6 +945,9 @@ CCodec_FaxEncoder::CCodec_FaxEncoder(FX_LPCBYTE src_buf, int width, int height, m_Rows = height; m_Pitch = pitch; m_pRefLine = FX_Alloc(FX_BYTE, m_Pitch); + if (m_pRefLine == NULL) { + return; + } FXSYS_memset8(m_pRefLine, 0xff, m_Pitch); m_pLineBuf = FX_Alloc2D(FX_BYTE, m_Pitch, 8); m_DestBuf.EstimateSize(0, 10240); diff --git a/core/src/fxcodec/codec/fx_codec_flate.cpp b/core/src/fxcodec/codec/fx_codec_flate.cpp index 7a19e8b855..4d43cc554b 100644 --- a/core/src/fxcodec/codec/fx_codec_flate.cpp +++ b/core/src/fxcodec/codec/fx_codec_flate.cpp @@ -583,8 +583,8 @@ class CCodec_FlateScanlineDecoder : public CCodec_ScanlineDecoder public: CCodec_FlateScanlineDecoder(); ~CCodec_FlateScanlineDecoder(); - void Create(FX_LPCBYTE src_buf, FX_DWORD src_size, int width, int height, int nComps, int bpc, - int predictor, int Colors, int BitsPerComponent, int Columns); + FX_BOOL Create(FX_LPCBYTE src_buf, FX_DWORD src_size, int width, int height, int nComps, int bpc, + int predictor, int Colors, int BitsPerComponent, int Columns); virtual void Destroy() { delete this; @@ -630,7 +630,7 @@ CCodec_FlateScanlineDecoder::~CCodec_FlateScanlineDecoder() FPDFAPI_FlateEnd(m_pFlate); } } -void CCodec_FlateScanlineDecoder::Create(FX_LPCBYTE src_buf, FX_DWORD src_size, int width, int height, +FX_BOOL CCodec_FlateScanlineDecoder::Create(FX_LPCBYTE src_buf, FX_DWORD src_size, int width, int height, int nComps, int bpc, int predictor, int Colors, int BitsPerComponent, int Columns) { m_SrcBuf = src_buf; @@ -642,6 +642,9 @@ void CCodec_FlateScanlineDecoder::Create(FX_LPCBYTE src_buf, FX_DWORD src_size, m_bColorTransformed = FALSE; m_Pitch = (width * nComps * bpc + 7) / 8; m_pScanline = FX_Alloc(FX_BYTE, m_Pitch); + if (m_pScanline == NULL) { + return FALSE; + } m_Predictor = 0; if (predictor) { if (predictor >= 10) { @@ -660,10 +663,20 @@ void CCodec_FlateScanlineDecoder::Create(FX_LPCBYTE src_buf, FX_DWORD src_size, m_Columns = Columns; m_PredictPitch = (m_BitsPerComponent * m_Colors * m_Columns + 7) / 8; m_pLastLine = FX_Alloc(FX_BYTE, m_PredictPitch); + if (m_pLastLine == NULL) { + return FALSE; + } m_pPredictRaw = FX_Alloc(FX_BYTE, m_PredictPitch + 1); + if (m_pPredictRaw == NULL) { + return FALSE; + } m_pPredictBuffer = FX_Alloc(FX_BYTE, m_PredictPitch); + if (m_pPredictBuffer == NULL) { + return FALSE; + } } } + return TRUE; } FX_BOOL CCodec_FlateScanlineDecoder::v_Rewind() { @@ -739,6 +752,8 @@ static void FlateUncompress(FX_LPCBYTE src_buf, FX_DWORD src_size, FX_DWORD orig FX_LPBYTE guess_buf = FX_Alloc(FX_BYTE, guess_size + 1); FX_LPBYTE cur_buf = guess_buf; + if (!guess_buf) + goto fail; guess_buf[guess_size] = '\0'; context = FPDFAPI_FlateInit(my_alloc_func, my_free_func); if (!context) @@ -794,6 +809,12 @@ static void FlateUncompress(FX_LPCBYTE src_buf, FX_DWORD src_size, FX_DWORD orig // |avail_buf_size| == 0 case. result_tmp_bufs.Add(cur_buf); cur_buf = FX_Alloc(FX_BYTE, buf_size + 1); + if (!cur_buf) { + for (FX_INT32 i = 0; i < result_tmp_bufs.GetSize(); i++) { + FX_Free(result_tmp_bufs[i]); + } + goto fail; + } cur_buf[buf_size] = '\0'; } dest_size = FPDFAPI_FlateGetTotalOut(context); @@ -802,6 +823,12 @@ static void FlateUncompress(FX_LPCBYTE src_buf, FX_DWORD src_size, FX_DWORD orig dest_buf = result_tmp_bufs[0]; } else { FX_LPBYTE result_buf = FX_Alloc(FX_BYTE, dest_size); + if (!result_buf) { + for (FX_INT32 i = 0; i < result_tmp_bufs.GetSize(); i++) { + FX_Free(result_tmp_bufs[i]); + } + goto fail; + } FX_DWORD result_pos = 0; for (FX_INT32 i = 0; i < result_tmp_bufs.GetSize(); i++) { FX_LPBYTE tmp_buf = result_tmp_bufs[i]; @@ -860,6 +887,9 @@ FX_DWORD CCodec_FlateModule::FlateOrLZWDecode(FX_BOOL bLZW, const FX_BYTE* src_b { nonstd::unique_ptr decoder(new CLZWDecoder); dest_buf = FX_Alloc( FX_BYTE, dest_size + 1); + if (dest_buf == NULL) { + return -1; + } dest_buf[dest_size] = '\0'; decoder->Decode(dest_buf, dest_size, src_buf, offset, bEarlyChange); } @@ -888,6 +918,9 @@ FX_BOOL CCodec_FlateModule::Encode(const FX_BYTE* src_buf, FX_DWORD src_size, } FX_LPBYTE pSrcBuf = NULL; pSrcBuf = FX_Alloc(FX_BYTE, src_size); + if (pSrcBuf == NULL) { + return FALSE; + } FXSYS_memcpy32(pSrcBuf, src_buf, src_size); FX_BOOL ret = TRUE; if (predictor == 2) { @@ -906,6 +939,9 @@ FX_BOOL CCodec_FlateModule::Encode(FX_LPCBYTE src_buf, FX_DWORD src_size, FX_LPB { dest_size = src_size + src_size / 1000 + 12; dest_buf = FX_Alloc( FX_BYTE, dest_size); + if (dest_buf == NULL) { + return FALSE; + } unsigned long temp_size = dest_size; FPDFAPI_FlateCompress(dest_buf, &temp_size, src_buf, src_size); dest_size = (FX_DWORD)temp_size; diff --git a/core/src/fxcodec/codec/fx_codec_icc.cpp b/core/src/fxcodec/codec/fx_codec_icc.cpp index 26b4c1adfc..a984fecc30 100644 --- a/core/src/fxcodec/codec/fx_codec_icc.cpp +++ b/core/src/fxcodec/codec/fx_codec_icc.cpp @@ -285,6 +285,9 @@ ICodec_IccModule::IccCS CCodec_IccModule::GetProfileCS(IFX_FileRead* pFile) ICodec_IccModule::IccCS cs; FX_DWORD dwSize = (FX_DWORD)pFile->GetSize(); FX_LPBYTE pBuf = FX_Alloc(FX_BYTE, dwSize); + if (pBuf == NULL) { + return IccCS_Unknown; + } pFile->ReadBlock(pBuf, 0, dwSize); cs = GetProfileCS(pBuf, dwSize); FX_Free(pBuf); @@ -488,6 +491,9 @@ FX_LPVOID CCodec_IccModule::CreateTransform(ICodec_IccModule::IccParam* pInputPa CFX_IccTransformCache* pTransformCache; if (!m_MapTranform.Lookup(TransformKey, (FX_LPVOID&)pTransformCache)) { pCmm = FX_Alloc(CLcmsCmm, 1); + if (pCmm == NULL) { + return NULL; + } pCmm->m_nSrcComponents = T_CHANNELS(dwInputProfileType); pCmm->m_nDstComponents = T_CHANNELS(dwOutputProfileType); pCmm->m_bLab = T_COLORSPACE(pInputParam->dwFormat) == PT_Lab; diff --git a/core/src/fxcodec/codec/fx_codec_jbig.cpp b/core/src/fxcodec/codec/fx_codec_jbig.cpp index 8fcd9f4711..278d9cbcf6 100644 --- a/core/src/fxcodec/codec/fx_codec_jbig.cpp +++ b/core/src/fxcodec/codec/fx_codec_jbig.cpp @@ -53,6 +53,9 @@ FX_BOOL CCodec_Jbig2Module::Decode(IFX_FileRead* file_ptr, CJBig2_Image* dest_image = NULL; FX_DWORD src_size = (FX_DWORD)file_ptr->GetSize(); FX_LPBYTE src_buf = FX_Alloc(FX_BYTE, src_size); + if (src_buf == NULL) { + return FALSE; + } int ret = 0; if(!file_ptr->ReadBlock(src_buf, 0, src_size)) { goto failed; @@ -130,6 +133,9 @@ FXCODEC_STATUS CCodec_Jbig2Module::StartDecode(void* pJbig2Context, IFX_FileRead m_pJbig2Context->m_dest_image = NULL; m_pJbig2Context->m_src_size = (FX_DWORD)file_ptr->GetSize(); m_pJbig2Context->m_src_buf = FX_Alloc(FX_BYTE, m_pJbig2Context->m_src_size); + if (m_pJbig2Context->m_src_buf == NULL) { + return FXCODEC_STATUS_ERR_MEMORY; + } int ret = 0; if(!file_ptr->ReadBlock((void*)m_pJbig2Context->m_src_buf, 0, m_pJbig2Context->m_src_size)) { goto failed; diff --git a/core/src/fxcodec/codec/fx_codec_jpx_opj.cpp b/core/src/fxcodec/codec/fx_codec_jpx_opj.cpp index 1a1616c0a1..3546f574f9 100644 --- a/core/src/fxcodec/codec/fx_codec_jpx_opj.cpp +++ b/core/src/fxcodec/codec/fx_codec_jpx_opj.cpp @@ -715,8 +715,14 @@ FX_BOOL CJPX_Decoder::Decode(FX_LPBYTE dest_buf, int pitch, FX_BOOL bTranslateCo } FXSYS_memset8(dest_buf, 0xff, image->y1 * pitch); FX_BYTE** channel_bufs = FX_Alloc(FX_BYTE*, image->numcomps); + if (channel_bufs == NULL) { + return FALSE; + } FX_BOOL result = FALSE; int* adjust_comps = FX_Alloc(int, image->numcomps); + if (adjust_comps == NULL) { + goto done; + } for (i = 0; i < (int)image->numcomps; i ++) { channel_bufs[i] = dest_buf + offsets[i]; adjust_comps[i] = image->comps[i].prec - 8; diff --git a/core/src/fxcrt/extension.h b/core/src/fxcrt/extension.h index c459bdcf99..dbee7e676a 100644 --- a/core/src/fxcrt/extension.h +++ b/core/src/fxcrt/extension.h @@ -348,7 +348,9 @@ public: if (m_dwFlags & FX_MEMSTREAM_Consecutive) { if (m_Blocks.GetSize() < 1) { FX_LPBYTE pBlock = FX_Alloc(FX_BYTE, FX_MAX(nInitSize, 4096)); - m_Blocks.Add(pBlock); + if (pBlock) { + m_Blocks.Add(pBlock); + } } m_nGrowSize = FX_MAX(nGrowSize, 4096); } else if (m_Blocks.GetSize() < 1) { @@ -405,6 +407,9 @@ protected: m_Blocks.SetSize(m_Blocks.GetSize() + (FX_INT32)size); while (size --) { FX_LPBYTE pBlock = FX_Alloc(FX_BYTE, m_nGrowSize); + if (!pBlock) { + return FALSE; + } m_Blocks.SetAt(iCount ++, pBlock); m_nTotalSize += m_nGrowSize; } diff --git a/core/src/fxcrt/fx_basic_array.cpp b/core/src/fxcrt/fx_basic_array.cpp index 43a5417c00..5a2a2e54a1 100644 --- a/core/src/fxcrt/fx_basic_array.cpp +++ b/core/src/fxcrt/fx_basic_array.cpp @@ -39,6 +39,10 @@ FX_BOOL CFX_BasicArray::SetSize(int nNewSize) return FALSE; } m_pData = FX_Alloc(FX_BYTE, totalSize.ValueOrDie()); + if (!m_pData) { + m_nSize = m_nMaxSize = 0; + return FALSE; + } m_nSize = m_nMaxSize = nNewSize; } else if (nNewSize <= m_nMaxSize) { if (nNewSize > m_nSize) { @@ -193,6 +197,10 @@ void* CFX_BaseSegmentedArray::Add() } if (m_IndexDepth == 0) { void** pIndex = (void**)FX_Alloc(void*, m_IndexSize); + if (pIndex == NULL) { + FX_Free(pSegment); + return NULL; + } pIndex[0] = m_pIndex; pIndex[1] = pSegment; m_pIndex = pIndex; @@ -214,6 +222,10 @@ void* CFX_BaseSegmentedArray::Add() } if (m_DataSize == tree_size * m_SegmentSize) { void** pIndex = (void**)FX_Alloc(void*, m_IndexSize); + if (pIndex == NULL) { + FX_Free(pSegment); + return NULL; + } pIndex[0] = m_pIndex; m_pIndex = pIndex; m_IndexDepth ++; @@ -224,6 +236,9 @@ void* CFX_BaseSegmentedArray::Add() for (i = 1; i < m_IndexDepth; i ++) { if (pSpot[seg_index / tree_size] == NULL) { pSpot[seg_index / tree_size] = (void*)FX_Alloc(void*, m_IndexSize); + if (pSpot[seg_index / tree_size] == NULL) { + break; + } } pSpot = (void**)pSpot[seg_index / tree_size]; seg_index = seg_index % tree_size; diff --git a/core/src/fxcrt/fx_basic_bstring.cpp b/core/src/fxcrt/fx_basic_bstring.cpp index 2377a6d624..781b821f00 100644 --- a/core/src/fxcrt/fx_basic_bstring.cpp +++ b/core/src/fxcrt/fx_basic_bstring.cpp @@ -73,6 +73,9 @@ CFX_ByteString::StringData* CFX_ByteString::StringData::Create(int nLen) FXSYS_assert(usableSize >= nLen); void* pData = FX_Alloc(FX_BYTE, totalSize); + if (!pData) { + return NULL; + } return new (pData) StringData(nLen, usableSize); } CFX_ByteString::~CFX_ByteString() diff --git a/core/src/fxcrt/fx_basic_buffer.cpp b/core/src/fxcrt/fx_basic_buffer.cpp index 06ba9413a5..7903740e47 100644 --- a/core/src/fxcrt/fx_basic_buffer.cpp +++ b/core/src/fxcrt/fx_basic_buffer.cpp @@ -88,8 +88,10 @@ void CFX_BinaryBuf::ExpandBuf(FX_STRSIZE add_size) } else { pNewBuffer = FX_Alloc(FX_BYTE, new_size); } - m_pBuffer = pNewBuffer; - m_AllocSize = new_size; + if (pNewBuffer) { + m_pBuffer = pNewBuffer; + m_AllocSize = new_size; + } } void CFX_BinaryBuf::CopyData(const void* pStr, FX_STRSIZE size) { @@ -454,6 +456,9 @@ FX_INT32 IFX_BufferArchive::AppendBlock(const void* pBuf, size_t size) } if (!m_pBuffer) { m_pBuffer = FX_Alloc(FX_BYTE, m_BufSize); + if (!m_pBuffer) { + return -1; + } } FX_LPBYTE buffer = (FX_LPBYTE)pBuf; FX_STRSIZE temp_size = (FX_STRSIZE)size; diff --git a/core/src/fxcrt/fx_basic_maps.cpp b/core/src/fxcrt/fx_basic_maps.cpp index 7fca42acde..8ae44ce6a0 100644 --- a/core/src/fxcrt/fx_basic_maps.cpp +++ b/core/src/fxcrt/fx_basic_maps.cpp @@ -413,7 +413,9 @@ static void _CompactStringStore(_CompactString* pCompact, FX_LPCBYTE pStr, int l pCompact->m_LenHigh = len / 256; pCompact->m_LenLow = len % 256; pCompact->m_pBuffer = FX_Alloc(FX_BYTE, len); - FXSYS_memcpy32(pCompact->m_pBuffer, pStr, len); + if (pCompact->m_pBuffer) { + FXSYS_memcpy32(pCompact->m_pBuffer, pStr, len); + } } static CFX_ByteStringC _CompactStringGet(_CompactString* pCompact) { diff --git a/core/src/fxcrt/fx_basic_plex.cpp b/core/src/fxcrt/fx_basic_plex.cpp index 78319bd5da..bff55461f4 100644 --- a/core/src/fxcrt/fx_basic_plex.cpp +++ b/core/src/fxcrt/fx_basic_plex.cpp @@ -9,6 +9,9 @@ CFX_Plex* CFX_Plex::Create(CFX_Plex*& pHead, FX_DWORD nMax, FX_DWORD cbElement) { CFX_Plex* p = (CFX_Plex*)FX_Alloc(FX_BYTE, sizeof(CFX_Plex) + nMax * cbElement); + if (!p) { + return NULL; + } p->pNext = pHead; pHead = p; return p; diff --git a/core/src/fxcrt/fx_basic_wstring.cpp b/core/src/fxcrt/fx_basic_wstring.cpp index 09e64e0c72..3c54ca983e 100644 --- a/core/src/fxcrt/fx_basic_wstring.cpp +++ b/core/src/fxcrt/fx_basic_wstring.cpp @@ -34,6 +34,9 @@ CFX_WideString::StringData* CFX_WideString::StringData::Create(int nLen) FXSYS_assert(usableLen >= nLen); void* pData = FX_Alloc(FX_BYTE, iSize.ValueOrDie()); + if (!pData) { + return NULL; + } return new (pData) StringData(nLen, usableLen); } CFX_WideString::~CFX_WideString() diff --git a/core/src/fxcrt/fx_extension.cpp b/core/src/fxcrt/fx_extension.cpp index 20e2e1a320..4790aee00d 100644 --- a/core/src/fxcrt/fx_extension.cpp +++ b/core/src/fxcrt/fx_extension.cpp @@ -275,6 +275,9 @@ extern "C" { FX_LPVOID FX_Random_MT_Start(FX_DWORD dwSeed) { FX_LPMTRANDOMCONTEXT pContext = FX_Alloc(FX_MTRANDOMCONTEXT, 1); + if (!pContext) { + return NULL; + } pContext->mt[0] = dwSeed; FX_DWORD &i = pContext->mti; FX_LPDWORD pBuf = pContext->mt; diff --git a/core/src/fxcrt/fxcrt_platforms.cpp b/core/src/fxcrt/fxcrt_platforms.cpp index 942d6a3c02..d9b99624d3 100644 --- a/core/src/fxcrt/fxcrt_platforms.cpp +++ b/core/src/fxcrt/fxcrt_platforms.cpp @@ -169,6 +169,9 @@ FX_BOOL FX_File_Copy(FX_BSTR fileNameSrc, FX_BSTR fileNameDst) } FX_FILESIZE num = 0; FX_LPBYTE pBuffer = FX_Alloc(FX_BYTE, 32768); + if (!pBuffer) { + return FALSE; + } while (num = src.Read(pBuffer, 32768)) { if (dst.Write(pBuffer, num) != num) { break; diff --git a/core/src/fxcrt/fxcrt_posix.cpp b/core/src/fxcrt/fxcrt_posix.cpp index 06d92c523d..2982435c96 100644 --- a/core/src/fxcrt/fxcrt_posix.cpp +++ b/core/src/fxcrt/fxcrt_posix.cpp @@ -165,6 +165,9 @@ FX_BOOL FX_File_Copy(FX_BSTR fileNameSrc, FX_BSTR fileNameDst) } size_t num = 0; FX_LPBYTE pBuffer = FX_Alloc(FX_BYTE, 32768); + if (!pBuffer) { + return FALSE; + } num = src.Read(pBuffer, 32768); while (num) { if (dst.Write(pBuffer, num) != num) { diff --git a/core/src/fxcrt/xml_int.h b/core/src/fxcrt/xml_int.h index f0a2485163..964c7944d1 100644 --- a/core/src/fxcrt/xml_int.h +++ b/core/src/fxcrt/xml_int.h @@ -107,6 +107,9 @@ public: m_dwSize = (size_t)FX_MIN(FX_XMLDATASTREAM_BufferSize, nLength - m_nStart); if (!m_pBuffer) { m_pBuffer = FX_Alloc(FX_BYTE, m_dwSize); + if (!m_pBuffer) { + return FALSE; + } } return m_pFileRead->ReadBlock(m_pBuffer, m_nStart, m_dwSize); } diff --git a/core/src/fxge/agg/agg23/agg_array.h b/core/src/fxge/agg/agg23/agg_array.h index 810eb4ef22..b3b5f2b877 100644 --- a/core/src/fxge/agg/agg23/agg_array.h +++ b/core/src/fxge/agg/agg23/agg_array.h @@ -111,8 +111,12 @@ void pod_array::capacity(unsigned cap, unsigned extra_tail) m_capacity = 0; } else if(full_cap > m_capacity) { FX_Free(m_array); + m_array = 0; + m_capacity = 0; m_array = FX_Alloc(T, full_cap); - m_capacity = full_cap; + if (m_array) { + m_capacity = full_cap; + } } } template diff --git a/core/src/fxge/agg/agg23/fx_agg_path_storage.cpp b/core/src/fxge/agg/agg23/fx_agg_path_storage.cpp index b62d4baa1c..b4b184e0a4 100644 --- a/core/src/fxge/agg/agg23/fx_agg_path_storage.cpp +++ b/core/src/fxge/agg/agg23/fx_agg_path_storage.cpp @@ -71,6 +71,9 @@ void path_storage::allocate_block(unsigned nb) FX_Alloc( FX_FLOAT, block_size * 2 + block_size / (sizeof(FX_FLOAT) / sizeof(unsigned char))); + if (!m_coord_blocks[nb]) { + return; + } m_cmd_blocks[nb] = (unsigned char*)(m_coord_blocks[nb] + block_size * 2); m_total_blocks++; diff --git a/core/src/fxge/agg/agg23/fx_agg_rasterizer_scanline_aa.cpp b/core/src/fxge/agg/agg23/fx_agg_rasterizer_scanline_aa.cpp index 1c32d96cab..634d10a3be 100644 --- a/core/src/fxge/agg/agg23/fx_agg_rasterizer_scanline_aa.cpp +++ b/core/src/fxge/agg/agg23/fx_agg_rasterizer_scanline_aa.cpp @@ -117,6 +117,9 @@ void outline_aa::allocate_block() if(m_cur_block >= m_num_blocks) { if(m_num_blocks >= m_max_blocks) { cell_aa** new_cells = FX_Alloc( cell_aa*, m_max_blocks + cell_block_pool); + if (!new_cells) { + return; + } if(m_cells) { FXSYS_memcpy32(new_cells, m_cells, m_max_blocks * sizeof(cell_aa*)); FX_Free(m_cells); @@ -125,6 +128,9 @@ void outline_aa::allocate_block() m_max_blocks += cell_block_pool; } m_cells[m_num_blocks++] = FX_Alloc(cell_aa, cell_block_size); + if (!m_cells[m_num_blocks - 1]) { + return; + } } m_cur_cell_ptr = m_cells[m_cur_block++]; } diff --git a/core/src/fxge/dib/fx_dib_composite.cpp b/core/src/fxge/dib/fx_dib_composite.cpp index e385bc9ffe..ae72fc5a43 100644 --- a/core/src/fxge/dib/fx_dib_composite.cpp +++ b/core/src/fxge/dib/fx_dib_composite.cpp @@ -3601,6 +3601,9 @@ inline void _ScanlineCompositor_InitSourcePalette(FXDIB_Format src_format, FXDIB if ((dest_format & 0xff) == 8) { int pal_count = 1 << (src_format & 0xff); FX_LPBYTE gray_pal = FX_Alloc(FX_BYTE, pal_count); + if (!gray_pal) { + return; + } pDestPalette = (FX_DWORD*)gray_pal; for (int i = 0; i < pal_count; i ++) { FX_DWORD color = isSrcCmyk ? FXCMYK_TODIB(pSrcPalette[i]) : FXARGB_TODIB(pSrcPalette[i]); @@ -3610,6 +3613,9 @@ inline void _ScanlineCompositor_InitSourcePalette(FXDIB_Format src_format, FXDIB } else { int palsize = 1 << (src_format & 0xff); pDestPalette = FX_Alloc(FX_DWORD, palsize); + if (!pDestPalette) { + return; + } for (int i = 0; i < palsize; i ++) { FX_DWORD color = isSrcCmyk ? FXCMYK_TODIB(pSrcPalette[i]) : FXARGB_TODIB(pSrcPalette[i]); pIccModule->TranslateScanline(pIccTransform, (FX_LPBYTE)&color, (FX_LPCBYTE)&color, 1); @@ -3619,6 +3625,9 @@ inline void _ScanlineCompositor_InitSourcePalette(FXDIB_Format src_format, FXDIB } else { int pal_count = 1 << (src_format & 0xff); FX_LPBYTE gray_pal = FX_Alloc(FX_BYTE, pal_count); + if (!gray_pal) { + return; + } if (pal_count == 2) { gray_pal[0] = 0; gray_pal[1] = 255; @@ -3632,6 +3641,10 @@ inline void _ScanlineCompositor_InitSourcePalette(FXDIB_Format src_format, FXDIB pDestPalette = (FX_DWORD*)gray_pal; } else { pDestPalette = FX_Alloc(FX_DWORD, pal_count); + if (!pDestPalette) { + FX_Free(gray_pal); + return; + } for (int i = 0; i < pal_count; i ++) { pIccModule->TranslateScanline(pIccTransform, (FX_LPBYTE)&pDestPalette[i], &gray_pal[i], 1); pDestPalette[i] = isDstCmyk ? FXCMYK_TODIB(pDestPalette[i]) : FXARGB_TODIB(pDestPalette[i]); @@ -3644,6 +3657,9 @@ inline void _ScanlineCompositor_InitSourcePalette(FXDIB_Format src_format, FXDIB if ((dest_format & 0xff) == 8) { int pal_count = 1 << (src_format & 0xff); FX_LPBYTE gray_pal = FX_Alloc(FX_BYTE, pal_count); + if (!gray_pal) { + return; + } pDestPalette = (FX_DWORD*)gray_pal; if (isSrcCmyk) { for (int i = 0; i < pal_count; i ++) { @@ -3661,6 +3677,9 @@ inline void _ScanlineCompositor_InitSourcePalette(FXDIB_Format src_format, FXDIB } else { int palsize = 1 << (src_format & 0xff); pDestPalette = FX_Alloc(FX_DWORD, palsize); + if (!pDestPalette) { + return; + } if (isDstCmyk == isSrcCmyk) { FXSYS_memcpy32(pDestPalette, pSrcPalette, palsize * sizeof(FX_DWORD)); } else { @@ -3677,6 +3696,9 @@ inline void _ScanlineCompositor_InitSourcePalette(FXDIB_Format src_format, FXDIB if ((dest_format & 0xff) == 8) { int pal_count = 1 << (src_format & 0xff); FX_LPBYTE gray_pal = FX_Alloc(FX_BYTE, pal_count); + if (!gray_pal) { + return; + } if (pal_count == 2) { gray_pal[0] = 0; gray_pal[1] = 255; @@ -3689,6 +3711,9 @@ inline void _ScanlineCompositor_InitSourcePalette(FXDIB_Format src_format, FXDIB } else { int palsize = 1 << (src_format & 0xff); pDestPalette = FX_Alloc(FX_DWORD, palsize); + if (!pDestPalette) { + return; + } if (palsize == 2) { pDestPalette[0] = isSrcCmyk ? 255 : 0xff000000; pDestPalette[1] = isSrcCmyk ? 0 : 0xffffffff; @@ -4438,13 +4463,25 @@ FX_BOOL CFX_BitmapComposer::SetInfo(int width, int height, FXDIB_Format src_form } if (m_bVertical) { m_pScanlineV = FX_Alloc(FX_BYTE, m_pBitmap->GetBPP() / 8 * width + 4); + if (!m_pScanlineV) { + return FALSE; + } m_pClipScanV = FX_Alloc(FX_BYTE, m_pBitmap->GetHeight()); + if (!m_pClipScanV) { + return FALSE; + } if (m_pBitmap->m_pAlphaMask) { m_pScanlineAlphaV = FX_Alloc(FX_BYTE, width + 4); + if (!m_pScanlineAlphaV) { + return FALSE; + } } } if (m_BitmapAlpha < 255) { m_pAddClipScan = FX_Alloc(FX_BYTE, m_bVertical ? m_pBitmap->GetHeight() : m_pBitmap->GetWidth()); + if (!m_pAddClipScan) { + return FALSE; + } } return TRUE; } diff --git a/core/src/fxge/dib/fx_dib_convert.cpp b/core/src/fxge/dib/fx_dib_convert.cpp index dacc43db64..4a8befe5e3 100644 --- a/core/src/fxge/dib/fx_dib_convert.cpp +++ b/core/src/fxge/dib/fx_dib_convert.cpp @@ -236,6 +236,9 @@ FX_BOOL CFX_Palette::BuildPalette(const CFX_DIBSource* pBitmap, int pal_type) FX_Free(m_pPalette); } m_pPalette = FX_Alloc(FX_DWORD, 256); + if (!m_pPalette) { + return FALSE; + } int bpp = pBitmap->GetBPP() / 8; int width = pBitmap->GetWidth(); int height = pBitmap->GetHeight(); @@ -248,7 +251,13 @@ FX_BOOL CFX_Palette::BuildPalette(const CFX_DIBSource* pBitmap, int pal_type) m_aLut = NULL; } m_cLut = FX_Alloc(FX_DWORD, 4096); + if (!m_cLut) { + return FALSE; + } m_aLut = FX_Alloc(FX_DWORD, 4096); + if (!m_aLut) { + return FALSE; + } int row, col; m_lut = 0; for (row = 0; row < height; row++) { @@ -859,6 +868,9 @@ FX_BOOL ConvertBuffer(FXDIB_Format dest_format, FX_LPBYTE dest_buf, int dest_pit return ConvertBuffer(FXDIB_8bppMask, dest_buf, dest_pitch, width, height, pSrcBitmap, src_left, src_top, d_pal, pIccTransform); } d_pal = FX_Alloc(FX_DWORD, 256); + if (!d_pal) { + return FALSE; + } if (((src_format & 0xff) == 1 || (src_format & 0xff) == 8) && pSrcBitmap->GetPalette()) { return _ConvertBuffer_Plt2PltRgb8(dest_buf, dest_pitch, width, height, pSrcBitmap, src_left, src_top, d_pal, pIccTransform); } else if ((src_format & 0xff) >= 24) { diff --git a/core/src/fxge/dib/fx_dib_engine.cpp b/core/src/fxge/dib/fx_dib_engine.cpp index b486def167..7c40171c2b 100644 --- a/core/src/fxge/dib/fx_dib_engine.cpp +++ b/core/src/fxge/dib/fx_dib_engine.cpp @@ -796,8 +796,14 @@ FX_BOOL CFX_ImageStretcher::StartQuickStretch() } size *= m_DestBPP; m_pScanline = FX_Alloc(FX_BYTE, (size / 8 + 3) / 4 * 4); + if (!m_pScanline) { + return FALSE; + } if (m_pSource->m_pAlphaMask) { m_pMaskScanline = FX_Alloc(FX_BYTE, (m_ClipRect.Width() + 3) / 4 * 4); + if (!m_pMaskScanline) { + return FALSE; + } } if (m_pSource->GetWidth() * m_pSource->GetHeight() < MAX_PROGRESSIVE_STRETCH_PIXELS) { ContinueQuickStretch(NULL); diff --git a/core/src/fxge/dib/fx_dib_main.cpp b/core/src/fxge/dib/fx_dib_main.cpp index f55b2f5737..a54c9abed0 100644 --- a/core/src/fxge/dib/fx_dib_main.cpp +++ b/core/src/fxge/dib/fx_dib_main.cpp @@ -85,12 +85,12 @@ FX_BOOL CFX_DIBitmap::Create(int width, int height, FXDIB_Format format, FX_LPBY int oomlimit = _MAX_OOM_LIMIT_; if (oomlimit >= 0 && size >= oomlimit) { m_pBuffer = FX_TryAlloc(FX_BYTE, size); - if (m_pBuffer == NULL) { - return FALSE; - } } else { m_pBuffer = FX_Alloc(FX_BYTE, size); } + if (m_pBuffer == NULL) { + return FALSE; + } } m_Width = width; m_Height = height; @@ -202,6 +202,9 @@ void CFX_DIBSource::BuildPalette() } if (GetBPP() == 1) { m_pPalette = FX_Alloc(FX_DWORD, 2); + if (!m_pPalette) { + return; + } if(IsCmykImage()) { m_pPalette[0] = 0xff; m_pPalette[1] = 0; @@ -211,6 +214,9 @@ void CFX_DIBSource::BuildPalette() } } else if (GetBPP() == 8) { m_pPalette = FX_Alloc(FX_DWORD, 256); + if (!m_pPalette) { + return; + } if(IsCmykImage()) { for (int i = 0; i < 256; i ++) { m_pPalette[i] = 0xff - i; @@ -525,6 +531,9 @@ void CFX_DIBSource::CopyPalette(const FX_DWORD* pSrc, FX_DWORD size) if (m_pPalette == NULL) { m_pPalette = FX_Alloc(FX_DWORD, pal_size); } + if (!m_pPalette) { + return; + } if (pal_size > size) { pal_size = size; } diff --git a/core/src/fxge/ge/fx_ge_font.cpp b/core/src/fxge/ge/fx_ge_font.cpp index 1896218cbf..104a23998d 100644 --- a/core/src/fxge/ge/fx_ge_font.cpp +++ b/core/src/fxge/ge/fx_ge_font.cpp @@ -104,6 +104,9 @@ extern "C" { FX_BOOL _LoadFile(FXFT_Library library, FXFT_Face* Face, IFX_FileRead* pFile, FXFT_Stream* stream) { FXFT_Stream stream1 = (FXFT_Stream)FX_Alloc(FX_BYTE, sizeof (FXFT_StreamRec)); + if (!stream1) { + return FALSE; + } stream1->base = NULL; stream1->size = (unsigned long)pFile->GetSize(); stream1->pos = 0; @@ -174,6 +177,9 @@ static FXFT_Face FT_LoadFont(FX_LPBYTE pData, int size) FX_BOOL CFX_Font::LoadEmbedded(FX_LPCBYTE data, FX_DWORD size) { m_pFontDataAllocation = FX_Alloc(FX_BYTE, size); + if (!m_pFontDataAllocation) { + return FALSE; + } FXSYS_memcpy32(m_pFontDataAllocation, data, size); m_Face = FT_LoadFont((FX_LPBYTE)m_pFontDataAllocation, size); m_pFontData = (FX_LPBYTE)m_pFontDataAllocation; diff --git a/core/src/fxge/ge/fx_ge_fontmap.cpp b/core/src/fxge/ge/fx_ge_fontmap.cpp index 74f97d1b2e..f058f03bce 100644 --- a/core/src/fxge/ge/fx_ge_fontmap.cpp +++ b/core/src/fxge/ge/fx_ge_fontmap.cpp @@ -564,6 +564,9 @@ CFX_ByteString CFX_FontMapper::GetPSNameFromTT(void* hFont) FX_DWORD size = m_pFontInfo->GetFontData(hFont, 0x6e616d65, NULL, 0); if (size) { FX_LPBYTE buffer = FX_Alloc(FX_BYTE, size); + if (!buffer) { + return result; + } m_pFontInfo->GetFontData(hFont, 0x6e616d65, buffer, size); result = _FPDF_GetNameFromTT(buffer, 6); FX_Free(buffer); @@ -1206,15 +1209,21 @@ FXFT_Face CFX_FontMapper::FindSubstFont(const CFX_ByteString& name, FX_BOOL bTru face = m_pFontMgr->GetCachedTTCFace(ttc_size, checksum, ttc_size - font_size, pFontData); if (face == NULL) { pFontData = FX_Alloc(FX_BYTE, ttc_size); - m_pFontInfo->GetFontData(hFont, 0x74746366, pFontData, ttc_size); - face = m_pFontMgr->AddCachedTTCFace(ttc_size, checksum, pFontData, ttc_size, - ttc_size - font_size); + if (pFontData) { + m_pFontInfo->GetFontData(hFont, 0x74746366, pFontData, ttc_size); + face = m_pFontMgr->AddCachedTTCFace(ttc_size, checksum, pFontData, ttc_size, + ttc_size - font_size); + } } } else { FX_LPBYTE pFontData; face = m_pFontMgr->GetCachedFace(SubstName, weight, bItalic, pFontData); if (face == NULL) { pFontData = FX_Alloc(FX_BYTE, font_size); + if (!pFontData) { + m_pFontInfo->DeleteFont(hFont); + return NULL; + } m_pFontInfo->GetFontData(hFont, 0, pFontData, font_size); face = m_pFontMgr->AddCachedFace(SubstName, weight, bItalic, pFontData, font_size, m_pFontInfo->GetFaceIndex(hFont)); } @@ -1371,6 +1380,10 @@ void CFX_FolderFontInfo::ScanFile(CFX_ByteString& path) } FX_DWORD face_bytes = nFaces * 4; FX_LPBYTE offsets = FX_Alloc(FX_BYTE, face_bytes); + if (!offsets) { + FXSYS_fclose(pFile); + return; + } readCnt = FXSYS_fread(offsets, face_bytes, 1, pFile); if (readCnt != face_bytes) { FX_Free(offsets); diff --git a/core/src/fxge/ge/fx_ge_path.cpp b/core/src/fxge/ge/fx_ge_path.cpp index 5982082f7b..b96a2f1163 100644 --- a/core/src/fxge/ge/fx_ge_path.cpp +++ b/core/src/fxge/ge/fx_ge_path.cpp @@ -4,10 +4,8 @@ // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com -#include "../../../../third_party/base/numerics/safe_math.h" #include "../../../include/fxcrt/fx_basic.h" #include "../../../include/fxge/fx_ge.h" - CFX_ClipRgn::CFX_ClipRgn(int width, int height) { m_Type = RectI; @@ -122,7 +120,7 @@ CFX_PathData::~CFX_PathData() FX_Free(m_pPoints); } } -void CFX_PathData::SetPointCount(int nPoints) +FX_BOOL CFX_PathData::SetPointCount(int nPoints) { m_PointCount = nPoints; if (m_AllocCount < nPoints) { @@ -131,13 +129,20 @@ void CFX_PathData::SetPointCount(int nPoints) m_pPoints = NULL; } m_pPoints = FX_Alloc(FX_PATHPOINT, nPoints); + if (!m_pPoints) { + return FALSE; + } m_AllocCount = nPoints; } + return TRUE; } -void CFX_PathData::AllocPointCount(int nPoints) +FX_BOOL CFX_PathData::AllocPointCount(int nPoints) { if (m_AllocCount < nPoints) { FX_PATHPOINT* pNewBuf = FX_Alloc(FX_PATHPOINT, nPoints); + if (!pNewBuf) { + return FALSE; + } if (m_PointCount) { FXSYS_memcpy32(pNewBuf, m_pPoints, m_PointCount * sizeof(FX_PATHPOINT)); } @@ -147,11 +152,16 @@ void CFX_PathData::AllocPointCount(int nPoints) m_pPoints = pNewBuf; m_AllocCount = nPoints; } + return TRUE; } CFX_PathData::CFX_PathData(const CFX_PathData& src) { + m_pPoints = NULL; m_PointCount = m_AllocCount = src.m_PointCount; m_pPoints = FX_Alloc(FX_PATHPOINT, src.m_PointCount); + if (!m_pPoints) { + return; + } FXSYS_memcpy32(m_pPoints, src.m_pPoints, sizeof(FX_PATHPOINT) * m_PointCount); } void CFX_PathData::TrimPoints(int nPoints) @@ -161,23 +171,29 @@ void CFX_PathData::TrimPoints(int nPoints) } SetPointCount(nPoints); } -void CFX_PathData::AddPointCount(int addPoints) +FX_BOOL CFX_PathData::AddPointCount(int addPoints) { - pdfium::base::CheckedNumeric new_count = m_PointCount; - new_count += addPoints; - m_PointCount = new_count.ValueOrDie(); - AllocPointCount(m_PointCount); + int new_count = m_PointCount + addPoints; + if (!AllocPointCount(new_count)) { + return FALSE; + } + m_PointCount = new_count; + return TRUE; } -void CFX_PathData::Append(const CFX_PathData* pSrc, const CFX_AffineMatrix* pMatrix) +FX_BOOL CFX_PathData::Append(const CFX_PathData* pSrc, const CFX_AffineMatrix* pMatrix) { int old_count = m_PointCount; - AddPointCount(pSrc->m_PointCount); + if (!AddPointCount(pSrc->m_PointCount)) { + return FALSE; + } FXSYS_memcpy32(m_pPoints + old_count, pSrc->m_pPoints, pSrc->m_PointCount * sizeof(FX_PATHPOINT)); - if (pMatrix) { - for (int i = 0; i < pSrc->m_PointCount; i ++) { - pMatrix->Transform(m_pPoints[old_count + i].m_PointX, m_pPoints[old_count + i].m_PointY); - } + if (pMatrix == NULL) { + return TRUE; } + for (int i = 0; i < pSrc->m_PointCount; i ++) { + pMatrix->Transform(m_pPoints[old_count + i].m_PointX, m_pPoints[old_count + i].m_PointY); + } + return TRUE; } void CFX_PathData::SetPoint(int index, FX_FLOAT x, FX_FLOAT y, int flag) { @@ -186,10 +202,12 @@ void CFX_PathData::SetPoint(int index, FX_FLOAT x, FX_FLOAT y, int flag) m_pPoints[index].m_PointY = y; m_pPoints[index].m_Flag = flag; } -void CFX_PathData::AppendRect(FX_FLOAT left, FX_FLOAT bottom, FX_FLOAT right, FX_FLOAT top) +FX_BOOL CFX_PathData::AppendRect(FX_FLOAT left, FX_FLOAT bottom, FX_FLOAT right, FX_FLOAT top) { int old_count = m_PointCount; - AddPointCount(5); + if (!AddPointCount(5)) { + return FALSE; + } FX_PATHPOINT* pPoints = m_pPoints + old_count; pPoints[0].m_PointX = pPoints[1].m_PointX = pPoints[4].m_PointX = left; pPoints[2].m_PointX = pPoints[3].m_PointX = right; @@ -198,6 +216,7 @@ void CFX_PathData::AppendRect(FX_FLOAT left, FX_FLOAT bottom, FX_FLOAT right, FX pPoints[0].m_Flag = FXPT_MOVETO; pPoints[1].m_Flag = pPoints[2].m_Flag = pPoints[3].m_Flag = FXPT_LINETO; pPoints[4].m_Flag = FXPT_LINETO | FXPT_CLOSEFIGURE; + return TRUE; } CFX_FloatRect CFX_PathData::GetBoundingBox() const { @@ -571,10 +590,13 @@ FX_BOOL CFX_PathData::IsRect(const CFX_AffineMatrix* pMatrix, CFX_FloatRect* pRe } return TRUE; } -void CFX_PathData::Copy(const CFX_PathData &src) +FX_BOOL CFX_PathData::Copy(const CFX_PathData &src) { - SetPointCount(src.m_PointCount); + if (!SetPointCount(src.m_PointCount)) { + return FALSE; + } FXSYS_memcpy32(m_pPoints, src.m_pPoints, sizeof(FX_PATHPOINT) * m_PointCount); + return TRUE; } CFX_GraphStateData::CFX_GraphStateData() { @@ -605,6 +627,9 @@ void CFX_GraphStateData::Copy(const CFX_GraphStateData& src) m_LineWidth = src.m_LineWidth; if (m_DashCount) { m_DashArray = FX_Alloc(FX_FLOAT, m_DashCount); + if (!m_DashArray) { + return; + } FXSYS_memcpy32(m_DashArray, src.m_DashArray, m_DashCount * sizeof(FX_FLOAT)); } } diff --git a/core/src/fxge/ge/fx_ge_ps.cpp b/core/src/fxge/ge/fx_ge_ps.cpp index e81b6bf362..ad572115c5 100644 --- a/core/src/fxge/ge/fx_ge_ps.cpp +++ b/core/src/fxge/ge/fx_ge_ps.cpp @@ -349,6 +349,9 @@ FX_BOOL CFX_PSRenderer::DrawDIBits(const CFX_DIBSource* pSource, FX_DWORD color, int pitch = (width + 7) / 8; FX_DWORD src_size = height * pitch; FX_LPBYTE src_buf = FX_Alloc(FX_BYTE, src_size); + if (!src_buf) { + return FALSE; + } for (int row = 0; row < height; row ++) { FX_LPCBYTE src_scan = pSource->GetScanline(row); FXSYS_memcpy32(src_buf + row * pitch, src_scan, pitch); @@ -422,6 +425,13 @@ FX_BOOL CFX_PSRenderer::DrawDIBits(const CFX_DIBSource* pSource, FX_DWORD color, int src_pitch = width * Bpp; output_size = height * src_pitch; output_buf = FX_Alloc(FX_BYTE, output_size); + if (!output_buf) { + if (pConverted != pSource) { + delete pConverted; + pConverted = NULL; + } + return FALSE; + } for (int row = 0; row < height; row ++) { FX_LPCBYTE src_scan = pConverted->GetScanline(row); FX_LPBYTE dest_scan = output_buf + row * src_pitch; diff --git a/core/src/fxge/ge/fx_ge_text.cpp b/core/src/fxge/ge/fx_ge_text.cpp index f6d2fa510f..21eebb7630 100644 --- a/core/src/fxge/ge/fx_ge_text.cpp +++ b/core/src/fxge/ge/fx_ge_text.cpp @@ -203,6 +203,9 @@ FX_BOOL CFX_RenderDevice::DrawNormalText(int nChars, const FXTEXT_CHARPOS* pChar CFX_FaceCache* pFaceCache = pCache->GetCachedFace(pFont); FX_FONTCACHE_DEFINE(pCache, pFont); FXTEXT_GLYPHPOS* pGlyphAndPos = FX_Alloc(FXTEXT_GLYPHPOS, nChars); + if (!pGlyphAndPos) { + return FALSE; + } int iChar; deviceCtm = char2device; CFX_AffineMatrix matrixCTM = GetCTM(); diff --git a/core/src/fxge/win32/fx_win32_device.cpp b/core/src/fxge/win32/fx_win32_device.cpp index 0717fb1528..00baa2bee9 100644 --- a/core/src/fxge/win32/fx_win32_device.cpp +++ b/core/src/fxge/win32/fx_win32_device.cpp @@ -655,6 +655,9 @@ static HPEN _CreatePen(const CFX_GraphStateData* pGraphState, const CFX_AffineMa FX_DWORD* pDash = NULL; if (pGraphState->m_DashCount) { pDash = FX_Alloc(FX_DWORD, pGraphState->m_DashCount); + if (!pDash) { + return NULL; + } for (int i = 0; i < pGraphState->m_DashCount; i ++) { pDash[i] = FXSYS_round(pMatrix ? pMatrix->TransformDistance(pGraphState->m_DashArray[i]) : pGraphState->m_DashArray[i]); if (pDash[i] < 1) { diff --git a/core/src/fxge/win32/fx_win32_dib.cpp b/core/src/fxge/win32/fx_win32_dib.cpp index 46abdb366c..ec523c39c1 100644 --- a/core/src/fxge/win32/fx_win32_dib.cpp +++ b/core/src/fxge/win32/fx_win32_dib.cpp @@ -69,6 +69,12 @@ CFX_DIBitmap* _FX_WindowsDIB_LoadFromBuf(BITMAPINFO* pbmi, LPVOID pData, FX_BOOL FXSYS_memcpy32(pBitmap->GetBuffer(), pData, pitch * height); if (bBottomUp) { FX_LPBYTE temp_buf = FX_Alloc(FX_BYTE, pitch); + if (!temp_buf) { + if (pBitmap) { + delete pBitmap; + } + return NULL; + } int top = 0, bottom = height - 1; while (top < bottom) { FXSYS_memcpy32(temp_buf, pBitmap->GetBuffer() + top * pitch, pitch); @@ -197,6 +203,13 @@ CFX_DIBitmap* CFX_WindowsDIB::LoadFromDDB(HDC hDC, HBITMAP hBitmap, FX_DWORD* pP size += sizeof (FX_DWORD) * 254; } BITMAPINFO* pbmih = (BITMAPINFO*)FX_Alloc(FX_BYTE, size); + if (!pbmih) { + delete pDIBitmap; + if (bCreatedDC) { + DeleteDC(hDC); + } + return NULL; + } pbmih->bmiHeader.biSize = sizeof(BITMAPINFOHEADER); pbmih->bmiHeader.biBitCount = bmih.biBitCount; pbmih->bmiHeader.biCompression = BI_RGB; diff --git a/core/src/fxge/win32/fx_win32_gdipext.cpp b/core/src/fxge/win32/fx_win32_gdipext.cpp index 67aa16242b..49c3f2b0cf 100644 --- a/core/src/fxge/win32/fx_win32_gdipext.cpp +++ b/core/src/fxge/win32/fx_win32_gdipext.cpp @@ -766,6 +766,9 @@ static GpPen* _GdipCreatePen(const CFX_GraphStateData* pGraphState, const CFX_Af CallFunc(GdipSetPenLineJoin)(pPen, lineJoin); if(pGraphState->m_DashCount) { FX_FLOAT* pDashArray = FX_Alloc(FX_FLOAT, pGraphState->m_DashCount + pGraphState->m_DashCount % 2); + if (!pDashArray) { + return NULL; + } int nCount = 0; FX_FLOAT on_leftover = 0, off_leftover = 0; for (int i = 0; i < pGraphState->m_DashCount; i += 2) { @@ -867,7 +870,14 @@ BOOL CGdiplusExt::DrawPath(HDC hDC, const CFX_PathData* pPathData, CallFunc(GdipSetWorldTransform)(pGraphics, pMatrix); } PointF *points = FX_Alloc(PointF, nPoints); + if (!points) { + return FALSE; + } BYTE * types = FX_Alloc(BYTE, nPoints); + if (!types) { + FX_Free(points); + return FALSE; + } int nSubPathes = 0; FX_BOOL bSubClose = FALSE; int pos_subclose = 0; @@ -1182,6 +1192,12 @@ static PREVIEW3_DIBITMAP* LoadDIBitmap(WINDIB_Open_Args_ args) dest_pixel_format = PixelFormat32bppARGB; } LPBYTE buf = FX_Alloc(BYTE, info_size); + if (!buf) { + if (pStream) { + pStream->Release(); + } + return NULL; + } BITMAPINFOHEADER* pbmih = (BITMAPINFOHEADER*)buf; pbmih->biBitCount = bpp; pbmih->biCompression = BI_RGB; @@ -1190,6 +1206,12 @@ static PREVIEW3_DIBITMAP* LoadDIBitmap(WINDIB_Open_Args_ args) pbmih->biWidth = width; Rect rect(0, 0, width, height); BitmapData* pBitmapData = FX_Alloc(BitmapData, 1); + if (!pBitmapData) { + if (pStream) { + pStream->Release(); + } + return NULL; + } CallFunc(GdipBitmapLockBits)(pBitmap, &rect, ImageLockModeRead, dest_pixel_format, pBitmapData); if (pixel_format == PixelFormat1bppIndexed || pixel_format == PixelFormat8bppIndexed) { @@ -1208,6 +1230,12 @@ static PREVIEW3_DIBITMAP* LoadDIBitmap(WINDIB_Open_Args_ args) } } PREVIEW3_DIBITMAP* pInfo = FX_Alloc(PREVIEW3_DIBITMAP, 1); + if (!pInfo) { + if (pStream) { + pStream->Release(); + } + return NULL; + } pInfo->pbmi = (BITMAPINFO*)buf; pInfo->pScan0 = (LPBYTE)pBitmapData->Scan0; pInfo->Stride = pBitmapData->Stride; diff --git a/core/src/fxge/win32/fx_win32_print.cpp b/core/src/fxge/win32/fx_win32_print.cpp index 670622a5fb..7dc48a1808 100644 --- a/core/src/fxge/win32/fx_win32_print.cpp +++ b/core/src/fxge/win32/fx_win32_print.cpp @@ -295,6 +295,9 @@ FX_BOOL CPSPrinterDriver::Init(HDC hDC, int pslevel, FX_BOOL bCmykOutput) ret = ::GetRegionData(hRgn, 0, NULL); if (ret) { RGNDATA* pData = (RGNDATA*)FX_Alloc(FX_BYTE, ret); + if (!pData) { + return FALSE; + } ret = ::GetRegionData(hRgn, ret, pData); if (ret) { CFX_PathData path; diff --git a/fpdfsdk/src/fsdk_baseform.cpp b/fpdfsdk/src/fsdk_baseform.cpp index 0cbc4baa44..9ab61843b8 100644 --- a/fpdfsdk/src/fsdk_baseform.cpp +++ b/fpdfsdk/src/fsdk_baseform.cpp @@ -2352,10 +2352,13 @@ FX_BOOL CPDFSDK_InterForm::FDFToURLEncodedData(FX_LPBYTE& pBuf, FX_STRSIZE& nBuf if(i != pFields->GetCount()-1) fdfEncodedData = fdfEncodedData<<"&"; } - + nBufSize = fdfEncodedData.GetLength(); pBuf = FX_Alloc(FX_BYTE, nBufSize); + if(!pBuf) + return FALSE; FXSYS_memcpy(pBuf, fdfEncodedData.GetBuffer(), nBufSize); + } return TRUE; } diff --git a/fpdfsdk/src/pdfwindow/PWL_Edit.cpp b/fpdfsdk/src/pdfwindow/PWL_Edit.cpp index 678da68b49..f704a67731 100644 --- a/fpdfsdk/src/pdfwindow/PWL_Edit.cpp +++ b/fpdfsdk/src/pdfwindow/PWL_Edit.cpp @@ -426,15 +426,17 @@ void CPWL_Edit::DrawThisAppearance(CFX_RenderDevice* pDevice, CPDF_Matrix* pUser gsd.m_LineWidth = (FX_FLOAT)GetBorderWidth(); CFX_PathData path; - path.SetPointCount(nCharArraySafe.ValueOrDie()); - + if (!path.SetPointCount(nCharArraySafe.ValueOrDie())) { + return; + } + for (FX_INT32 i=0; i 0) pDevice->DrawPath(&path, pUser2Device, &gsd,0, CPWL_Utils::PWLColorToFXColor(GetBorderColor(),255), FXFILL_ALTERNATE); @@ -451,17 +453,19 @@ void CPWL_Edit::DrawThisAppearance(CFX_RenderDevice* pDevice, CPDF_Matrix* pUser gsd.m_DashPhase = (FX_FLOAT)GetBorderDash().nPhase; CFX_PathData path; - path.SetPointCount(nCharArraySafe.ValueOrDie()); - + if (!path.SetPointCount(nCharArraySafe.ValueOrDie())) { + return; + } + for (FX_INT32 i=0; i 0) - pDevice->DrawPath(&path, pUser2Device, &gsd,0, + pDevice->DrawPath(&path, pUser2Device, &gsd,0, CPWL_Utils::PWLColorToFXColor(GetBorderColor(),255), FXFILL_ALTERNATE); } break; -- cgit v1.2.3