From eed247e9cb3b0e9ce5dcb8bf6ee7673c9dd3e544 Mon Sep 17 00:00:00 2001 From: Henrique Nakashima Date: Wed, 19 Jul 2017 14:12:03 -0400 Subject: Converting CFX_ByteTextBuf to ostringstream in SAX. Respin of https://pdfium-review.googlesource.com/c/6592 with fixes that avoid invalid reads. Bug: pdfium:731 Change-Id: I9395063505ba1a5c610e21b089ab8aa1a0a5b86f Reviewed-on: https://pdfium-review.googlesource.com/8290 Reviewed-by: Tom Sepez Commit-Queue: Henrique Nakashima --- BUILD.gn | 1 + core/fxcrt/xml/cfx_saxcontext.cpp | 9 +++++++++ core/fxcrt/xml/cfx_saxcontext.h | 7 +++++-- core/fxcrt/xml/cfx_saxreaderhandler.cpp | 28 ++++++++++++++-------------- 4 files changed, 29 insertions(+), 16 deletions(-) create mode 100644 core/fxcrt/xml/cfx_saxcontext.cpp diff --git a/BUILD.gn b/BUILD.gn index 1853d78e5c..e02882085b 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -887,6 +887,7 @@ static_library("fxcrt") { "core/fxcrt/fx_arabic.h", "core/fxcrt/ifx_chariter.h", "core/fxcrt/ifx_locale.h", + "core/fxcrt/xml/cfx_saxcontext.cpp", "core/fxcrt/xml/cfx_saxcontext.h", "core/fxcrt/xml/cfx_saxreader.cpp", "core/fxcrt/xml/cfx_saxreader.h", diff --git a/core/fxcrt/xml/cfx_saxcontext.cpp b/core/fxcrt/xml/cfx_saxcontext.cpp new file mode 100644 index 0000000000..4e2f0c58c9 --- /dev/null +++ b/core/fxcrt/xml/cfx_saxcontext.cpp @@ -0,0 +1,9 @@ +// Copyright 2017 PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "core/fxcrt/xml/cfx_saxcontext.h" + +CFX_SAXContext::CFX_SAXContext() : m_eNode(CFX_SAXItem::Type::Unknown) {} + +CFX_SAXContext::~CFX_SAXContext() {} diff --git a/core/fxcrt/xml/cfx_saxcontext.h b/core/fxcrt/xml/cfx_saxcontext.h index 7afebed98d..fcc889f7a3 100644 --- a/core/fxcrt/xml/cfx_saxcontext.h +++ b/core/fxcrt/xml/cfx_saxcontext.h @@ -7,15 +7,18 @@ #ifndef CORE_FXCRT_XML_CFX_SAXCONTEXT_H_ #define CORE_FXCRT_XML_CFX_SAXCONTEXT_H_ +#include + #include "core/fxcrt/fx_basic.h" #include "core/fxcrt/fx_string.h" #include "core/fxcrt/xml/cfx_saxreader.h" class CFX_SAXContext { public: - CFX_SAXContext() : m_eNode(CFX_SAXItem::Type::Unknown) {} + CFX_SAXContext(); + ~CFX_SAXContext(); - CFX_ByteTextBuf m_TextBuf; + std::ostringstream m_TextBuf; CFX_ByteString m_bsTagName; CFX_SAXItem::Type m_eNode; }; diff --git a/core/fxcrt/xml/cfx_saxreaderhandler.cpp b/core/fxcrt/xml/cfx_saxreaderhandler.cpp index e7b6cd186c..b8399ff5cc 100644 --- a/core/fxcrt/xml/cfx_saxreaderhandler.cpp +++ b/core/fxcrt/xml/cfx_saxreaderhandler.cpp @@ -6,6 +6,8 @@ #include "core/fxcrt/xml/cfx_saxreaderhandler.h" +#include + #include "core/fxcrt/cfx_checksumcontext.h" CFX_SAXReaderHandler::CFX_SAXReaderHandler(CFX_ChecksumContext* pContext) @@ -26,12 +28,11 @@ CFX_SAXContext* CFX_SAXReaderHandler::OnTagEnter( } m_SAXContext.m_eNode = eType; - CFX_ByteTextBuf& textBuf = m_SAXContext.m_TextBuf; - textBuf << "<"; + m_SAXContext.m_TextBuf << "<"; if (eType == CFX_SAXItem::Type::Instruction) - textBuf << "?"; + m_SAXContext.m_TextBuf << "?"; - textBuf << bsTagName; + m_SAXContext.m_TextBuf << bsTagName; m_SAXContext.m_bsTagName = bsTagName; return &m_SAXContext; } @@ -59,24 +60,22 @@ void CFX_SAXReaderHandler::OnTagData(CFX_SAXContext* pTag, if (!pTag) return; - CFX_ByteTextBuf& textBuf = pTag->m_TextBuf; if (eType == CFX_SAXItem::Type::CharData) - textBuf << "m_TextBuf << "m_TextBuf << bsData; if (eType == CFX_SAXItem::Type::CharData) - textBuf << "]]>"; + pTag->m_TextBuf << "]]>"; } void CFX_SAXReaderHandler::OnTagClose(CFX_SAXContext* pTag, uint32_t dwEndPos) { if (!pTag) return; - CFX_ByteTextBuf& textBuf = pTag->m_TextBuf; if (pTag->m_eNode == CFX_SAXItem::Type::Instruction) - textBuf << "?>"; + pTag->m_TextBuf << "?>"; else if (pTag->m_eNode == CFX_SAXItem::Type::Tag) - textBuf << ">m_bsTagName.AsStringC() << ">"; + pTag->m_TextBuf << ">m_bsTagName.AsStringC() << ">"; UpdateChecksum(false); } @@ -107,11 +106,12 @@ void CFX_SAXReaderHandler::OnTargetData(CFX_SAXContext* pTag, } void CFX_SAXReaderHandler::UpdateChecksum(bool bCheckSpace) { - int32_t iLength = m_SAXContext.m_TextBuf.GetLength(); + int32_t iLength = m_SAXContext.m_TextBuf.tellp(); if (iLength < 1) return; - uint8_t* pBuffer = m_SAXContext.m_TextBuf.GetBuffer(); + std::string sBuffer = m_SAXContext.m_TextBuf.str(); + const uint8_t* pBuffer = reinterpret_cast(sBuffer.c_str()); bool bUpdata = true; if (bCheckSpace) { bUpdata = false; @@ -124,5 +124,5 @@ void CFX_SAXReaderHandler::UpdateChecksum(bool bCheckSpace) { if (bUpdata) m_pContext->Update(CFX_ByteStringC(pBuffer, iLength)); - m_SAXContext.m_TextBuf.Clear(); + m_SAXContext.m_TextBuf.str(""); } -- cgit v1.2.3