From 8dee6cab8f10a257d3b551ede6ca85466bf0bac7 Mon Sep 17 00:00:00 2001
From: JUN FANG <jun_fang@foxitsoftware.com>
Date: Wed, 30 Jul 2014 13:46:39 -0700
Subject: Fix the potential integer overflow from 'offset+size' in extension.h
 and fpdfview.cpp

BUG=397258
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/419063002
---
 core/include/fxcrt/fx_stream.h | 1 +
 core/include/fxcrt/fx_system.h | 4 ++++
 2 files changed, 5 insertions(+)

(limited to 'core/include')

diff --git a/core/include/fxcrt/fx_stream.h b/core/include/fxcrt/fx_stream.h
index ef730bb967..8e298f7727 100644
--- a/core/include/fxcrt/fx_stream.h
+++ b/core/include/fxcrt/fx_stream.h
@@ -30,6 +30,7 @@ FX_DEFINEHANDLE(FX_HFILE)
 #endif
 #define FX_FILESIZE			off_t
 #endif
+typedef base::CheckedNumeric<FX_FILESIZE>    FX_SAFE_FILESIZE;
 #define FX_GETBYTEOFFSET32(a)	0
 #define FX_GETBYTEOFFSET40(a)	0
 #define FX_GETBYTEOFFSET48(a)	0
diff --git a/core/include/fxcrt/fx_system.h b/core/include/fxcrt/fx_system.h
index 7488e9d2dc..391380304c 100644
--- a/core/include/fxcrt/fx_system.h
+++ b/core/include/fxcrt/fx_system.h
@@ -276,6 +276,10 @@ int			FXSYS_round(FX_FLOAT f);
 #ifdef __cplusplus
 };
 
+#include "../../../third_party/numerics/safe_math.h"
+typedef base::CheckedNumeric<FX_DWORD> 		FX_SAFE_DWORD;
+typedef base::CheckedNumeric<FX_INT32> 		FX_SAFE_INT;
+typedef base::CheckedNumeric<size_t>            FX_SAFE_SIZET;
 #if defined(__clang__) || _MSC_VER >= 1700
 #define FX_FINAL final
 #elif defined(__GNUC__) && __cplusplus >= 201103 && \
-- 
cgit v1.2.3