From e85f971fe9ba628e46bcb0709d5da4368c15d0b0 Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Wed, 3 Aug 2016 10:08:13 -0700
Subject: Fix FMCallExpression undefined shift behaviour.

When determining which params should be an object and which are a value it is
possible to overflow the int on the shift comparision (if there are more then
32 arguments).

This never happens in practise as it's a controlled list of method calls which
we pass objects for. Cap the check at 32 for the shifting so it doesn't
overflow. We can revisit and extend the value later if we ever have an internal
formcalc method that needs an object in a position greater then 32.

BUG=chromium:603490

Review-Url: https://codereview.chromium.org/2206253002
---
 pdfium.gyp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'pdfium.gyp')

diff --git a/pdfium.gyp b/pdfium.gyp
index 61890e81cd..26f46edba9 100644
--- a/pdfium.gyp
+++ b/pdfium.gyp
@@ -949,6 +949,7 @@
             'xfa/fde/xml/fde_xml_imp_unittest.cpp',
             'xfa/fxbarcode/pdf417/BC_PDF417HighLevelEncoder_unittest.cpp',
             'xfa/fxfa/app/xfa_textlayout_unittest.cpp',
+            'xfa/fxfa/fm2js/xfa_simpleexpression_unittest.cpp',
             'xfa/fxfa/parser/xfa_utils_unittest.cpp',
           ],
         }],
-- 
cgit v1.2.3