Cleanup some PPAPI proxy code.

ppapi/proxy/pdf_resource.cc

Index: ppapi/proxy/pdf_resource.cc
diff --git a/ppapi/proxy/pdf_resource.cc b/ppapi/proxy/pdf_resource.cc
index 384fdc90a35bd218251ee1356a79d50e081e87b9..c68280614fe9708ad00570c2015a22ba82725f8b 100644
--- a/ppapi/proxy/pdf_resource.cc
+++ b/ppapi/proxy/pdf_resource.cc
@@ -98,13 +98,17 @@ void PDFResource::SearchString(const unsigned short* input_string,
     DCHECK(status == U_ZERO_ERROR);
   }
 
-  *count = static_cast<uint32_t>(pp_results.size());
-  if (*count) {
-    *results = reinterpret_cast<PP_PrivateFindResult*>(malloc(
-        *count * sizeof(PP_PrivateFindResult)));
-    memcpy(*results, &pp_results[0], *count * sizeof(PP_PrivateFindResult));
+  if (pp_results.empty() ||
+      pp_results.size() > std::numeric_limits<uint32_t>::max() ||
+      pp_results.size() >
+          std::numeric_limits<size_t>::max() / sizeof(PP_PrivateFindResult)) {

[raymes, 2015/05/20 00:26:48]

Would it be simpler just to have some large constant maximum?

kMaxNumSearchResults = 1000000;

[Lei Zhang, 2015/05/20 00:30:48]

I can replace std::numeric_limits<size_t>::max() with SIZE_MAX. That'll make it
less verbose.

[Lei Zhang, 2015/05/20 00:46:34]

Done in patch set 3. But in general, the security folks do these kinds of
checks, or use base/numerics/safe_conversions.h and friends all the time, rather
than set some arbitrary limit. The user's machine may run out of memory, but
that's not my concern.

+    *count = 0;
+    *results = nullptr;
   } else {
-    *results = NULL;
+    *count = static_cast<uint32_t>(pp_results.size());
+    const size_t result_size = pp_results.size() * sizeof(PP_PrivateFindResult);
+    *results = reinterpret_cast<PP_PrivateFindResult*>(malloc(result_size));
+    memcpy(*results, &pp_results[0], result_size);
   }
 
   usearch_close(searcher);