Chromium Code Reviews Chromium Code Reviews
Issue 1652933002:
Fix AddressSanitizer: heap-buffer-overflow in ValidateCanonicalTime() (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@xfa| OLD | NEW |
|---|---|
| 1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "xfa/src/foxitlib.h" | 7 #include "xfa/src/foxitlib.h" |
| 8 #include "xfa/src/fxfa/src/common/xfa_utils.h" | 8 #include "xfa/src/fxfa/src/common/xfa_utils.h" |
| 9 #include "xfa/src/fxfa/src/common/xfa_object.h" | 9 #include "xfa/src/fxfa/src/common/xfa_object.h" |
| 10 #include "xfa/src/fxfa/src/common/xfa_document.h" | 10 #include "xfa/src/fxfa/src/common/xfa_document.h" |
| (...skipping 654 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 665 } else if (wDay > LastDay[wMonth - 1]) { | 665 } else if (wDay > LastDay[wMonth - 1]) { |
| 666 return FALSE; | 666 return FALSE; |
| 667 } | 667 } |
| 668 CFX_Unitime ut; | 668 CFX_Unitime ut; |
| 669 ut.Set(wYear, static_cast<uint8_t>(wMonth), static_cast<uint8_t>(wDay)); | 669 ut.Set(wYear, static_cast<uint8_t>(wMonth), static_cast<uint8_t>(wDay)); |
| 670 unDate = unDate + ut; | 670 unDate = unDate + ut; |
| 671 return TRUE; | 671 return TRUE; |
| 672 } | 672 } |
| 673 FX_BOOL CXFA_LocaleValue::ValidateCanonicalTime(const CFX_WideString& wsTime) { | 673 FX_BOOL CXFA_LocaleValue::ValidateCanonicalTime(const CFX_WideString& wsTime) { |
| 674 int nLen = wsTime.GetLength(); | 674 int nLen = wsTime.GetLength(); |
| 675 if (nLen < 2) { | 675 if (nLen < 2) |
| 676 return FALSE; | 676 return FALSE; |
| 677 } | 677 const FX_WORD wCountH = 2; |
| 678 const FX_WORD wCountH = 2, wCountM = 2, wCountS = 2, wCountF = 3; | 678 const FX_WORD wCountM = 2; |
| 679 const FX_WORD wCountS = 2; | |
| 680 const FX_WORD wCountF = 3; | |
| 679 FX_BOOL bSymbol = (wsTime.Find(':') == -1) ? FALSE : TRUE; | 681 FX_BOOL bSymbol = (wsTime.Find(':') == -1) ? FALSE : TRUE; |
| 680 FX_WORD wHour = 0, wMinute = 0, wSecond = 0, wFraction = 0; | 682 FX_WORD wHour = 0; |
| 683 FX_WORD wMinute = 0; | |
| 684 FX_WORD wSecond = 0; | |
| 685 FX_WORD wFraction = 0; | |
| 681 const FX_WCHAR* pTime = (const FX_WCHAR*)wsTime; | 686 const FX_WCHAR* pTime = (const FX_WCHAR*)wsTime; |
| 682 int nIndex = 0, nStart = 0; | 687 int nIndex = 0; |
| 683 while (pTime[nIndex] != '\0' && nIndex - nStart < wCountH) { | 688 int nStart = 0; |
| 684 if (!XFA_IsDigit(pTime[nIndex])) { | 689 while (nIndex - nStart < wCountH && pTime[nIndex]) { |
| 690 if (!XFA_IsDigit(pTime[nIndex])) | |
| 685 return FALSE; | 691 return FALSE; |
| 686 } | 692 wHour = pTime[nIndex] - '0' + wHour * 10; |
| 687 wHour = (pTime[nIndex] - '0') + wHour * 10; | |
| 688 nIndex++; | 693 nIndex++; |
| 689 } | 694 } |
| 690 if (bSymbol) { | 695 if (bSymbol) { |
| 691 if (nIndex < nLen && pTime[nIndex] != ':') { | 696 if (nIndex < nLen && pTime[nIndex] != ':') |
| 692 return FALSE; | 697 return FALSE; |
| 693 } | |
| 694 nIndex++; | 698 nIndex++; |
| 695 } | 699 } |
| 696 nStart = nIndex; | 700 nStart = nIndex; |
| 697 while (pTime[nIndex] != '\0' && nIndex - nStart < wCountM && nIndex < nLen) { | 701 while (nIndex - nStart < wCountM && nIndex < nLen && pTime[nIndex]) { |
|
jun_fang
2016/02/01 13:09:16
nIndex should be used after being tested.
| |
| 698 if (!XFA_IsDigit(pTime[nIndex])) { | 702 if (!XFA_IsDigit(pTime[nIndex])) |
| 699 return FALSE; | 703 return FALSE; |
| 700 } | 704 wMinute = pTime[nIndex] - '0' + wMinute * 10; |
| 701 wMinute = (pTime[nIndex] - '0') + wMinute * 10; | |
| 702 nIndex++; | 705 nIndex++; |
| 703 } | 706 } |
| 704 if (bSymbol) { | 707 if (bSymbol) { |
| 705 if (nIndex < nLen && pTime[nIndex] != ':') { | 708 if (nIndex < nLen && pTime[nIndex] != ':') |
| 706 return FALSE; | 709 return FALSE; |
| 707 } | |
| 708 nIndex++; | 710 nIndex++; |
| 709 } | 711 } |
| 710 nStart = nIndex; | 712 nStart = nIndex; |
| 711 while (pTime[nIndex] != '\0' && nIndex - nStart < wCountS && nIndex < nLen) { | 713 while (nIndex - nStart < wCountS && nIndex < nLen && pTime[nIndex]) { |
|
jun_fang
2016/02/01 13:09:17
The same as above.
| |
| 712 if (!XFA_IsDigit(pTime[nIndex])) { | 714 if (!XFA_IsDigit(pTime[nIndex])) |
| 713 return FALSE; | 715 return FALSE; |
| 714 } | 716 wSecond = pTime[nIndex] - '0' + wSecond * 10; |
| 715 wSecond = (pTime[nIndex] - '0') + wSecond * 10; | |
| 716 nIndex++; | 717 nIndex++; |
| 717 } | 718 } |
| 718 if (wsTime.Find('.') > 0) { | 719 if (wsTime.Find('.') > 0) { |
| 719 if (pTime[nIndex] != '.') { | 720 if (pTime[nIndex] != '.') |
| 720 return FALSE; | 721 return FALSE; |
| 721 } | |
| 722 nIndex++; | 722 nIndex++; |
| 723 nStart = nIndex; | 723 nStart = nIndex; |
| 724 while (pTime[nIndex] != '\0' && nIndex - nStart < wCountF && | 724 while (nIndex - nStart < wCountF && nIndex < nLen && pTime[nIndex]) { |
|
jun_fang
2016/02/01 13:09:17
The same as above.
| |
| 725 nIndex < nLen) { | 725 if (!XFA_IsDigit(pTime[nIndex])) |
| 726 if (!XFA_IsDigit(pTime[nIndex])) { | |
| 727 return FALSE; | 726 return FALSE; |
| 728 } | 727 wFraction = pTime[nIndex] - '0' + wFraction * 10; |
| 729 wFraction = (pTime[nIndex] - '0') + wFraction * 10; | |
| 730 nIndex++; | 728 nIndex++; |
| 731 } | 729 } |
| 732 } | 730 } |
| 733 if (nIndex < nLen) { | 731 if (nIndex < nLen) { |
| 734 if (pTime[nIndex] == 'Z') { | 732 if (pTime[nIndex] == 'Z') { |
| 735 nIndex++; | 733 nIndex++; |
| 736 } else if (pTime[nIndex] == '-' || pTime[nIndex] == '+') { | 734 } else if (pTime[nIndex] == '-' || pTime[nIndex] == '+') { |
| 737 int16_t nOffsetH = 0, nOffsetM = 0; | 735 int16_t nOffsetH = 0; |
| 736 int16_t nOffsetM = 0; | |
| 738 nIndex++; | 737 nIndex++; |
| 739 nStart = nIndex; | 738 nStart = nIndex; |
| 740 while (pTime[nIndex] != '\0' && nIndex - nStart < wCountH && | 739 while (nIndex - nStart < wCountH && nIndex < nLen && pTime[nIndex]) { |
|
jun_fang
2016/02/01 13:09:16
The same as above.
| |
| 741 nIndex < nLen) { | 740 if (!XFA_IsDigit(pTime[nIndex])) |
| 742 if (!XFA_IsDigit(pTime[nIndex])) { | |
| 743 return FALSE; | 741 return FALSE; |
| 744 } | 742 nOffsetH = pTime[nIndex] - '0' + nOffsetH * 10; |
| 745 nOffsetH = (pTime[nIndex] - '0') + nOffsetH * 10; | |
| 746 nIndex++; | 743 nIndex++; |
| 747 } | 744 } |
| 748 if (bSymbol) { | 745 if (bSymbol) { |
| 749 if (nIndex < nLen && pTime[nIndex] != ':') { | 746 if (nIndex < nLen && pTime[nIndex] != ':') |
| 750 return FALSE; | 747 return FALSE; |
| 751 } | |
| 752 nIndex++; | 748 nIndex++; |
| 753 } | 749 } |
| 754 nStart = nIndex; | 750 nStart = nIndex; |
| 755 while (pTime[nIndex] != '\0' && nIndex - nStart < wCountM && | 751 while (nIndex - nStart < wCountM && nIndex < nLen && pTime[nIndex]) { |
|
jun_fang
2016/02/01 13:09:16
The same as above.
| |
| 756 nIndex < nLen) { | 752 if (!XFA_IsDigit(pTime[nIndex])) |
| 757 if (!XFA_IsDigit(pTime[nIndex])) { | |
| 758 return FALSE; | 753 return FALSE; |
| 759 } | 754 nOffsetM = pTime[nIndex] - '0' + nOffsetM * 10; |
| 760 nOffsetM = (pTime[nIndex] - '0') + nOffsetM * 10; | |
| 761 nIndex++; | 755 nIndex++; |
| 762 } | 756 } |
| 763 if (nOffsetH > 12) { | 757 if (nOffsetH > 12 || nOffsetM >= 60) |
| 764 return FALSE; | 758 return FALSE; |
| 765 } | |
| 766 if (nOffsetM >= 60) { | |
| 767 return FALSE; | |
| 768 } | |
| 769 } | 759 } |
| 770 } | 760 } |
| 771 if (nIndex != nLen) { | 761 return nIndex == nLen && wHour < 24 && wMinute < 60 && wSecond < 60 && |
| 772 return FALSE; | 762 wFraction <= 999; |
| 773 } | |
| 774 if (wHour >= 24) { | |
| 775 return FALSE; | |
| 776 } | |
| 777 if (wMinute >= 60) { | |
| 778 return FALSE; | |
| 779 } | |
| 780 if (wSecond >= 60) { | |
| 781 return FALSE; | |
| 782 } | |
| 783 if (wFraction > 999) { | |
| 784 return FALSE; | |
| 785 } | |
| 786 return TRUE; | |
| 787 } | 763 } |
| 788 FX_BOOL CXFA_LocaleValue::ValidateCanonicalDateTime( | 764 FX_BOOL CXFA_LocaleValue::ValidateCanonicalDateTime( |
| 789 const CFX_WideString& wsDateTime) { | 765 const CFX_WideString& wsDateTime) { |
| 790 CFX_WideString wsDate, wsTime; | 766 CFX_WideString wsDate, wsTime; |
| 791 if (wsDateTime.IsEmpty()) { | 767 if (wsDateTime.IsEmpty()) { |
| 792 return FALSE; | 768 return FALSE; |
| 793 } | 769 } |
| 794 int nSplitIndex = -1; | 770 int nSplitIndex = -1; |
| 795 nSplitIndex = wsDateTime.Find('T'); | 771 nSplitIndex = wsDateTime.Find('T'); |
| 796 if (nSplitIndex < 0) { | 772 if (nSplitIndex < 0) { |
| (...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 992 } else if (cf == L'z') { | 968 } else if (cf == L'z') { |
| 993 nf++; | 969 nf++; |
| 994 } else { | 970 } else { |
| 995 return FALSE; | 971 return FALSE; |
| 996 } | 972 } |
| 997 } | 973 } |
| 998 n++; | 974 n++; |
| 999 } | 975 } |
| 1000 return n == nCount; | 976 return n == nCount; |
| 1001 } | 977 } |
| OLD | NEW |
