Issue 1875673004: Fix integer issues leading to out of bounds access in fx_ge_text.cpp.

Issue 1875673004: Fix integer issues leading to out of bounds access in fx_ge_text.cpp. (Closed)

Created:
4 years, 8 months ago by Oliver Chang

Modified:
4 years, 8 months ago

Reviewers:
Tom Sepez, Wei Li

CC:
pdfium-reviews_googlegroups.com

Base URL:
https://pdfium.googlesource.com/pdfium.git@master

Target Ref:
refs/heads/master

Project:
pdfium

Visibility:
Public.

More Reviews

Description

Fix integer issues leading to out of bounds access in fx_ge_text.cpp. - Using |-skew| to get positive index, which doesn't work when skew is INT_MIN - Incorrect logic when determining when to use |-skew| as an index. R=tsepez@chromium.org,weili@chromium.org BUG=chromium:601362 Committed: https://pdfium.googlesource.com/pdfium/+/b8627c9d13884d48943d8a7a5381eaf0bb2c08d9

Patch Set 3 : whitespace nit #

Total comments: 4

Patch Set 7 : fix naming #

Created: 4 years, 8 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+131 lines, -13 lines)			Patch
M	BUILD.gn	View	1 2 3 4 5 6	1 chunk	+1 line, -0 lines	0 comments	Download
M	core/fxge/ge/fx_ge_text.cpp	View	1 2 3 4	3 chunks	+18 lines, -8 lines	0 comments	Download
A +	core/fxge/ge/fx_ge_text_embeddertest.cpp	View	1 2 3 4 5 6	1 chunk	+6 lines, -5 lines	0 comments	Download
M	pdfium.gyp	View	1 2 3 4 5 6	1 chunk	+1 line, -0 lines	0 comments	Download
A	testing/resources/bug_601362.pdf	View	1 2 3 4 5 6	1 chunk	+105 lines, -0 lines	0 comments	Download

Messages

Total messages: 14 (3 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Oliver Chang

Tom, Wei, for review. Looks like this got introduced with recent refactoring/cleanups.

4 years, 8 months ago (2016-04-08 21:45:43 UTC) #1

Oliver Chang

On 2016/04/08 21:48:40, Tom Sepez wrote: > Can we add a test? We have at ...

4 years, 8 months ago (2016-04-08 23:41:52 UTC) #3

Wei Li

https://codereview.chromium.org/1875673004/diff/40001/core/fxge/ge/fx_ge_text.cpp File core/fxge/ge/fx_ge_text.cpp (right): https://codereview.chromium.org/1875673004/diff/40001/core/fxge/ge/fx_ge_text.cpp#newcode1574 core/fxge/ge/fx_ge_text.cpp:1574: static_cast<size_t>(-skew) < ANGLESKEW_ARRAY_SIZE) { /skew < 0/skew <= 0/ ...

4 years, 8 months ago (2016-04-11 16:40:37 UTC) #4

Oliver Chang

4 years, 8 months ago (2016-04-11 16:51:42 UTC) #5

Wei Li

lgtm with comments below. https://codereview.chromium.org/1875673004/diff/40001/core/fxge/ge/fx_ge_text.cpp File core/fxge/ge/fx_ge_text.cpp (right): https://codereview.chromium.org/1875673004/diff/40001/core/fxge/ge/fx_ge_text.cpp#newcode1842 core/fxge/ge/fx_ge_text.cpp:1842: if (skew < 0 && ...

4 years, 8 months ago (2016-04-11 17:00:47 UTC) #6

Oliver Chang

https://codereview.chromium.org/1875673004/diff/40001/core/fxge/ge/fx_ge_text.cpp File core/fxge/ge/fx_ge_text.cpp (right): https://codereview.chromium.org/1875673004/diff/40001/core/fxge/ge/fx_ge_text.cpp#newcode1842 core/fxge/ge/fx_ge_text.cpp:1842: if (skew < 0 && skew != std::numeric_limits<int>::min() && ...

4 years, 8 months ago (2016-04-11 17:06:47 UTC) #7

Oliver Chang

Tom, I've uploaded a test (hand mutated/minimised from a simple PDF I generated). Please take ...

4 years, 8 months ago (2016-04-11 19:55:00 UTC) #8

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1875673004/120001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1875673004/120001

4 years, 8 months ago (2016-04-11 20:35:26 UTC) #12

commit-bot: I haz the power

4 years, 8 months ago (2016-04-11 20:47:47 UTC) #14

Message was sent while issue was closed.

Committed patchset #7 (id:120001) as
https://pdfium.googlesource.com/pdfium/+/b8627c9d13884d48943d8a7a5381eaf0bb2c...

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages