xfa/fde/xml/fde_xml_imp.cpp - Issue 2223823003: Guard against undefined shift.

Side by Side Diff: xfa/fde/xml/fde_xml_imp.cpp

Issue 2223823003: Guard against undefined shift. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: sigh Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 PDFium Authors. All rights reserved.	1 // Copyright 2014 PDFium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com	5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com

6	6

7 #include "xfa/fde/xml/fde_xml_imp.h"	7 #include "xfa/fde/xml/fde_xml_imp.h"

8	8

9 #include <algorithm>	9 #include <algorithm>

10	10

(...skipping 1850 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1861 w = csEntity[i];	1861 w = csEntity[i];

1862 if (w >= L'0' && w <= L'9') {	1862 if (w >= L'0' && w <= L'9') {

1863 ch = (ch << 4) + w - L'0';	1863 ch = (ch << 4) + w - L'0';

1864 } else if (w >= L'A' && w <= L'F') {	1864 } else if (w >= L'A' && w <= L'F') {

1865 ch = (ch << 4) + w - 55;	1865 ch = (ch << 4) + w - 55;

1866 } else if (w >= L'a' && w <= L'f') {	1866 } else if (w >= L'a' && w <= L'f') {

1867 ch = (ch << 4) + w - 87;	1867 ch = (ch << 4) + w - 87;

1868 } else {	1868 } else {

1869 break;	1869 break;

1870 }	1870 }

	1871 if (ch < 0) {
	Wei Li 2016/08/08 22:38:52 Should we check overflow instead of being negative Should we check overflow instead of being negative? Maybe we can check the number of non-zero wchar, which should be no more than 4, right? dsinclair 2016/08/09 00:21:51 I can switch to using overflow checking, will chan Show quoted text On 2016/08/08 22:38:52, Wei Li wrote: > Should we check overflow instead of being negative? > Maybe we can check the number of non-zero wchar, which should be no more than 4, > right? I can switch to using overflow checking, will change the code tomorrow. I think the windows test will still need to be special cased as it doesn't overflow a windows wchar_t, but this code will be nicer. Not sure what you mean by checking the non-zero wchar? dsinclair 2016/08/09 14:33:33 I tried the checked numeric but I'd also still nee Show quoted text On 2016/08/08 22:38:52, Wei Li wrote: > Should we check overflow instead of being negative? > Maybe we can check the number of non-zero wchar, which should be no more than 4, > right? I tried the checked numeric but I'd also still need the < 0 check. The wchar_t signedness is undefined by the spec. So, it happens that Linux leaves it as signed, so the CheckedNumeric doesn't overflow, but the shift still fails.
	1872 ch = ' ';

	1873 break;

	1874 }

1871 }	1875 }

1872 } else {	1876 } else {

1873 for (int32_t i = 1; i < iLen; i++) {	1877 for (int32_t i = 1; i < iLen; i++) {

1874 w = csEntity[i];	1878 w = csEntity[i];

1875 if (w < L'0' \|\| w > L'9') {	1879 if (w < L'0' \|\| w > L'9')

	1880 break;

	1881 ch = ch * 10 + w - L'0';

	1882

	1883 if (ch < 0) {

	1884 ch = ' ';

1876 break;	1885 break;

1877 }	1886 }

1878 ch = ch * 10 + w - L'0';

1879 }	1887 }

1880 }	1888 }

1881 if (ch != 0) {	1889 if (ch != 0) {

1882 m_BlockBuffer.SetTextChar(m_iEntityStart, ch);	1890 m_BlockBuffer.SetTextChar(m_iEntityStart, ch);

1883 m_iEntityStart++;	1891 m_iEntityStart++;

1884 }	1892 }

1885 } else {	1893 } else {

1886 if (csEntity.Compare(L"amp") == 0) {	1894 if (csEntity.Compare(L"amp") == 0) {

1887 m_BlockBuffer.SetTextChar(m_iEntityStart, L'&');	1895 m_BlockBuffer.SetTextChar(m_iEntityStart, L'&');

1888 m_iEntityStart++;	1896 m_iEntityStart++;

(...skipping 15 matching lines...) Expand all Loading...
1904 m_BlockBuffer.DeleteTextChars(m_iDataLength - m_iEntityStart, FALSE);	1912 m_BlockBuffer.DeleteTextChars(m_iDataLength - m_iEntityStart, FALSE);

1905 m_pCurrentBlock = m_BlockBuffer.GetAvailableBlock(m_iIndexInBlock);	1913 m_pCurrentBlock = m_BlockBuffer.GetAvailableBlock(m_iIndexInBlock);

1906 m_iEntityStart = -1;	1914 m_iEntityStart = -1;

1907 } else {	1915 } else {

1908 if (m_iEntityStart < 0 && ch == L'&') {	1916 if (m_iEntityStart < 0 && ch == L'&') {

1909 m_iEntityStart = m_iDataLength - 1;	1917 m_iEntityStart = m_iDataLength - 1;

1910 }	1918 }

1911 }	1919 }

1912 m_pStart++;	1920 m_pStart++;

1913 }	1921 }

OLD	NEW

« no previous file with comments | « no previous file | xfa/fde/xml/fde_xml_imp_unittest.cpp » ('j') | no next file with comments »