Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(491)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: xfa/fde/xml/fde_xml_imp.cpp

Issue 2223823003: Guard against undefined shift. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Do calculation in uint32 space Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | xfa/fde/xml/fde_xml_imp_unittest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: xfa/fde/xml/fde_xml_imp.cpp
diff --git a/xfa/fde/xml/fde_xml_imp.cpp b/xfa/fde/xml/fde_xml_imp.cpp
index 4c6dcf989c4c910835c41ac17ea0adb58962ad9a..7bc4ffdd468bc5ab5813c9a46695b3844ec23595 100644
--- a/xfa/fde/xml/fde_xml_imp.cpp
+++ b/xfa/fde/xml/fde_xml_imp.cpp
@@ -14,6 +14,8 @@
namespace {
+const uint32_t kMaxCharRange = 0x10ffff;
+
const uint16_t g_XMLValidCharRange[][2] = {{0x09, 0x09},
{0x0A, 0x0A},
{0x0D, 0x0D},
@@ -1838,48 +1840,58 @@ FX_FILESIZE CFDE_XMLSyntaxParser::GetCurrentBinaryPos() const {
return m_iParsedBytes + nDstLen;
}
-void CFDE_XMLSyntaxParser::ParseTextChar(FX_WCHAR ch) {
+void CFDE_XMLSyntaxParser::ParseTextChar(FX_WCHAR character) {
if (m_iIndexInBlock == m_iAllocStep) {
m_pCurrentBlock = m_BlockBuffer.GetAvailableBlock(m_iIndexInBlock);
if (!m_pCurrentBlock) {
return;
}
}
- m_pCurrentBlock[m_iIndexInBlock++] = ch;
+ m_pCurrentBlock[m_iIndexInBlock++] = character;
m_iDataLength++;
- if (m_iEntityStart > -1 && ch == L';') {
+ if (m_iEntityStart > -1 && character == L';') {
CFX_WideString csEntity;
m_BlockBuffer.GetTextData(csEntity, m_iEntityStart + 1,
(m_iDataLength - 1) - m_iEntityStart - 1);
int32_t iLen = csEntity.GetLength();
if (iLen > 0) {
if (csEntity[0] == L'#') {
- ch = 0;
+ uint32_t ch = 0;
FX_WCHAR w;
if (iLen > 1 && csEntity[1] == L'x') {
- for (int32_t i = 2; i < iLen; i++) {
- w = csEntity[i];
- if (w >= L'0' && w <= L'9') {
- ch = (ch << 4) + w - L'0';
- } else if (w >= L'A' && w <= L'F') {
- ch = (ch << 4) + w - 55;
- } else if (w >= L'a' && w <= L'f') {
- ch = (ch << 4) + w - 87;
- } else {
- break;
+ int32_t i = 2;
+ while (i < iLen && csEntity[i] == '0')
+ i++;
+ if (iLen - i <= 4) {
Wei Li 2016/08/10 21:03:58 Now, you no longer need the length checking.
dsinclair 2016/08/11 14:30:39 Done.
+ for (; i < iLen; i++) {
+ w = csEntity[i];
+ if (w >= L'0' && w <= L'9') {
+ ch = (ch << 4) + w - L'0';
+ } else if (w >= L'A' && w <= L'F') {
+ ch = (ch << 4) + w - 55;
+ } else if (w >= L'a' && w <= L'f') {
+ ch = (ch << 4) + w - 87;
+ } else {
+ break;
+ }
}
+ } else {
+ ch = ' ';
}
} else {
for (int32_t i = 1; i < iLen; i++) {
w = csEntity[i];
- if (w < L'0' || w > L'9') {
+ if (w < L'0' || w > L'9')
break;
- }
ch = ch * 10 + w - L'0';
}
}
- if (ch != 0) {
- m_BlockBuffer.SetTextChar(m_iEntityStart, ch);
+ if (ch > kMaxCharRange)
+ ch = ' ';
+
+ character = static_cast<FX_WCHAR>(ch);
+ if (character != 0) {
+ m_BlockBuffer.SetTextChar(m_iEntityStart, character);
m_iEntityStart++;
}
} else {
@@ -1905,7 +1917,7 @@ void CFDE_XMLSyntaxParser::ParseTextChar(FX_WCHAR ch) {
m_pCurrentBlock = m_BlockBuffer.GetAvailableBlock(m_iIndexInBlock);
m_iEntityStart = -1;
} else {
- if (m_iEntityStart < 0 && ch == L'&') {
+ if (m_iEntityStart < 0 && character == L'&') {
m_iEntityStart = m_iDataLength - 1;
}
}
« no previous file with comments | « no previous file | xfa/fde/xml/fde_xml_imp_unittest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698