xfa/fde/xml/fde_xml_imp.cpp - Issue 2223823003: Guard against undefined shift.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: xfa/fde/xml/fde_xml_imp.cpp

Issue 2223823003: Guard against undefined shift. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: cleanup Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: xfa/fde/xml/fde_xml_imp.cpp

diff --git a/xfa/fde/xml/fde_xml_imp.cpp b/xfa/fde/xml/fde_xml_imp.cpp

index 4c6dcf989c4c910835c41ac17ea0adb58962ad9a..8e14f021ce3e15b68922ce6a28a036fc38835a03 100644

--- a/xfa/fde/xml/fde_xml_imp.cpp

+++ b/xfa/fde/xml/fde_xml_imp.cpp

@@ -14,6 +14,8 @@

namespace {

+const uint32_t kMaxCharRange = 0x10ffff;

const uint16_t g_XMLValidCharRange[][2] = {{0x09, 0x09},

{0x0A, 0x0A},

{0x0D, 0x0D},

@@ -1838,23 +1840,23 @@ FX_FILESIZE CFDE_XMLSyntaxParser::GetCurrentBinaryPos() const {

return m_iParsedBytes + nDstLen;

}

-void CFDE_XMLSyntaxParser::ParseTextChar(FX_WCHAR ch) {

+void CFDE_XMLSyntaxParser::ParseTextChar(FX_WCHAR character) {

if (m_iIndexInBlock == m_iAllocStep) {

m_pCurrentBlock = m_BlockBuffer.GetAvailableBlock(m_iIndexInBlock);

if (!m_pCurrentBlock) {

return;

}

- m_pCurrentBlock[m_iIndexInBlock++] = ch;

+ m_pCurrentBlock[m_iIndexInBlock++] = character;

m_iDataLength++;

- if (m_iEntityStart > -1 && ch == L';') {

+ if (m_iEntityStart > -1 && character == L';') {

CFX_WideString csEntity;

m_BlockBuffer.GetTextData(csEntity, m_iEntityStart + 1,

(m_iDataLength - 1) - m_iEntityStart - 1);

int32_t iLen = csEntity.GetLength();

if (iLen > 0) {

if (csEntity[0] == L'#') {

- ch = 0;

+ uint32_t ch = 0;

FX_WCHAR w;

if (iLen > 1 && csEntity[1] == L'x') {

for (int32_t i = 2; i < iLen; i++) {

@@ -1872,14 +1874,17 @@ void CFDE_XMLSyntaxParser::ParseTextChar(FX_WCHAR ch) {

} else {

for (int32_t i = 1; i < iLen; i++) {

w = csEntity[i];

- if (w < L'0' || w > L'9') {

+ if (w < L'0' || w > L'9')

break;

- }

ch = ch * 10 + w - L'0';

}

- if (ch != 0) {

- m_BlockBuffer.SetTextChar(m_iEntityStart, ch);

+ if (ch > kMaxCharRange)

+ ch = ' ';

+ character = static_cast<FX_WCHAR>(ch);

+ if (character != 0) {

+ m_BlockBuffer.SetTextChar(m_iEntityStart, character);

m_iEntityStart++;

}

} else {

@@ -1905,7 +1910,7 @@ void CFDE_XMLSyntaxParser::ParseTextChar(FX_WCHAR ch) {

m_pCurrentBlock = m_BlockBuffer.GetAvailableBlock(m_iIndexInBlock);

m_iEntityStart = -1;

} else {

- if (m_iEntityStart < 0 && ch == L'&') {

+ if (m_iEntityStart < 0 && character == L'&') {

m_iEntityStart = m_iDataLength - 1;

}

« no previous file with comments | « no previous file | xfa/fde/xml/fde_xml_imp_unittest.cpp » ('j') | no next file with comments »