Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(568)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fxcrt/fx_basic_buffer.cpp

Issue 2268693003: Fix more integer overflows inside ReadPageHintTable(). (Closed) Base URL: https://pdfium.googlesource.com/pdfium@master
Patch Set: Simplify CFX_BitStream::ByteAlign Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <limits> 8 #include <limits>
9 9
10 #include "core/fxcrt/include/fx_basic.h" 10 #include "core/fxcrt/include/fx_basic.h"
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after
180 CFX_WideTextBuf& CFX_WideTextBuf::operator<<(const CFX_WideTextBuf& buf) { 180 CFX_WideTextBuf& CFX_WideTextBuf::operator<<(const CFX_WideTextBuf& buf) {
181 AppendBlock(buf.m_pBuffer.get(), buf.m_DataSize); 181 AppendBlock(buf.m_pBuffer.get(), buf.m_DataSize);
182 return *this; 182 return *this;
183 } 183 }
184 184
185 void CFX_BitStream::Init(const uint8_t* pData, uint32_t dwSize) { 185 void CFX_BitStream::Init(const uint8_t* pData, uint32_t dwSize) {
186 m_pData = pData; 186 m_pData = pData;
187 m_BitSize = dwSize * 8; 187 m_BitSize = dwSize * 8;
188 m_BitPos = 0; 188 m_BitPos = 0;
189 } 189 }
190
190 void CFX_BitStream::ByteAlign() { 191 void CFX_BitStream::ByteAlign() {
191 int mod = m_BitPos % 8; 192 m_BitPos = (m_BitPos + 7) & ~7;
192 if (mod == 0) {
193 return;
194 }
195 m_BitPos += 8 - mod;
196 } 193 }
194
197 uint32_t CFX_BitStream::GetBits(uint32_t nBits) { 195 uint32_t CFX_BitStream::GetBits(uint32_t nBits) {
198 if (nBits > m_BitSize || m_BitPos + nBits > m_BitSize) { 196 if (nBits > m_BitSize || m_BitPos + nBits > m_BitSize)
199 return 0; 197 return 0;
200 } 198
201 if (nBits == 1) { 199 if (nBits == 1) {
202 int bit = (m_pData[m_BitPos / 8] & (1 << (7 - m_BitPos % 8))) ? 1 : 0; 200 int bit = (m_pData[m_BitPos / 8] & (1 << (7 - m_BitPos % 8))) ? 1 : 0;
203 m_BitPos++; 201 m_BitPos++;
204 return bit; 202 return bit;
205 } 203 }
204
206 uint32_t byte_pos = m_BitPos / 8; 205 uint32_t byte_pos = m_BitPos / 8;
207 uint32_t bit_pos = m_BitPos % 8, bit_left = nBits; 206 uint32_t bit_pos = m_BitPos % 8;
207 uint32_t bit_left = nBits;
208 uint32_t result = 0; 208 uint32_t result = 0;
209 if (bit_pos) { 209 if (bit_pos) {
210 if (8 - bit_pos >= bit_left) { 210 if (8 - bit_pos >= bit_left) {
211 result = 211 result =
212 (m_pData[byte_pos] & (0xff >> bit_pos)) >> (8 - bit_pos - bit_left); 212 (m_pData[byte_pos] & (0xff >> bit_pos)) >> (8 - bit_pos - bit_left);
213 m_BitPos += bit_left; 213 m_BitPos += bit_left;
214 return result; 214 return result;
215 } 215 }
216 bit_left -= 8 - bit_pos; 216 bit_left -= 8 - bit_pos;
217 result = (m_pData[byte_pos++] & ((1 << (8 - bit_pos)) - 1)) << bit_left; 217 result = (m_pData[byte_pos++] & ((1 << (8 - bit_pos)) - 1)) << bit_left;
218 } 218 }
219 while (bit_left >= 8) { 219 while (bit_left >= 8) {
220 bit_left -= 8; 220 bit_left -= 8;
221 result |= m_pData[byte_pos++] << bit_left; 221 result |= m_pData[byte_pos++] << bit_left;
222 } 222 }
223 if (bit_left) { 223 if (bit_left)
224 result |= m_pData[byte_pos] >> (8 - bit_left); 224 result |= m_pData[byte_pos] >> (8 - bit_left);
225 }
226 m_BitPos += nBits; 225 m_BitPos += nBits;
227 return result; 226 return result;
228 } 227 }
229 228
230 CFX_FileBufferArchive::CFX_FileBufferArchive() 229 CFX_FileBufferArchive::CFX_FileBufferArchive()
231 : m_Length(0), m_pFile(nullptr) {} 230 : m_Length(0), m_pFile(nullptr) {}
232 231
233 CFX_FileBufferArchive::~CFX_FileBufferArchive() {} 232 CFX_FileBufferArchive::~CFX_FileBufferArchive() {}
234 233
235 void CFX_FileBufferArchive::Clear() { 234 void CFX_FileBufferArchive::Clear() {
236 m_Length = 0; 235 m_Length = 0;
237 m_pBuffer.reset(); 236 m_pBuffer.reset();
238 m_pFile = nullptr; 237 m_pFile = nullptr;
239 } 238 }
240 239
241 bool CFX_FileBufferArchive::Flush() { 240 bool CFX_FileBufferArchive::Flush() {
242 size_t nRemaining = m_Length; 241 size_t nRemaining = m_Length;
243 m_Length = 0; 242 m_Length = 0;
244 if (!m_pFile) 243 if (!m_pFile)
245 return false; 244 return false;
246 if (!m_pBuffer || !nRemaining) 245 if (!m_pBuffer || !nRemaining)
247 return true; 246 return true;
248 return m_pFile->WriteBlock(m_pBuffer.get(), nRemaining) > 0; 247 return m_pFile->WriteBlock(m_pBuffer.get(), nRemaining) > 0;
249 } 248 }
250 249
251 int32_t CFX_FileBufferArchive::AppendBlock(const void* pBuf, size_t size) { 250 int32_t CFX_FileBufferArchive::AppendBlock(const void* pBuf, size_t size) {
252 if (!pBuf || size < 1) { 251 if (!pBuf || size < 1)
253 return 0; 252 return 0;
254 } 253
255 if (!m_pBuffer) { 254 if (!m_pBuffer)
256 m_pBuffer.reset(FX_Alloc(uint8_t, kBufSize)); 255 m_pBuffer.reset(FX_Alloc(uint8_t, kBufSize));
257 } 256
258 const uint8_t* buffer = reinterpret_cast<const uint8_t*>(pBuf); 257 const uint8_t* buffer = reinterpret_cast<const uint8_t*>(pBuf);
259 size_t temp_size = size; 258 size_t temp_size = size;
260 while (temp_size) { 259 while (temp_size) {
261 size_t buf_size = std::min(kBufSize - m_Length, temp_size); 260 size_t buf_size = std::min(kBufSize - m_Length, temp_size);
262 FXSYS_memcpy(m_pBuffer.get() + m_Length, buffer, buf_size); 261 FXSYS_memcpy(m_pBuffer.get() + m_Length, buffer, buf_size);
263 m_Length += buf_size; 262 m_Length += buf_size;
264 if (m_Length == kBufSize) { 263 if (m_Length == kBufSize) {
265 if (!Flush()) { 264 if (!Flush()) {
266 return -1; 265 return -1;
267 } 266 }
(...skipping 15 matching lines...) Expand all
283 } 282 }
284 283
285 int32_t CFX_FileBufferArchive::AppendString(const CFX_ByteStringC& lpsz) { 284 int32_t CFX_FileBufferArchive::AppendString(const CFX_ByteStringC& lpsz) {
286 return AppendBlock(lpsz.raw_str(), lpsz.GetLength()); 285 return AppendBlock(lpsz.raw_str(), lpsz.GetLength());
287 } 286 }
288 287
289 void CFX_FileBufferArchive::AttachFile(IFX_StreamWrite* pFile) { 288 void CFX_FileBufferArchive::AttachFile(IFX_StreamWrite* pFile) {
290 ASSERT(pFile); 289 ASSERT(pFile);
291 m_pFile = pFile; 290 m_pFile = pFile;
292 } 291 }
OLDNEW
« no previous file with comments | « core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698