Chromium Code Reviews Chromium Code Reviews
Issue 2358023002:
Check for overflow in CMap_GetCode. (Closed)
| Index: core/fpdfapi/fpdf_font/fpdf_font_cid.cpp |
| diff --git a/core/fpdfapi/fpdf_font/fpdf_font_cid.cpp b/core/fpdfapi/fpdf_font/fpdf_font_cid.cpp |
| index 3f95ec4a96cb12172f801ce4e424fa26b1b45425..393c131ada5f9ccf77a28388b1d83e3139375484 100644 |
| --- a/core/fpdfapi/fpdf_font/fpdf_font_cid.cpp |
| +++ b/core/fpdfapi/fpdf_font/fpdf_font_cid.cpp |
| @@ -441,16 +441,22 @@ void CPDF_CMapParser::ParseWord(const CFX_ByteStringC& word) { |
| // Static. |
| uint32_t CPDF_CMapParser::CMap_GetCode(const CFX_ByteStringC& word) { |
| - int num = 0; |
| + pdfium::base::CheckedNumeric<uint32_t> num = 0; |
|
dsinclair
2016/09/21 14:56:33
The method returns a uint32_t, so I updated the in
Tom Sepez
2016/09/21 16:48:51
I'm guessing this is UBSAN noise? Or do we really
dsinclair
2016/09/21 17:16:55
I think we want the latter as, I believe, returnin
|
| if (word.GetAt(0) == '<') { |
| - for (int i = 1; i < word.GetLength() && std::isxdigit(word.GetAt(i)); ++i) |
| + for (int i = 1; i < word.GetLength() && std::isxdigit(word.GetAt(i)); ++i) { |
| num = num * 16 + FXSYS_toHexDigit(word.GetAt(i)); |
| - return num; |
| + if (!num.IsValid()) |
| + break; |
|
Tom Sepez
2016/09/21 16:48:51
just return 0 here.
dsinclair
2016/09/21 17:16:55
Done.
|
| + } |
| + return num.ValueOrDefault(0); |
|
Tom Sepez
2016/09/21 16:48:51
then valueordie here.
dsinclair
2016/09/21 17:16:55
Done.
|
| } |
| - for (int i = 0; i < word.GetLength() && std::isdigit(word.GetAt(i)); ++i) |
| + for (int i = 0; i < word.GetLength() && std::isdigit(word.GetAt(i)); ++i) { |
| num = num * 10 + FXSYS_toDecimalDigit(static_cast<FX_WCHAR>(word.GetAt(i))); |
| - return num; |
| + if (!num.IsValid()) |
| + break; |
|
Tom Sepez
2016/09/21 16:48:51
just return 0 here.
dsinclair
2016/09/21 17:16:55
Done.
|
| + } |
| + return num.ValueOrDefault(0); |
|
Tom Sepez
2016/09/21 16:48:51
then valueordie here.
dsinclair
2016/09/21 17:16:55
Done.
|
| } |
| // Static. |
