Chromium Code Reviews Chromium Code Reviews
Issue 2374643002:
Sanitize values in chrome_pdf::PDFiumPage::PageToScreen(). (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "pdf/pdfium/pdfium_page.h" | 5 #include "pdf/pdfium/pdfium_page.h" |
| 6 | 6 |
| 7 #include <math.h> | 7 #include <math.h> |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| 11 #include <memory> | 11 #include <memory> |
| 12 #include <utility> | 12 #include <utility> |
| 13 | 13 |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/numerics/safe_math.h" | |
| 15 #include "base/strings/string_number_conversions.h" | 16 #include "base/strings/string_number_conversions.h" |
| 16 #include "base/strings/string_util.h" | 17 #include "base/strings/string_util.h" |
| 17 #include "base/strings/utf_string_conversions.h" | 18 #include "base/strings/utf_string_conversions.h" |
| 18 #include "pdf/pdfium/pdfium_api_string_buffer_adapter.h" | 19 #include "pdf/pdfium/pdfium_api_string_buffer_adapter.h" |
| 19 #include "pdf/pdfium/pdfium_engine.h" | 20 #include "pdf/pdfium/pdfium_engine.h" |
| 20 #include "printing/units.h" | 21 #include "printing/units.h" |
| 21 | 22 |
| 22 // Used when doing hit detection. | 23 // Used when doing hit detection. |
| 23 #define kTolerance 20.0 | 24 #define kTolerance 20.0 |
| 24 | 25 |
| (...skipping 429 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 454 pp::Rect PDFiumPage::PageToScreen(const pp::Point& offset, | 455 pp::Rect PDFiumPage::PageToScreen(const pp::Point& offset, |
| 455 double zoom, | 456 double zoom, |
| 456 double left, | 457 double left, |
| 457 double top, | 458 double top, |
| 458 double right, | 459 double right, |
| 459 double bottom, | 460 double bottom, |
| 460 int rotation) const { | 461 int rotation) const { |
| 461 if (!available_) | 462 if (!available_) |
| 462 return pp::Rect(); | 463 return pp::Rect(); |
| 463 | 464 |
| 464 int new_left, new_top, new_right, new_bottom; | 465 double start_x = (rect_.x() - offset.x()) * zoom; |
| 465 FPDF_PageToDevice( | 466 double start_y = (rect_.y() - offset.y()) * zoom; |
| 466 page_, | 467 double size_x = rect_.width() * zoom; |
| 467 static_cast<int>((rect_.x() - offset.x()) * zoom), | 468 double size_y = rect_.height() * zoom; |
| 468 static_cast<int>((rect_.y() - offset.y()) * zoom), | 469 if (!base::IsValueInRangeForNumericType<int>(start_x) || |
| 469 static_cast<int>(ceil(rect_.width() * zoom)), | 470 !base::IsValueInRangeForNumericType<int>(start_y) || |
| 470 static_cast<int>(ceil(rect_.height() * zoom)), | 471 !base::IsValueInRangeForNumericType<int>(size_x) || |
| 471 rotation, left, top, &new_left, &new_top); | 472 !base::IsValueInRangeForNumericType<int>(size_y)) { |
| 472 FPDF_PageToDevice( | 473 return pp::Rect(); |
| 473 page_, | 474 } |
| 474 static_cast<int>((rect_.x() - offset.x()) * zoom), | 475 |
| 475 static_cast<int>((rect_.y() - offset.y()) * zoom), | 476 int new_left; |
| 476 static_cast<int>(ceil(rect_.width() * zoom)), | 477 int new_top; |
| 477 static_cast<int>(ceil(rect_.height() * zoom)), | 478 int new_right; |
| 478 rotation, right, bottom, &new_right, &new_bottom); | 479 int new_bottom; |
| 480 FPDF_PageToDevice(page_, static_cast<int>(start_x), static_cast<int>(start_y), | |
| 481 static_cast<int>(ceil(size_x)), | |
| 482 static_cast<int>(ceil(size_y)), rotation, left, top, | |
| 483 &new_left, &new_top); | |
| 484 FPDF_PageToDevice(page_, static_cast<int>(start_x), static_cast<int>(start_y), | |
| 485 static_cast<int>(ceil(size_x)), | |
| 486 static_cast<int>(ceil(size_y)), rotation, right, bottom, | |
| 487 &new_right, &new_bottom); | |
| 479 | 488 |
| 480 // If the PDF is rotated, the horizontal/vertical coordinates could be | 489 // If the PDF is rotated, the horizontal/vertical coordinates could be |
| 481 // flipped. See | 490 // flipped. See |
| 482 // http://www.netl.doe.gov/publications/proceedings/03/ubc/presentations/Goeck ner-pres.pdf | 491 // http://www.netl.doe.gov/publications/proceedings/03/ubc/presentations/Goeck ner-pres.pdf |
| 483 if (new_right < new_left) | 492 if (new_right < new_left) |
| 484 std::swap(new_right, new_left); | 493 std::swap(new_right, new_left); |
| 485 if (new_bottom < new_top) | 494 if (new_bottom < new_top) |
| 486 std::swap(new_bottom, new_top); | 495 std::swap(new_bottom, new_top); |
| 487 | 496 |
| 488 return pp::Rect( | 497 if (!base::IsValueInRangeForNumericType<int32_t>(new_left) || |
|
Tom Sepez
2016/09/27 20:00:42
Is this overkill per previous comment?
Lei Zhang
2016/09/27 22:07:53
Done.
| |
| 489 new_left, new_top, new_right - new_left + 1, new_bottom - new_top + 1); | 498 !base::IsValueInRangeForNumericType<int32_t>(new_top)) { |
| 499 return pp::Rect(); | |
| 500 } | |
| 501 | |
| 502 base::CheckedNumeric<int32_t> new_size_x = new_right; | |
| 503 new_size_x -= new_left; | |
| 504 new_size_x += 1; | |
| 505 base::CheckedNumeric<int32_t> new_size_y = new_bottom; | |
| 506 new_size_y -= new_top; | |
| 507 new_size_y += 1; | |
| 508 if (!new_size_x.IsValid() || !new_size_y.IsValid()) | |
| 509 return pp::Rect(); | |
| 510 | |
| 511 return pp::Rect(new_left, new_top, new_size_x.ValueOrDie(), | |
| 512 new_size_y.ValueOrDie()); | |
| 490 } | 513 } |
| 491 | 514 |
| 492 PDFiumPage::ScopedLoadCounter::ScopedLoadCounter(PDFiumPage* page) | 515 PDFiumPage::ScopedLoadCounter::ScopedLoadCounter(PDFiumPage* page) |
| 493 : page_(page) { | 516 : page_(page) { |
| 494 page_->loading_count_++; | 517 page_->loading_count_++; |
| 495 } | 518 } |
| 496 | 519 |
| 497 PDFiumPage::ScopedLoadCounter::~ScopedLoadCounter() { | 520 PDFiumPage::ScopedLoadCounter::~ScopedLoadCounter() { |
| 498 page_->loading_count_--; | 521 page_->loading_count_--; |
| 499 } | 522 } |
| 500 | 523 |
| 501 PDFiumPage::Link::Link() = default; | 524 PDFiumPage::Link::Link() = default; |
| 502 | 525 |
| 503 PDFiumPage::Link::Link(const Link& that) = default; | 526 PDFiumPage::Link::Link(const Link& that) = default; |
| 504 | 527 |
| 505 PDFiumPage::Link::~Link() = default; | 528 PDFiumPage::Link::~Link() = default; |
| 506 | 529 |
| 507 } // namespace chrome_pdf | 530 } // namespace chrome_pdf |
| OLD | NEW |
