Chromium Code Reviews Chromium Code Reviews
Issue 2404453003:
Strengthen bounds check in CWeightTable::Calc * part II (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include <limits.h> | 7 #include <limits.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| (...skipping 24 matching lines...) Expand all Loading... | |
| 35 CWeightTable::CWeightTable() | 35 CWeightTable::CWeightTable() |
| 36 : m_DestMin(0), | 36 : m_DestMin(0), |
| 37 m_ItemSize(0), | 37 m_ItemSize(0), |
| 38 m_pWeightTables(nullptr), | 38 m_pWeightTables(nullptr), |
| 39 m_dwWeightTablesSize(0) {} | 39 m_dwWeightTablesSize(0) {} |
| 40 | 40 |
| 41 CWeightTable::~CWeightTable() { | 41 CWeightTable::~CWeightTable() { |
| 42 FX_Free(m_pWeightTables); | 42 FX_Free(m_pWeightTables); |
| 43 } | 43 } |
| 44 | 44 |
| 45 size_t CWeightTable::GetPixelWeightSize() const { | 45 size_t CWeightTable::GetMaximumPixelWeightSize(PixelWeight* pWeight) const { |
| 46 return m_dwWeightTablesSize / sizeof(int); | 46 uint8_t* end_addr = m_pWeightTables + m_dwWeightTablesSize; |
|
Lei Zhang
2016/10/10 18:30:51
Should we instead just check for:
return m_ItemSi
| |
| 47 uint8_t* begin_addr = reinterpret_cast<uint8_t*>(&pWeight->m_Weights); | |
| 48 return (end_addr - begin_addr) / sizeof(pWeight->m_Weights[0]); | |
| 47 } | 49 } |
| 48 | 50 |
| 49 bool CWeightTable::Calc(int dest_len, | 51 bool CWeightTable::Calc(int dest_len, |
| 50 int dest_min, | 52 int dest_min, |
| 51 int dest_max, | 53 int dest_max, |
| 52 int src_len, | 54 int src_len, |
| 53 int src_min, | 55 int src_min, |
| 54 int src_max, | 56 int src_max, |
| 55 int flags) { | 57 int flags) { |
| 56 FX_Free(m_pWeightTables); | 58 FX_Free(m_pWeightTables); |
| (...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 233 : (FX_FLOAT)(dest_pixel); | 235 : (FX_FLOAT)(dest_pixel); |
| 234 double area_end = dest_end > (FX_FLOAT)(dest_pixel + 1) | 236 double area_end = dest_end > (FX_FLOAT)(dest_pixel + 1) |
| 235 ? (FX_FLOAT)(dest_pixel + 1) | 237 ? (FX_FLOAT)(dest_pixel + 1) |
| 236 : dest_end; | 238 : dest_end; |
| 237 double weight = area_start >= area_end ? 0.0f : area_end - area_start; | 239 double weight = area_start >= area_end ? 0.0f : area_end - area_start; |
| 238 if (weight == 0 && j == end_i) { | 240 if (weight == 0 && j == end_i) { |
| 239 pixel_weights.m_SrcEnd--; | 241 pixel_weights.m_SrcEnd--; |
| 240 break; | 242 break; |
| 241 } | 243 } |
| 242 size_t idx = j - start_i; | 244 size_t idx = j - start_i; |
| 243 if (idx >= GetPixelWeightSize()) | 245 if (idx >= GetMaximumPixelWeightSize(&pixel_weights)) |
| 244 return false; | 246 return false; |
| 245 pixel_weights.m_Weights[idx] = FXSYS_round((FX_FLOAT)(weight * 65536)); | 247 pixel_weights.m_Weights[idx] = FXSYS_round((FX_FLOAT)(weight * 65536)); |
| 246 } | 248 } |
| 247 } | 249 } |
| 248 return true; | 250 return true; |
| 249 } | 251 } |
| 250 | 252 |
| 251 PixelWeight* CWeightTable::GetPixelWeight(int pixel) const { | 253 PixelWeight* CWeightTable::GetPixelWeight(int pixel) const { |
| 252 ASSERT(pixel >= m_DestMin); | 254 ASSERT(pixel >= m_DestMin); |
| 253 return reinterpret_cast<PixelWeight*>(m_pWeightTables + | 255 return reinterpret_cast<PixelWeight*>(m_pWeightTables + |
| 254 (pixel - m_DestMin) * m_ItemSize); | 256 (pixel - m_DestMin) * m_ItemSize); |
| 255 } | 257 } |
| 256 | 258 |
| 257 int* CWeightTable::GetValueFromPixelWeight(PixelWeight* pWeight, | 259 int* CWeightTable::GetValueFromPixelWeight(PixelWeight* pWeight, |
| 258 int index) const { | 260 int index) const { |
| 259 if (index < pWeight->m_SrcStart) | 261 if (index < pWeight->m_SrcStart) |
| 260 return nullptr; | 262 return nullptr; |
| 261 | 263 |
| 262 size_t idx = index - pWeight->m_SrcStart; | 264 size_t idx = index - pWeight->m_SrcStart; |
| 263 return idx < GetPixelWeightSize() ? &pWeight->m_Weights[idx] : nullptr; | 265 return idx < GetMaximumPixelWeightSize(pWeight) ? &pWeight->m_Weights[idx] : n ullptr; |
| 264 } | 266 } |
| 265 | 267 |
| 266 CStretchEngine::CStretchEngine(IFX_ScanlineComposer* pDestBitmap, | 268 CStretchEngine::CStretchEngine(IFX_ScanlineComposer* pDestBitmap, |
| 267 FXDIB_Format dest_format, | 269 FXDIB_Format dest_format, |
| 268 int dest_width, | 270 int dest_width, |
| 269 int dest_height, | 271 int dest_height, |
| 270 const FX_RECT& clip_rect, | 272 const FX_RECT& clip_rect, |
| 271 const CFX_DIBSource* pSrcBitmap, | 273 const CFX_DIBSource* pSrcBitmap, |
| 272 int flags) { | 274 int flags) { |
| 273 m_State = 0; | 275 m_State = 0; |
| (...skipping 725 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 999 result_width); | 1001 result_width); |
| 1000 if (m_pMaskScanline) { | 1002 if (m_pMaskScanline) { |
| 1001 m_pSource->m_pAlphaMask->DownSampleScanline( | 1003 m_pSource->m_pAlphaMask->DownSampleScanline( |
| 1002 src_y, m_pMaskScanline.get(), 1, m_DestWidth, m_bFlipX, | 1004 src_y, m_pMaskScanline.get(), 1, m_DestWidth, m_bFlipX, |
| 1003 m_ClipRect.left, result_width); | 1005 m_ClipRect.left, result_width); |
| 1004 } | 1006 } |
| 1005 m_pDest->ComposeScanline(dest_y, m_pScanline.get(), m_pMaskScanline.get()); | 1007 m_pDest->ComposeScanline(dest_y, m_pScanline.get(), m_pMaskScanline.get()); |
| 1006 } | 1008 } |
| 1007 return FALSE; | 1009 return FALSE; |
| 1008 } | 1010 } |
| OLD | NEW |
