core/src/fxcrt/extension.h - Issue 322333002: Fix the potential integer overflow from "offset + size"

Side by Side Diff: core/src/fxcrt/extension.h

Issue 322333002: Fix the potential integer overflow from "offset + size" (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 PDFium Authors. All rights reserved.	1 // Copyright 2014 PDFium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com	5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com

6	6

7 #ifndef _FXCRT_EXTENSION_IMP_	7 #ifndef _FXCRT_EXTENSION_IMP_

8 #define _FXCRT_EXTENSION_IMP_	8 #define _FXCRT_EXTENSION_IMP_

	9

	10 const size_t MAX_SIZE_T = size_t(-1);

	11

9 class IFXCRT_FileAccess	12 class IFXCRT_FileAccess

10 {	13 {

11 public:	14 public:

12 virtual ~IFXCRT_FileAccess() {}	15 virtual ~IFXCRT_FileAccess() {}

13 virtual FX_BOOL Open(FX_BSTR fileName, FX_DWORD dwMode) = 0;	16 virtual FX_BOOL Open(FX_BSTR fileName, FX_DWORD dwMode) = 0;

14 virtual FX_BOOL Open(FX_WSTR fileName, FX_DWORD dwMode) = 0;	17 virtual FX_BOOL Open(FX_WSTR fileName, FX_DWORD dwMode) = 0;

15 virtual void Close() = 0;	18 virtual void Close() = 0;

16 virtual void Release(IFX_Allocator* pAllocator = NULL) = 0;	19 virtual void Release(IFX_Allocator* pAllocator = NULL) = 0;

17 virtual FX_FILESIZE GetSize() const = 0;	20 virtual FX_FILESIZE GetSize() const = 0;

18 virtual FX_FILESIZE GetPosition() const = 0;	21 virtual FX_FILESIZE GetPosition() const = 0;

(...skipping 168 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
187 virtual FX_FILESIZE GetPosition()	190 virtual FX_FILESIZE GetPosition()

188 {	191 {

189 FX_FILESIZE pos = (FX_FILESIZE)m_nCurPos;	192 FX_FILESIZE pos = (FX_FILESIZE)m_nCurPos;

190 if (m_bUseRange) {	193 if (m_bUseRange) {

191 pos -= (FX_FILESIZE)m_nOffset;	194 pos -= (FX_FILESIZE)m_nOffset;

192 }	195 }

193 return pos;	196 return pos;

194 }	197 }

195 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size)	198 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size)

196 {	199 {

197 if (offset < 0 \|\| (size_t)(offset + size) > m_nCurSize) {	200 if (offset < 0 \|\| offset + size > m_nCurSize) {

198 return FALSE;	201 return FALSE;

199 }	202 }

200 m_nOffset = (size_t)offset, m_nSize = (size_t)size;	203 m_nOffset = (size_t)offset, m_nSize = (size_t)size;

201 m_bUseRange = TRUE;	204 m_bUseRange = TRUE;

202 m_nCurPos = m_nOffset;	205 m_nCurPos = m_nOffset;

203 return TRUE;	206 return TRUE;

204 }	207 }

205 virtual void ClearRange()	208 virtual void ClearRange()

206 {	209 {

207 m_bUseRange = FALSE;	210 m_bUseRange = FALSE;

208 }	211 }

209 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size)	212 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size)

210 {	213 {

211 if (!buffer \|\| !size) {	214 if (!buffer \|\| !size) {

212 return FALSE;	215 return FALSE;

213 }	216 }

214 if (m_bUseRange) {	217 if (m_bUseRange) {

215 offset += (FX_FILESIZE)m_nOffset;	218 offset += (FX_FILESIZE)m_nOffset;

216 }	219 }

	220

	221 if(offset > MAX_SIZE_T - size)

	222 return FALSE;

	223

217 if ((size_t)offset + size > m_nCurSize) {	224 if ((size_t)offset + size > m_nCurSize) {

218 return FALSE;	225 return FALSE;

219 }	226 }

220 m_nCurPos = (size_t)offset + size;	227 m_nCurPos = (size_t)offset + size;

221 if (m_dwFlags & FX_MEMSTREAM_Consecutive) {	228 if (m_dwFlags & FX_MEMSTREAM_Consecutive) {

222 FXSYS_memcpy32(buffer, (FX_LPBYTE)m_Blocks[0] + (size_t)offset, size );	229 FXSYS_memcpy32(buffer, (FX_LPBYTE)m_Blocks[0] + (size_t)offset, size );

223 return TRUE;	230 return TRUE;

224 }	231 }

225 size_t nStartBlock = (size_t)offset / m_nGrowSize;	232 size_t nStartBlock = (size_t)offset / m_nGrowSize;

226 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize);	233 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize);

(...skipping 29 matching lines...) Expand all Loading...
256 }	263 }

257 virtual FX_BOOL WriteBlock(const void* buffer, F X_FILESIZE offset, size_t size)	264 virtual FX_BOOL WriteBlock(const void* buffer, F X_FILESIZE offset, size_t size)

258 {	265 {

259 if (!buffer \|\| !size) {	266 if (!buffer \|\| !size) {

260 return FALSE;	267 return FALSE;

261 }	268 }

262 if (m_bUseRange) {	269 if (m_bUseRange) {

263 offset += (FX_FILESIZE)m_nOffset;	270 offset += (FX_FILESIZE)m_nOffset;

264 }	271 }

265 if (m_dwFlags & FX_MEMSTREAM_Consecutive) {	272 if (m_dwFlags & FX_MEMSTREAM_Consecutive) {

	273 if(offset > MAX_SIZE_T - size)

	274 return FALSE;

	275

266 m_nCurPos = (size_t)offset + size;	276 m_nCurPos = (size_t)offset + size;

267 if (m_nCurPos > m_nTotalSize) {	277 if (m_nCurPos > m_nTotalSize) {

268 IFX_Allocator* pAllocator = m_Blocks.m_pAllocator;	278 IFX_Allocator* pAllocator = m_Blocks.m_pAllocator;

269 m_nTotalSize = (m_nCurPos + m_nGrowSize - 1) / m_nGrowSize * m_n GrowSize;	279 m_nTotalSize = (m_nCurPos + m_nGrowSize - 1) / m_nGrowSize * m_n GrowSize;

270 if (m_Blocks.GetSize() < 1) {	280 if (m_Blocks.GetSize() < 1) {

271 void* block = FX_Allocator_Alloc(pAllocator, FX_BYTE, m_nTot alSize);	281 void* block = FX_Allocator_Alloc(pAllocator, FX_BYTE, m_nTot alSize);

272 m_Blocks.Add(block);	282 m_Blocks.Add(block);

273 } else {	283 } else {

274 m_Blocks[0] = FX_Allocator_Realloc(pAllocator, FX_BYTE, m_Bl ocks[0], m_nTotalSize);	284 m_Blocks[0] = FX_Allocator_Realloc(pAllocator, FX_BYTE, m_Bl ocks[0], m_nTotalSize);

275 }	285 }

276 if (!m_Blocks[0]) {	286 if (!m_Blocks[0]) {

277 m_Blocks.RemoveAll();	287 m_Blocks.RemoveAll();

278 return FALSE;	288 return FALSE;

279 }	289 }

280 }	290 }

281 FXSYS_memcpy32((FX_LPBYTE)m_Blocks[0] + (size_t)offset, buffer, size );	291 FXSYS_memcpy32((FX_LPBYTE)m_Blocks[0] + (size_t)offset, buffer, size );

282 if (m_nCurSize < m_nCurPos) {	292 if (m_nCurSize < m_nCurPos) {

283 m_nCurSize = m_nCurPos;	293 m_nCurSize = m_nCurPos;

284 }	294 }

285 return TRUE;	295 return TRUE;

286 }	296 }

	297

	298 if(offset > MAX_SIZE_T - size)

	299 return FALSE;

	300

287 if (!ExpandBlocks((size_t)offset + size)) {	301 if (!ExpandBlocks((size_t)offset + size)) {

288 return FALSE;	302 return FALSE;

289 }	303 }

290 m_nCurPos = (size_t)offset + size;	304 m_nCurPos = (size_t)offset + size;

291 size_t nStartBlock = (size_t)offset / m_nGrowSize;	305 size_t nStartBlock = (size_t)offset / m_nGrowSize;

292 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize);	306 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize);

293 while (size) {	307 while (size) {

294 size_t nWrite = m_nGrowSize - (size_t)offset;	308 size_t nWrite = m_nGrowSize - (size_t)offset;

295 if (nWrite > size) {	309 if (nWrite > size) {

296 nWrite = size;	310 nWrite = size;

(...skipping 107 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
404 FX_DWORD mt[MT_N];	418 FX_DWORD mt[MT_N];

405 } FX_MTRANDOMCONTEXT, * FX_LPMTRANDOMCONTEXT;	419 } FX_MTRANDOMCONTEXT, * FX_LPMTRANDOMCONTEXT;

406 typedef FX_MTRANDOMCONTEXT const * FX_LPCMTRANDOMCONTEXT;	420 typedef FX_MTRANDOMCONTEXT const * FX_LPCMTRANDOMCONTEXT;

407 #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_	421 #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_

408 FX_BOOL FX_GenerateCryptoRandom(FX_LPDWORD pBuffer, FX_INT32 iCount);	422 FX_BOOL FX_GenerateCryptoRandom(FX_LPDWORD pBuffer, FX_INT32 iCount);

409 #endif	423 #endif

410 #ifdef __cplusplus	424 #ifdef __cplusplus

411 }	425 }

412 #endif	426 #endif

413 #endif	427 #endif

OLD	NEW

« core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp ('K') | « core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp ('k') | no next file » | no next file with comments »