Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(41)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcrt/extension.h

Issue 322333002: Fix the potential integer overflow from "offset + size" (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: some formats in the fix of offest+size Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #ifndef _FXCRT_EXTENSION_IMP_ 7 #ifndef _FXCRT_EXTENSION_IMP_
8 #define _FXCRT_EXTENSION_IMP_ 8 #define _FXCRT_EXTENSION_IMP_
9
10 #include "../../../third_party/numerics/safe_math.h"
11
9 class IFXCRT_FileAccess 12 class IFXCRT_FileAccess
10 { 13 {
11 public: 14 public:
12 virtual ~IFXCRT_FileAccess() {} 15 virtual ~IFXCRT_FileAccess() {}
13 virtual FX_BOOL Open(FX_BSTR fileName, FX_DWORD dwMode) = 0; 16 virtual FX_BOOL Open(FX_BSTR fileName, FX_DWORD dwMode) = 0;
14 virtual FX_BOOL Open(FX_WSTR fileName, FX_DWORD dwMode) = 0; 17 virtual FX_BOOL Open(FX_WSTR fileName, FX_DWORD dwMode) = 0;
15 virtual void Close() = 0; 18 virtual void Close() = 0;
16 virtual void Release() = 0; 19 virtual void Release() = 0;
17 virtual FX_FILESIZE GetSize() const = 0; 20 virtual FX_FILESIZE GetSize() const = 0;
18 virtual FX_FILESIZE GetPosition() const = 0; 21 virtual FX_FILESIZE GetPosition() const = 0;
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after
174 virtual FX_FILESIZE GetPosition() 177 virtual FX_FILESIZE GetPosition()
175 { 178 {
176 FX_FILESIZE pos = (FX_FILESIZE)m_nCurPos; 179 FX_FILESIZE pos = (FX_FILESIZE)m_nCurPos;
177 if (m_bUseRange) { 180 if (m_bUseRange) {
178 pos -= (FX_FILESIZE)m_nOffset; 181 pos -= (FX_FILESIZE)m_nOffset;
179 } 182 }
180 return pos; 183 return pos;
181 } 184 }
182 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size) 185 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size)
183 { 186 {
184 if (offset < 0 || (size_t)(offset + size) > m_nCurSize) { 187 base::CheckedNumeric<FX_FILESIZE> range = size;
188 range += size;
189
190 if (!range.IsValid() || offset <= 0 || size <= 0 || range.ValueOrDie() > m_nCurSize) {
185 return FALSE; 191 return FALSE;
186 } 192 }
193
187 m_nOffset = (size_t)offset, m_nSize = (size_t)size; 194 m_nOffset = (size_t)offset, m_nSize = (size_t)size;
188 m_bUseRange = TRUE; 195 m_bUseRange = TRUE;
189 m_nCurPos = m_nOffset; 196 m_nCurPos = m_nOffset;
190 return TRUE; 197 return TRUE;
191 } 198 }
192 virtual void ClearRange() 199 virtual void ClearRange()
193 { 200 {
194 m_bUseRange = FALSE; 201 m_bUseRange = FALSE;
195 } 202 }
196 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size) 203 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size)
197 { 204 {
198 if (!buffer || !size) { 205 if (!buffer || !size) {
199 return FALSE; 206 return FALSE;
200 } 207 }
208
209 base::CheckedNumeric<FX_FILESIZE> safeOffset = offset;
201 if (m_bUseRange) { 210 if (m_bUseRange) {
202 offset += (FX_FILESIZE)m_nOffset; 211 safeOffset += m_nOffset;
203 } 212 }
204 if ((size_t)offset + size > m_nCurSize) { 213
214 if (!safeOffset.IsValid()) {
205 return FALSE; 215 return FALSE;
206 } 216 }
207 m_nCurPos = (size_t)offset + size; 217
218 offset = safeOffset.ValueOrDie();
219
220 base::CheckedNumeric<size_t> newPos = size;
221 newPos += offset;
222 if (!newPos.IsValid() || newPos.ValueOrDefault(0) == 0 || newPos.ValueOr Die() > m_nCurSize) {
223 return FALSE;
224 }
225
226 m_nCurPos = newPos.ValueOrDie();
208 if (m_dwFlags & FX_MEMSTREAM_Consecutive) { 227 if (m_dwFlags & FX_MEMSTREAM_Consecutive) {
209 FXSYS_memcpy32(buffer, (FX_LPBYTE)m_Blocks[0] + (size_t)offset, size ); 228 FXSYS_memcpy32(buffer, (FX_LPBYTE)m_Blocks[0] + (size_t)offset, size );
210 return TRUE; 229 return TRUE;
211 } 230 }
212 size_t nStartBlock = (size_t)offset / m_nGrowSize; 231 size_t nStartBlock = (size_t)offset / m_nGrowSize;
213 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize); 232 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize);
214 while (size) { 233 while (size) {
215 size_t nRead = m_nGrowSize - (size_t)offset; 234 size_t nRead = m_nGrowSize - (size_t)offset;
216 if (nRead > size) { 235 if (nRead > size) {
217 nRead = size; 236 nRead = size;
(...skipping 25 matching lines...) Expand all
243 } 262 }
244 virtual FX_BOOL WriteBlock(const void* buffer, F X_FILESIZE offset, size_t size) 263 virtual FX_BOOL WriteBlock(const void* buffer, F X_FILESIZE offset, size_t size)
245 { 264 {
246 if (!buffer || !size) { 265 if (!buffer || !size) {
247 return FALSE; 266 return FALSE;
248 } 267 }
249 if (m_bUseRange) { 268 if (m_bUseRange) {
250 offset += (FX_FILESIZE)m_nOffset; 269 offset += (FX_FILESIZE)m_nOffset;
251 } 270 }
252 if (m_dwFlags & FX_MEMSTREAM_Consecutive) { 271 if (m_dwFlags & FX_MEMSTREAM_Consecutive) {
253 m_nCurPos = (size_t)offset + size; 272 base::CheckedNumeric<size_t> newPos = size;
273 newPos += offset;
274 if (!newPos.IsValid())
275 return FALSE;
276
277 m_nCurPos = newPos.ValueOrDie();
254 if (m_nCurPos > m_nTotalSize) { 278 if (m_nCurPos > m_nTotalSize) {
255 m_nTotalSize = (m_nCurPos + m_nGrowSize - 1) / m_nGrowSize * m_n GrowSize; 279 m_nTotalSize = (m_nCurPos + m_nGrowSize - 1) / m_nGrowSize * m_n GrowSize;
256 if (m_Blocks.GetSize() < 1) { 280 if (m_Blocks.GetSize() < 1) {
257 void* block = FX_Alloc(FX_BYTE, m_nTotalSize); 281 void* block = FX_Alloc(FX_BYTE, m_nTotalSize);
258 m_Blocks.Add(block); 282 m_Blocks.Add(block);
259 } else { 283 } else {
260 m_Blocks[0] = FX_Realloc(FX_BYTE, m_Blocks[0], m_nTotalSize) ; 284 m_Blocks[0] = FX_Realloc(FX_BYTE, m_Blocks[0], m_nTotalSize) ;
261 } 285 }
262 if (!m_Blocks[0]) { 286 if (!m_Blocks[0]) {
263 m_Blocks.RemoveAll(); 287 m_Blocks.RemoveAll();
264 return FALSE; 288 return FALSE;
265 } 289 }
266 } 290 }
267 FXSYS_memcpy32((FX_LPBYTE)m_Blocks[0] + (size_t)offset, buffer, size ); 291 FXSYS_memcpy32((FX_LPBYTE)m_Blocks[0] + (size_t)offset, buffer, size );
268 if (m_nCurSize < m_nCurPos) { 292 if (m_nCurSize < m_nCurPos) {
269 m_nCurSize = m_nCurPos; 293 m_nCurSize = m_nCurPos;
270 } 294 }
271 return TRUE; 295 return TRUE;
272 } 296 }
273 if (!ExpandBlocks((size_t)offset + size)) { 297
298 base::CheckedNumeric<size_t> newPos = size;
299 newPos += offset;
300 if (!newPos.IsValid())
301 return FALSE;
302
303 if (!ExpandBlocks(newPos.ValueOrDie())) {
274 return FALSE; 304 return FALSE;
275 } 305 }
276 m_nCurPos = (size_t)offset + size; 306 m_nCurPos = newPos.ValueOrDie();
277 size_t nStartBlock = (size_t)offset / m_nGrowSize; 307 size_t nStartBlock = (size_t)offset / m_nGrowSize;
278 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize); 308 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize);
279 while (size) { 309 while (size) {
280 size_t nWrite = m_nGrowSize - (size_t)offset; 310 size_t nWrite = m_nGrowSize - (size_t)offset;
281 if (nWrite > size) { 311 if (nWrite > size) {
282 nWrite = size; 312 nWrite = size;
283 } 313 }
284 FXSYS_memcpy32((FX_LPBYTE)m_Blocks[(int)nStartBlock] + (size_t)offse t, buffer, nWrite); 314 FXSYS_memcpy32((FX_LPBYTE)m_Blocks[(int)nStartBlock] + (size_t)offse t, buffer, nWrite);
285 buffer = ((FX_LPBYTE)buffer) + nWrite; 315 buffer = ((FX_LPBYTE)buffer) + nWrite;
286 size -= nWrite; 316 size -= nWrite;
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after
389 FX_DWORD mt[MT_N]; 419 FX_DWORD mt[MT_N];
390 } FX_MTRANDOMCONTEXT, * FX_LPMTRANDOMCONTEXT; 420 } FX_MTRANDOMCONTEXT, * FX_LPMTRANDOMCONTEXT;
391 typedef FX_MTRANDOMCONTEXT const * FX_LPCMTRANDOMCONTEXT; 421 typedef FX_MTRANDOMCONTEXT const * FX_LPCMTRANDOMCONTEXT;
392 #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ 422 #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
393 FX_BOOL FX_GenerateCryptoRandom(FX_LPDWORD pBuffer, FX_INT32 iCount); 423 FX_BOOL FX_GenerateCryptoRandom(FX_LPDWORD pBuffer, FX_INT32 iCount);
394 #endif 424 #endif
395 #ifdef __cplusplus 425 #ifdef __cplusplus
396 } 426 }
397 #endif 427 #endif
398 #endif 428 #endif
OLDNEW
« no previous file with comments | « core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698