Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(78)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/include/fxcrt/fx_basic.h

Issue 334573007: Integer overflow in fx_basic.h and fx_memory.h (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Replace size < 1 with size == 0 Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | core/include/fxcrt/fx_memory.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #ifndef _FX_BASIC_H_ 7 #ifndef _FX_BASIC_H_
8 #define _FX_BASIC_H_ 8 #define _FX_BASIC_H_
9 #ifndef _STDINT_H_
10 #define _STDINT_H_
11 #include <stdint.h>
12 #endif
9 #ifndef _FX_SYSTEM_H_ 13 #ifndef _FX_SYSTEM_H_
10 #include "fx_system.h" 14 #include "fx_system.h"
11 #endif 15 #endif
12 #ifndef _FX_MEMORY_H_ 16 #ifndef _FX_MEMORY_H_
13 #include "fx_memory.h" 17 #include "fx_memory.h"
14 #endif 18 #endif
15 #ifndef _FX_STRING_H_ 19 #ifndef _FX_STRING_H_
16 #include "fx_string.h" 20 #include "fx_string.h"
17 #endif 21 #endif
18 #ifndef _FX_STREAM_H_ 22 #ifndef _FX_STREAM_H_
19 #include "fx_stream.h" 23 #include "fx_stream.h"
20 #endif 24 #endif
25
21 class CFX_BinaryBuf : public CFX_Object 26 class CFX_BinaryBuf : public CFX_Object
22 { 27 {
23 public: 28 public:
24 29
25 CFX_BinaryBuf(IFX_Allocator* pAllocator = NULL); 30 CFX_BinaryBuf(IFX_Allocator* pAllocator = NULL);
26 31
27 CFX_BinaryBuf(FX_STRSIZE size, IFX_Allocator* pAllocator = NULL); 32 CFX_BinaryBuf(FX_STRSIZE size, IFX_Allocator* pAllocator = NULL);
28 33
29 ~CFX_BinaryBuf(); 34 ~CFX_BinaryBuf();
30 35
(...skipping 738 matching lines...) Expand 10 before | Expand all | Expand 10 after
769 : m_pAllocator(pAllocator) 774 : m_pAllocator(pAllocator)
770 , m_pData(NULL) 775 , m_pData(NULL)
771 {} 776 {}
772 CFX_FixedBufGrow(int data_size, IFX_Allocator* pAllocator = NULL) 777 CFX_FixedBufGrow(int data_size, IFX_Allocator* pAllocator = NULL)
773 : m_pAllocator(pAllocator) 778 : m_pAllocator(pAllocator)
774 , m_pData(NULL) 779 , m_pData(NULL)
775 { 780 {
776 if (data_size > FixedSize) { 781 if (data_size > FixedSize) {
777 m_pData = FX_Allocator_Alloc(m_pAllocator, DataType, data_size); 782 m_pData = FX_Allocator_Alloc(m_pAllocator, DataType, data_size);
778 } else { 783 } else {
784 if (FixedSize > SIZE_MAX/sizeof(DataType))
785 return;
786
779 FXSYS_memset32(m_Data, 0, sizeof(DataType)*FixedSize); 787 FXSYS_memset32(m_Data, 0, sizeof(DataType)*FixedSize);
780 } 788 }
781 } 789 }
782 void SetDataSize(int data_size) 790 void SetDataSize(int data_size)
783 { 791 {
784 if (m_pData) { 792 if (m_pData) {
785 FX_Allocator_Free(m_pAllocator, m_pData); 793 FX_Allocator_Free(m_pAllocator, m_pData);
786 } 794 }
787 m_pData = NULL; 795 m_pData = NULL;
788 if (data_size > FixedSize) { 796 if (data_size > FixedSize) {
789 m_pData = FX_Allocator_Alloc(m_pAllocator, DataType, data_size); 797 m_pData = FX_Allocator_Alloc(m_pAllocator, DataType, data_size);
790 } else { 798 } else {
799
800 if (FixedSize > SIZE_MAX/sizeof(DataType))
801 return;
802
791 FXSYS_memset32(m_Data, 0, sizeof(DataType)*FixedSize); 803 FXSYS_memset32(m_Data, 0, sizeof(DataType)*FixedSize);
792 } 804 }
793 } 805 }
794 ~CFX_FixedBufGrow() 806 ~CFX_FixedBufGrow()
795 { 807 {
796 if (m_pData) { 808 if (m_pData) {
797 FX_Allocator_Free(m_pAllocator, m_pData); 809 FX_Allocator_Free(m_pAllocator, m_pData);
798 } 810 }
799 } 811 }
800 operator DataType*() 812 operator DataType*()
(...skipping 832 matching lines...) Expand 10 before | Expand all | Expand 10 after
1633 Ready, 1645 Ready,
1634 ToBeContinued, 1646 ToBeContinued,
1635 Found, 1647 Found,
1636 NotFound, 1648 NotFound,
1637 Failed, 1649 Failed,
1638 Done 1650 Done
1639 } FX_ProgressiveStatus; 1651 } FX_ProgressiveStatus;
1640 #define ProgressiveStatus FX_ProgressiveStatus 1652 #define ProgressiveStatus FX_ProgressiveStatus
1641 #define FX_NAMESPACE_DECLARE(namespace, type) namespace::type 1653 #define FX_NAMESPACE_DECLARE(namespace, type) namespace::type
1642 #endif 1654 #endif
OLDNEW
« no previous file with comments | « no previous file | core/include/fxcrt/fx_memory.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698