Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(95)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcrt/fx_basic_memmgr.cpp

Issue 334573007: Integer overflow in fx_basic.h and fx_memory.h (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Replace size < 1 with size == 0 Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/include/fxcrt/fx_memory.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../include/fxcrt/fx_basic.h" 7 #include "../../include/fxcrt/fx_basic.h"
8 #include "mem_int.h" 8 #include "mem_int.h"
9
9 void FXMEM_DestroyFoxitMgr(FXMEM_FoxitMgr* pFoxitMgr) 10 void FXMEM_DestroyFoxitMgr(FXMEM_FoxitMgr* pFoxitMgr)
10 { 11 {
11 if (pFoxitMgr == NULL) { 12 if (pFoxitMgr == NULL) {
12 return; 13 return;
13 } 14 }
14 CFX_MemoryMgr* p = (CFX_MemoryMgr*)pFoxitMgr; 15 CFX_MemoryMgr* p = (CFX_MemoryMgr*)pFoxitMgr;
15 if (p->m_pSystemMgr->CollectAll) { 16 if (p->m_pSystemMgr->CollectAll) {
16 p->m_pSystemMgr->CollectAll(p->m_pSystemMgr); 17 p->m_pSystemMgr->CollectAll(p->m_pSystemMgr);
17 } 18 }
18 if (p->m_bReleaseMgr) { 19 if (p->m_bReleaseMgr) {
19 p->m_pSystemMgr->Free(p->m_pSystemMgr, p, 0); 20 p->m_pSystemMgr->Free(p->m_pSystemMgr, p, 0);
20 } 21 }
21 if (p->m_pExternalMemory) { 22 if (p->m_pExternalMemory) {
22 free(p->m_pExternalMemory); 23 free(p->m_pExternalMemory);
23 } 24 }
24 } 25 }
25 #ifdef __cplusplus 26 #ifdef __cplusplus
26 extern "C" { 27 extern "C" {
27 #endif 28 #endif
28 static void* _DefAllocDebug(IFX_Allocator* pAllocator, size_t size, FX_LPCSTR fi lename, int line) 29 static void* _DefAllocDebug(IFX_Allocator* pAllocator, size_t num, size_t size, FX_LPCSTR filename, int line)
29 { 30 {
31 if (size == 0 || num > SIZE_MAX/size)
32 return NULL;
33
34 size = size * num;
30 return ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->AllocDebug(size, 0, file name, line); 35 return ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->AllocDebug(size, 0, file name, line);
31 } 36 }
32 static void* _DefAlloc(IFX_Allocator* pAllocator, size_t size) 37 static void* _DefAlloc(IFX_Allocator* pAllocator, size_t num, size_t size)
33 { 38 {
39 if (size == 0 || num > SIZE_MAX/size)
40 return NULL;
41
42 size = size * num;
34 return ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->Alloc(size, 0); 43 return ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->Alloc(size, 0);
35 } 44 }
36 static void* _DefReallocDebug(IFX_Allocator* pAllocator, void* p, size_t size, F X_LPCSTR filename, int line) 45 static void* _DefReallocDebug(IFX_Allocator* pAllocator, void* p, size_t new_num , size_t size, FX_LPCSTR filename, int line)
37 { 46 {
47 if (size == 0 || new_num > SIZE_MAX/size)
48 return NULL;
49
50 size = size * new_num;
38 return ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->ReallocDebug(p, size, 0, filename, line); 51 return ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->ReallocDebug(p, size, 0, filename, line);
39 } 52 }
40 static void* _DefRealloc(IFX_Allocator* pAllocator, void* p, size_t size) 53 static void* _DefRealloc(IFX_Allocator* pAllocator, void* p, size_t new_num, siz e_t size)
41 { 54 {
55 if (size == 0 || new_num > SIZE_MAX/size)
56 return NULL;
57
58 size = size * new_num;
42 return ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->Realloc(p, size, 0); 59 return ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->Realloc(p, size, 0);
43 } 60 }
44 static void _DefFree(IFX_Allocator* pAllocator, void* p) 61 static void _DefFree(IFX_Allocator* pAllocator, void* p)
45 { 62 {
46 ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->Free(p, 0); 63 ((FX_DefAllocator*)pAllocator)->m_pFoxitMgr->Free(p, 0);
47 } 64 }
48 #ifdef __cplusplus 65 #ifdef __cplusplus
49 } 66 }
50 #endif 67 #endif
51 void CFX_MemoryMgr::Init(FXMEM_SystemMgr* pSystemMgr) 68 void CFX_MemoryMgr::Init(FXMEM_SystemMgr* pSystemMgr)
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after
186 void CFX_Object::operator delete(void* p, FX_LPCSTR file, int line) 203 void CFX_Object::operator delete(void* p, FX_LPCSTR file, int line)
187 { 204 {
188 g_pDefFoxitMgr->Free(p, 0); 205 g_pDefFoxitMgr->Free(p, 0);
189 } 206 }
190 void CFX_Object::operator delete[](void* p, FX_LPCSTR file, int line) 207 void CFX_Object::operator delete[](void* p, FX_LPCSTR file, int line)
191 { 208 {
192 g_pDefFoxitMgr->Free(p, 0); 209 g_pDefFoxitMgr->Free(p, 0);
193 } 210 }
194 void* CFX_AllocObject::operator new(size_t size, IFX_Allocator* pAllocator, FX_L PCSTR filename, int line) 211 void* CFX_AllocObject::operator new(size_t size, IFX_Allocator* pAllocator, FX_L PCSTR filename, int line)
195 { 212 {
196 void* p = pAllocator ? pAllocator->m_AllocDebug(pAllocator, size, filename, line) : 213 void* p = pAllocator ? pAllocator->m_AllocDebug(pAllocator, size, 1, filenam e, line) :
197 g_pDefFoxitMgr->AllocDebug(size, 0, filename, line); 214 g_pDefFoxitMgr->AllocDebug(size, 0, filename, line);
198 ((CFX_AllocObject*)p)->m_pAllocator = pAllocator; 215 ((CFX_AllocObject*)p)->m_pAllocator = pAllocator;
199 return p; 216 return p;
200 } 217 }
201 void CFX_AllocObject::operator delete (void* p, IFX_Allocator* pAllocator, FX_LP CSTR filename, int line) 218 void CFX_AllocObject::operator delete (void* p, IFX_Allocator* pAllocator, FX_LP CSTR filename, int line)
202 { 219 {
203 if (pAllocator) { 220 if (pAllocator) {
204 pAllocator->m_Free(pAllocator, p); 221 pAllocator->m_Free(pAllocator, p);
205 } else { 222 } else {
206 g_pDefFoxitMgr->Free(p, 0); 223 g_pDefFoxitMgr->Free(p, 0);
207 } 224 }
208 } 225 }
209 void* CFX_AllocObject::operator new(size_t size, IFX_Allocator* pAllocator) 226 void* CFX_AllocObject::operator new(size_t size, IFX_Allocator* pAllocator)
210 { 227 {
211 void* p = pAllocator ? pAllocator->m_Alloc(pAllocator, size) : g_pDefFoxitMg r->Alloc(size, 0); 228 void* p = pAllocator ? pAllocator->m_Alloc(pAllocator, size, 1) : g_pDefFoxi tMgr->Alloc(size, 0);
212 ((CFX_AllocObject*)p)->m_pAllocator = pAllocator; 229 ((CFX_AllocObject*)p)->m_pAllocator = pAllocator;
213 return p; 230 return p;
214 } 231 }
215 void CFX_AllocObject::operator delete(void* p) 232 void CFX_AllocObject::operator delete(void* p)
216 { 233 {
217 if (((CFX_AllocObject*)p)->m_pAllocator) { 234 if (((CFX_AllocObject*)p)->m_pAllocator) {
218 (((CFX_AllocObject*)p)->m_pAllocator)->m_Free(((CFX_AllocObject*)p)->m_p Allocator, p); 235 (((CFX_AllocObject*)p)->m_pAllocator)->m_Free(((CFX_AllocObject*)p)->m_p Allocator, p);
219 } else { 236 } else {
220 g_pDefFoxitMgr->Free(p, 0); 237 g_pDefFoxitMgr->Free(p, 0);
221 } 238 }
222 } 239 }
223 void CFX_AllocObject::operator delete(void* p, IFX_Allocator* pAllocator) 240 void CFX_AllocObject::operator delete(void* p, IFX_Allocator* pAllocator)
224 { 241 {
225 if (pAllocator) { 242 if (pAllocator) {
226 pAllocator->m_Free(pAllocator, p); 243 pAllocator->m_Free(pAllocator, p);
227 } else { 244 } else {
228 g_pDefFoxitMgr->Free(p, 0); 245 g_pDefFoxitMgr->Free(p, 0);
229 } 246 }
230 } 247 }
231 extern "C" { 248 extern "C" {
232 static void* _GOPAllocDebug(IFX_Allocator* pAllocator, size_t size, FX_LPCST R file, int line) 249 static void* _GOPAllocDebug(IFX_Allocator* pAllocator, size_t num, size_t si ze, FX_LPCSTR file, int line)
233 { 250 {
251 if (size == 0 || num > SIZE_MAX/size)
252 return NULL;
253
254 size = size * num;
234 return ((CFX_GrowOnlyPool*)pAllocator)->Alloc(size); 255 return ((CFX_GrowOnlyPool*)pAllocator)->Alloc(size);
235 } 256 }
236 static void* _GOPAlloc(IFX_Allocator* pAllocator, size_t size) 257 static void* _GOPAlloc(IFX_Allocator* pAllocator, size_t num, size_t size)
237 { 258 {
259 if (size == 0 || num > SIZE_MAX/size)
260 return NULL;
261
262 size = size * num;
238 return ((CFX_GrowOnlyPool*)pAllocator)->Alloc(size); 263 return ((CFX_GrowOnlyPool*)pAllocator)->Alloc(size);
239 } 264 }
240 static void* _GOPReallocDebug(IFX_Allocator* pAllocator, void* p, size_t new _size, FX_LPCSTR file, int line) 265 static void* _GOPReallocDebug(IFX_Allocator* pAllocator, void* p, size_t new _num, size_t size, FX_LPCSTR file, int line)
241 { 266 {
242 return ((CFX_GrowOnlyPool*)pAllocator)->Realloc(p, new_size); 267 if (size == 0 || new_num > SIZE_MAX/size)
268 return NULL;
269
270 size = size * new_num;
271 return ((CFX_GrowOnlyPool*)pAllocator)->Realloc(p, size);
243 } 272 }
244 static void* _GOPRealloc(IFX_Allocator* pAllocator, void* p, size_t new_size ) 273 static void* _GOPRealloc(IFX_Allocator* pAllocator, void* p, size_t new_num, size_t size)
245 { 274 {
246 return ((CFX_GrowOnlyPool*)pAllocator)->Realloc(p, new_size); 275 if (size == 0 || new_num > SIZE_MAX/size)
276 return NULL;
277
278 size = size * new_num;
279 return ((CFX_GrowOnlyPool*)pAllocator)->Realloc(p, size);
247 } 280 }
248 static void _GOPFree(IFX_Allocator* pAllocator, void* p) 281 static void _GOPFree(IFX_Allocator* pAllocator, void* p)
249 { 282 {
250 } 283 }
251 }; 284 };
252 CFX_GrowOnlyPool::CFX_GrowOnlyPool(IFX_Allocator* pAllocator, size_t trunk_size) 285 CFX_GrowOnlyPool::CFX_GrowOnlyPool(IFX_Allocator* pAllocator, size_t trunk_size)
253 { 286 {
254 m_TrunkSize = trunk_size; 287 m_TrunkSize = trunk_size;
255 m_pFirstTrunk = NULL; 288 m_pFirstTrunk = NULL;
256 m_pAllocator = pAllocator ? pAllocator : &g_pDefFoxitMgr->m_DefAllocator.m_A llocator; 289 m_pAllocator = pAllocator ? pAllocator : &g_pDefFoxitMgr->m_DefAllocator.m_A llocator;
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
290 _FX_GrowOnlyTrunk* pTrunk = (_FX_GrowOnlyTrunk*)m_pFirstTrunk; 323 _FX_GrowOnlyTrunk* pTrunk = (_FX_GrowOnlyTrunk*)m_pFirstTrunk;
291 while (pTrunk) { 324 while (pTrunk) {
292 if (pTrunk->m_Size - pTrunk->m_Allocated >= size) { 325 if (pTrunk->m_Size - pTrunk->m_Allocated >= size) {
293 void* p = (FX_LPBYTE)(pTrunk + 1) + pTrunk->m_Allocated; 326 void* p = (FX_LPBYTE)(pTrunk + 1) + pTrunk->m_Allocated;
294 pTrunk->m_Allocated += size; 327 pTrunk->m_Allocated += size;
295 return p; 328 return p;
296 } 329 }
297 pTrunk = pTrunk->m_pNext; 330 pTrunk = pTrunk->m_pNext;
298 } 331 }
299 size_t alloc_size = size > m_TrunkSize ? size : m_TrunkSize; 332 size_t alloc_size = size > m_TrunkSize ? size : m_TrunkSize;
300 pTrunk = (_FX_GrowOnlyTrunk*)m_pAllocator->m_Alloc(m_pAllocator, sizeof(_FX_ GrowOnlyTrunk) + alloc_size); 333
334 if (alloc_size > SIZE_MAX - sizeof(_FX_GrowOnlyTrunk) )
335 return NULL;
336
337 pTrunk = (_FX_GrowOnlyTrunk*)m_pAllocator->m_Alloc(m_pAllocator, sizeof(_FX_ GrowOnlyTrunk) + alloc_size, 1);
301 pTrunk->m_Size = alloc_size; 338 pTrunk->m_Size = alloc_size;
302 pTrunk->m_Allocated = size; 339 pTrunk->m_Allocated = size;
303 pTrunk->m_pNext = (_FX_GrowOnlyTrunk*)m_pFirstTrunk; 340 pTrunk->m_pNext = (_FX_GrowOnlyTrunk*)m_pFirstTrunk;
304 m_pFirstTrunk = pTrunk; 341 m_pFirstTrunk = pTrunk;
305 return pTrunk + 1; 342 return pTrunk + 1;
306 } 343 }
OLDNEW
« no previous file with comments | « core/include/fxcrt/fx_memory.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698