Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2082)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: core/include/fxcrt/fx_memory.h

Issue 334573007: Integer overflow in fx_basic.h and fx_memory.h (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Replace size < 1 with size == 0 Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « core/include/fxcrt/fx_basic.h ('k') | core/src/fxcrt/fx_basic_memmgr.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: core/include/fxcrt/fx_memory.h
diff --git a/core/include/fxcrt/fx_memory.h b/core/include/fxcrt/fx_memory.h
index cf795fa869a5efc0631686303d66e5c88c243bac..1869ccc0e898472e2f1a4c746630598ca4a5d5c1 100644
--- a/core/include/fxcrt/fx_memory.h
+++ b/core/include/fxcrt/fx_memory.h
@@ -117,13 +117,13 @@ extern "C" {
#endif
typedef struct _IFX_Allocator {
- void* (*m_AllocDebug)(struct _IFX_Allocator* pAllocator, size_t size, FX_LPCSTR file, int line);
+ void* (*m_AllocDebug)(struct _IFX_Allocator* pAllocator, size_t num, size_t size, FX_LPCSTR file, int line);
- void* (*m_Alloc)(struct _IFX_Allocator* pAllocator, size_t size);
+ void* (*m_Alloc)(struct _IFX_Allocator* pAllocator, size_t num, size_t size);
- void* (*m_ReallocDebug)(struct _IFX_Allocator* pAllocator, void* p, size_t size, FX_LPCSTR file, int line);
+ void* (*m_ReallocDebug)(struct _IFX_Allocator* pAllocator, void* p, size_t num, size_t size, FX_LPCSTR file, int line);
- void* (*m_Realloc)(struct _IFX_Allocator* pAllocator, void* p, size_t size);
+ void* (*m_Realloc)(struct _IFX_Allocator* pAllocator, void* p, size_t num, size_t size);
void (*m_Free)(struct _IFX_Allocator* pAllocator, void* p);
} IFX_Allocator;
@@ -134,17 +134,17 @@ IFX_Allocator* FXMEM_GetDefAllocator();
#ifdef _DEBUG
#define FX_Allocator_Alloc(fxAllocator, type, size) \
- ((fxAllocator) ? (type*)(fxAllocator)->m_AllocDebug((fxAllocator), (size) * sizeof(type), __FILE__, __LINE__) : (FX_Alloc(type, size)))
+ ((fxAllocator) ? (type*)(fxAllocator)->m_AllocDebug((fxAllocator), (size), sizeof(type), __FILE__, __LINE__) : (FX_Alloc(type, size)))
#define FX_Allocator_Realloc(fxAllocator, type, ptr, new_size) \
- ((fxAllocator) ? (type*)(fxAllocator)->m_ReallocDebug((fxAllocator), (ptr), (new_size) * sizeof(type), __FILE__, __LINE__) : (FX_Realloc(type, ptr, new_size)))
+ ((fxAllocator) ? (type*)(fxAllocator)->m_ReallocDebug((fxAllocator), (ptr), (new_size) , sizeof(type), __FILE__, __LINE__) : (FX_Realloc(type, ptr, new_size)))
#else
#define FX_Allocator_Alloc(fxAllocator, type, size) \
- ((fxAllocator) ? (type*)(fxAllocator)->m_Alloc((fxAllocator), (size) * sizeof(type)) : (FX_Alloc(type, size)))
+ ((fxAllocator) ? (type*)(fxAllocator)->m_Alloc((fxAllocator), (size), sizeof(type)) : (FX_Alloc(type, size)))
#define FX_Allocator_Realloc(fxAllocator, type, ptr, new_size) \
- ((fxAllocator) ? (type*)(fxAllocator)->m_Realloc((fxAllocator), (ptr), (new_size) * sizeof(type)) : (FX_Realloc(type, ptr, new_size)))
+ ((fxAllocator) ? (type*)(fxAllocator)->m_Realloc((fxAllocator), (ptr), (new_size), sizeof(type)) : (FX_Realloc(type, ptr, new_size)))
#endif
#define FX_Allocator_Free(fxAllocator, ptr) \
((fxAllocator) ? (fxAllocator)->m_Free((fxAllocator), (ptr)) : (FX_Free(ptr)))
« no previous file with comments | « core/include/fxcrt/fx_basic.h ('k') | core/src/fxcrt/fx_basic_memmgr.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698