fpdfsdk/src/javascript/PublicMethods.cpp - Issue 395303004: Fix bounds checking in CJS_PublicMethods::MakeRegularDate().

Side by Side Diff: fpdfsdk/src/javascript/PublicMethods.cpp

Issue 395303004: Fix bounds checking in CJS_PublicMethods::MakeRegularDate(). (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 PDFium Authors. All rights reserved.	1 // Copyright 2014 PDFium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com	5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com

6	6

7 #include "../../include/javascript/JavaScript.h"	7 #include "../../include/javascript/JavaScript.h"

8 #include "../../include/javascript/IJavaScript.h"	8 #include "../../include/javascript/IJavaScript.h"

9 #include "../../include/javascript/JS_Define.h"	9 #include "../../include/javascript/JS_Define.h"

10 #include "../../include/javascript/JS_Object.h"	10 #include "../../include/javascript/JS_Object.h"

(...skipping 606 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
617 int nDay = JS_GetDayFromTime(dt);	617 int nDay = JS_GetDayFromTime(dt);

618 int nHour = JS_GetHourFromTime(dt);	618 int nHour = JS_GetHourFromTime(dt);

619 int nMin = JS_GetMinFromTime(dt);	619 int nMin = JS_GetMinFromTime(dt);

620 int nSec = JS_GetSecFromTime(dt);	620 int nSec = JS_GetSecFromTime(dt);

621	621

622 int nYearSub = 99; //nYear - 2000;	622 int nYearSub = 99; //nYear - 2000;

623	623

624 FX_BOOL bPm = FALSE;	624 FX_BOOL bPm = FALSE;

625 FX_BOOL bExit = FALSE;	625 FX_BOOL bExit = FALSE;

626 bWrongFormat = FALSE;	626 bWrongFormat = FALSE;

627 »	627

628 int i=0;	628 int i=0;

629 int j=0;	629 int j=0;

630	630

631 while (i < format.GetLength())	631 while (i < format.GetLength())

632 {	632 {

633 if (bExit) break;	633 if (bExit) break;

634	634

635 » » FX_WCHAR c = format.GetAt(i);» »	635 » » FX_WCHAR c = format.GetAt(i);

636 switch (c)	636 switch (c)

637 {	637 {

638 case ':':	638 case ':':

639 case '.':	639 case '.':

640 case '-':	640 case '-':

641 case '\\':	641 case '\\':

642 case '/':	642 case '/':

643 i++;	643 i++;

644 j++;	644 j++;

645 break;	645 break;

646 » » » »	646

647 case 'y':	647 case 'y':

648 case 'm':	648 case 'm':

649 case 'd':	649 case 'd':

650 case 'H':	650 case 'H':

651 case 'h':	651 case 'h':

652 case 'M':	652 case 'M':

653 case 's':	653 case 's':

654 case 't':	654 case 't':

655 {	655 {

656 int oldj = j;	656 int oldj = j;

657 » » » » » int nSkip = 0;	657 » » » » int nSkip = 0;

	658 int remaining = format.GetLength() - i - 1;
	jun_fang 2014/07/18 17:30:59 should alignment with the previous line? I saw it should alignment with the previous line? I saw it didn't align with the previous one when I checked the raw file. Tom Sepez 2014/07/18 18:00:04 I "untabified" the entire function. That should ma Show quoted text On 2014/07/18 17:30:59, jun_fang wrote: > should alignment with the previous line? I saw it didn't align with the previous > one when I checked the raw file. I "untabified" the entire function. That should make the aligmnent consistent regardless of tab settings.
658	659

659 » » » » » if (format.GetAt(i+1) != c)	660 » » » » » if (remaining < 1 \|\| format.GetAt(i+1) ! = c)
	jun_fang 2014/07/18 17:30:59 remaining == 1 rather than remaining < 1 for exam remaining == 1 rather than remaining < 1 for example: int remaining = format.GetLength() - i - 1; let's assume 'format.GetLength() = 1, i =0' the remaining is 0 can meet the if condition, but format.GetAt(1) is incorrect access. Tom Sepez 2014/07/18 18:00:04 No, its an "or", not an "and", so when remaining i Show quoted text On 2014/07/18 17:30:59, jun_fang wrote: > remaining == 1 rather than remaining < 1 > > for example: > int remaining = format.GetLength() - i - 1; > let's assume 'format.GetLength() = 1, i =0' > the remaining is 0 can meet the if condition, but format.GetAt(1) is incorrect > access. No, its an "or", not an "and", so when remaining is 0, 0 is < 1 and we short-circuit the evaluation of GetAt(i+1) and go directly to the switch, which doesn't depend upon the char at i+i.
660 {	661 {

661 switch (c)	662 switch (c)

662 {	663 {

663 case 'y':	664 case 'y':

664 i++;	665 i++;

665 j++;	666 j++;

666 break;	667 break;

667 case 'm':	668 case 'm':

668 nMonth = ParseSt ringInteger(value, j, nSkip, 2);	669 nMonth = ParseSt ringInteger(value, j, nSkip, 2);

669 i++;	670 i++;

(...skipping 18 matching lines...) Expand all Loading...
688 nMin = ParseStri ngInteger(value, j, nSkip, 2);	689 nMin = ParseStri ngInteger(value, j, nSkip, 2);

689 i++;	690 i++;

690 j += nSkip;	691 j += nSkip;

691 break;	692 break;

692 case 's':	693 case 's':

693 nSec = ParseStri ngInteger(value, j, nSkip, 2);	694 nSec = ParseStri ngInteger(value, j, nSkip, 2);

694 i++;	695 i++;

695 j += nSkip;	696 j += nSkip;

696 break;	697 break;

697 case 't':	698 case 't':

698 » » » » » » » » bPm = value.GetA t(i) == 'p';	699 bPm = (j < value .GetLength() && value.GetAt(j) == 'p');

699 i++;	700 i++;

700 j++;	701 j++;

701 break;	702 break;

702 » » » » » » }» » » » »	703 » » » » » » }

703 }	704 }

704 » » » » » else if (format.GetAt(i+1) == c && forma t.GetAt(i+2) != c)	705 » » » » » else if (remaining < 2 \|\| format.GetAt(i +2) != c)
	jun_fang 2014/07/18 17:30:59 remaining == 2 remaining == 2
705 {	706 {

706 switch (c)	707 switch (c)

707 {	708 {

708 case 'y':	709 case 'y':

709 nYear = ParseStr ingInteger(value, j, nSkip, 4);	710 nYear = ParseStr ingInteger(value, j, nSkip, 4);

710 i += 2;	711 i += 2;

711 j += nSkip;	712 j += nSkip;

712 break;	713 break;

713 case 'm':	714 case 'm':

714 nMonth = ParseSt ringInteger(value, j, nSkip, 2);	715 nMonth = ParseSt ringInteger(value, j, nSkip, 2);

(...skipping 19 matching lines...) Expand all Loading...
734 nMin = ParseStri ngInteger(value, j, nSkip, 2);	735 nMin = ParseStri ngInteger(value, j, nSkip, 2);

735 i += 2;	736 i += 2;

736 j += nSkip;	737 j += nSkip;

737 break;	738 break;

738 case 's':	739 case 's':

739 nSec = ParseStri ngInteger(value, j, nSkip, 2);	740 nSec = ParseStri ngInteger(value, j, nSkip, 2);

740 i += 2;	741 i += 2;

741 j += nSkip;	742 j += nSkip;

742 break;	743 break;

743 case 't':	744 case 't':

744 » » » » » » » » bPm = (value.Get At(j) == 'p' && value.GetAt(j+1) == 'm');	745 » » » » » » » » bPm = (j + 1 < v alue.GetLength() && value.GetAt(j) == 'p' && value.GetAt(j+1) == 'm');

745 i += 2;	746 i += 2;

746 j += 2;	747 j += 2;

747 break;	748 break;

748 }	749 }

749 }	750 }

750 » » » » » else if (format.GetAt(i+1) == c && forma t.GetAt(i+2) == c && format.GetAt(i+3) != c)	751 » » » » » else if (remaining < 3 \|\| format.GetAt(i +3) != c)
	jun_fang 2014/07/18 17:30:59 remaining == 3 remaining == 3
751 {	752 {

752 switch (c)	753 switch (c)

753 {	754 {

754 case 'm':	755 case 'm':

755 {	756 {

756 CFX_Wide String sMonth = ParseStringString(value, j, nSkip);	757 CFX_Wide String sMonth = ParseStringString(value, j, nSkip);

757 FX_BOOL bFind = FALSE;	758 FX_BOOL bFind = FALSE;

758 for (int m = 0; m < 12; m++)	759 for (int m = 0; m < 12; m++)

759 {	760 {

760 if (sMonth.CompareNoCase(months[m]) == 0)	761 if (sMonth.CompareNoCase(months[m]) == 0)

761 {	762 {

762 nMonth = m + 1;	763 nMonth = m + 1;

763 i+=3;	764 i+=3;

764 j+=nSkip;	765 j+=nSkip;

765 bFind = TRUE;	766 bFind = TRUE;

766 break;	767 break;

767 }	768 }

768 }	769 }

769 » » » » » » » » »	770

770 if (!bFi nd)	771 if (!bFi nd)

771 {	772 {

772 nMonth = ParseStringInteger(value, j, nSkip, 3);	773 nMonth = ParseStringInteger(value, j, nSkip, 3);

773 i+=3;	774 i+=3;

774 j += nSkip;	775 j += nSkip;

775 }	776 }

776 }	777 }

777 break;	778 break;

778 case 'y':	779 case 'y':

779 break;	780 break;

780 default:	781 default:

781 i+=3;	782 i+=3;

782 j+=3;	783 j+=3;

783 break;	784 break;

784 }	785 }

785 }	786 }

786 » » » » » else if (format.GetAt(i+1) == c && forma t.GetAt(i+2) == c && format.GetAt(i+3) == c && format.GetAt(i+4) != c)	787 » » » » » else if (remaining < 4 \|\| format.GetAt(i +4) != c)
	jun_fang 2014/07/18 17:30:59 remaining == 4 remaining == 4
787 {	788 {

788 switch (c)	789 switch (c)

789 {	790 {

790	791

791	792

792 case 'y':	793 case 'y':

793 nYear = ParseStr ingInteger(value, j, nSkip, 4);	794 nYear = ParseStr ingInteger(value, j, nSkip, 4);

794 j += nSkip;	795 j += nSkip;

795 i += 4;	796 i += 4;

796 break;	797 break;

(...skipping 11 matching lines...) Expand all Loading...
808	809

809 if (sFullMonths.Find(sMonth, 0) != -1)	810 if (sFullMonths.Find(sMonth, 0) != -1)

810 {	811 {

811 nMonth = m + 1;	812 nMonth = m + 1;

812 i += 4;	813 i += 4;

813 j += nSkip;	814 j += nSkip;

814 bFind = TRUE;	815 bFind = TRUE;

815 break;	816 break;

816 }	817 }

817 }	818 }

818 » » » » » » » » »	819

819 if (!bFi nd)	820 if (!bFi nd)

820 {	821 {

821 nMonth = ParseStringInteger(value, j, nSkip, 4);	822 nMonth = ParseStringInteger(value, j, nSkip, 4);

822 i+=4;	823 i+=4;

823 j += nSkip;	824 j += nSkip;

824 }	825 }

825 }	826 }

826 break;	827 break;

827 default:	828 default:

828 i += 4;	829 i += 4;

829 j += 4;	830 j += 4;

830 break;	831 break;

831 » » » » » » }» » » » »	832 » » » » » » }

832 }	833 }

833 else	834 else

834 {	835 {

835 » » » » » » if (format.GetAt(i) != value.Get At(j))	836 » » » » » » if (j >= value.GetLength() \|\| fo rmat.GetAt(i) != value.GetAt(j))

836 {	837 {

837 bWrongFormat = TRUE;	838 bWrongFormat = TRUE;

838 bExit = TRUE;	839 bExit = TRUE;

839 }	840 }

840 i++;	841 i++;

841 j++;	842 j++;

842 }	843 }

843 » » » » »	844

844 if (oldj == j)	845 if (oldj == j)

845 {	846 {

846 bWrongFormat = TRUE;	847 bWrongFormat = TRUE;

847 bExit = TRUE;	848 bExit = TRUE;

848 }	849 }

849 }	850 }

850	851

851 » » » » break;» » »	852 » » » » break;

852 default:	853 default:

853 if (value.GetLength() <= j)	854 if (value.GetLength() <= j)

854 {	855 {

855 bExit = TRUE;	856 bExit = TRUE;

856 }	857 }

857 else if (format.GetAt(i) != value.GetAt(j))	858 else if (format.GetAt(i) != value.GetAt(j))

858 {	859 {

859 bWrongFormat = TRUE;	860 bWrongFormat = TRUE;

860 bExit = TRUE;	861 bExit = TRUE;

861 }	862 }

862	863

863 i++;	864 i++;

864 j++;	865 j++;

865 break;	866 break;

866 » » }» »	867 » » }

867 }	868 }

868	869

869 if (bPm) nHour += 12;	870 if (bPm) nHour += 12;

870	871

871 if (nYear >= 0 && nYear <= nYearSub)	872 if (nYear >= 0 && nYear <= nYearSub)

872 nYear += 2000;	873 nYear += 2000;

873	874

874 if (nMonth < 1 \|\| nMonth > 12)	875 if (nMonth < 1 \|\| nMonth > 12)

875 bWrongFormat = TRUE;	876 bWrongFormat = TRUE;

876	877

(...skipping 1449 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2326 nums.SetElement(nIndex,CJS_Value(isolate,(FX_LPCWSTR)sPart));	2327 nums.SetElement(nIndex,CJS_Value(isolate,(FX_LPCWSTR)sPart));

2327 }	2328 }

2328	2329

2329 if (nums.GetLength() > 0)	2330 if (nums.GetLength() > 0)

2330 vRet = nums;	2331 vRet = nums;

2331 else	2332 else

2332 vRet.SetNull();	2333 vRet.SetNull();

2333	2334

2334 return TRUE;	2335 return TRUE;

2335 }	2336 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »