Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(333)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcrt/extension.h

Issue 419063002: Fix the potential integer overflow from 'offset+size' in extension.h and fpdfview.cpp (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« core/include/fxcrt/fx_system.h ('K') | « core/include/fxcrt/fx_system.h ('k') | fpdfsdk/src/fpdfview.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #ifndef _FXCRT_EXTENSION_IMP_ 7 #ifndef _FXCRT_EXTENSION_IMP_
8 #define _FXCRT_EXTENSION_IMP_ 8 #define _FXCRT_EXTENSION_IMP_
9 9
10 #include "../../../third_party/numerics/safe_math.h"
11
12 class IFXCRT_FileAccess 10 class IFXCRT_FileAccess
13 { 11 {
14 public: 12 public:
15 virtual ~IFXCRT_FileAccess() {} 13 virtual ~IFXCRT_FileAccess() {}
16 virtual FX_BOOL Open(FX_BSTR fileName, FX_DWORD dwMode) = 0; 14 virtual FX_BOOL Open(FX_BSTR fileName, FX_DWORD dwMode) = 0;
17 virtual FX_BOOL Open(FX_WSTR fileName, FX_DWORD dwMode) = 0; 15 virtual FX_BOOL Open(FX_WSTR fileName, FX_DWORD dwMode) = 0;
18 virtual void Close() = 0; 16 virtual void Close() = 0;
19 virtual void Release() = 0; 17 virtual void Release() = 0;
20 virtual FX_FILESIZE GetSize() const = 0; 18 virtual FX_FILESIZE GetSize() const = 0;
21 virtual FX_FILESIZE GetPosition() const = 0; 19 virtual FX_FILESIZE GetPosition() const = 0;
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 virtual FX_FILESIZE GetPosition() 59 virtual FX_FILESIZE GetPosition()
62 { 60 {
63 FX_FILESIZE pos = m_pFile->GetPosition(); 61 FX_FILESIZE pos = m_pFile->GetPosition();
64 if (m_bUseRange) { 62 if (m_bUseRange) {
65 pos -= m_nOffset; 63 pos -= m_nOffset;
66 } 64 }
67 return pos; 65 return pos;
68 } 66 }
69 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size) 67 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size)
70 { 68 {
71 if (offset < 0 || offset + size > m_pFile->GetSize()) { 69 if (offset < 0 || size < 0) {
72 return FALSE; 70 return FALSE;
73 } 71 }
72
73 FX_SAFE_FILESIZE pos = size;
74 pos += offset;
75
76 if (!pos.IsValid() || pos.ValueOrDie() >= m_pFile->GetSize()) {
77 return FALSE;
78 }
79
74 m_nOffset = offset, m_nSize = size; 80 m_nOffset = offset, m_nSize = size;
75 m_bUseRange = TRUE; 81 m_bUseRange = TRUE;
76 m_pFile->SetPosition(m_nOffset); 82 m_pFile->SetPosition(m_nOffset);
77 return TRUE; 83 return TRUE;
78 } 84 }
79 virtual void ClearRange() 85 virtual void ClearRange()
80 { 86 {
81 m_bUseRange = FALSE; 87 m_bUseRange = FALSE;
82 } 88 }
83 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size) 89 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size)
84 { 90 {
91 if (m_bUseRange && offset < 0) {
92 return FALSE;
93 }
94 FX_SAFE_FILESIZE pos = offset;
95
85 if (m_bUseRange) { 96 if (m_bUseRange) {
86 if (offset + size > (size_t)GetSize()) { 97 pos += m_nOffset;
98 if (!pos.IsValid() || pos.ValueOrDie() >= (size_t)GetSize()) {
87 return FALSE; 99 return FALSE;
88 } 100 }
89 offset += m_nOffset;
90 } 101 }
91 return (FX_BOOL)m_pFile->ReadPos(buffer, size, offset); 102 return (FX_BOOL)m_pFile->ReadPos(buffer, size, pos.ValueOrDie());
92 } 103 }
93 virtual size_t ReadBlock(void* buffer, size_t s ize) 104 virtual size_t ReadBlock(void* buffer, size_t s ize)
94 { 105 {
95 if (m_bUseRange) { 106 if (m_bUseRange) {
96 FX_FILESIZE availSize = m_nOffset + m_nSize - m_pFile->GetPosition() ; 107 FX_FILESIZE availSize = m_nOffset + m_nSize - m_pFile->GetPosition() ;
97 if ((size_t)availSize < size) { 108 if ((size_t)availSize < size) {
98 size -= size - (size_t)availSize; 109 size -= size - (size_t)availSize;
99 } 110 }
100 } 111 }
101 return m_pFile->Read(buffer, size); 112 return m_pFile->Read(buffer, size);
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
177 virtual FX_FILESIZE GetPosition() 188 virtual FX_FILESIZE GetPosition()
178 { 189 {
179 FX_FILESIZE pos = (FX_FILESIZE)m_nCurPos; 190 FX_FILESIZE pos = (FX_FILESIZE)m_nCurPos;
180 if (m_bUseRange) { 191 if (m_bUseRange) {
181 pos -= (FX_FILESIZE)m_nOffset; 192 pos -= (FX_FILESIZE)m_nOffset;
182 } 193 }
183 return pos; 194 return pos;
184 } 195 }
185 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size) 196 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size)
186 { 197 {
187 base::CheckedNumeric<FX_FILESIZE> range = size; 198 if (offset < 0 || size < 0) {
188 range += size; 199 return FALSE;
189 200 }
190 if (!range.IsValid() || offset <= 0 || size <= 0 || range.ValueOrDie() > m_nCurSize) { 201 FX_SAFE_FILESIZE range = size;
202 range += offset;
203 if (!range.IsValid() || range.ValueOrDie() >= m_nCurSize) {
191 return FALSE; 204 return FALSE;
192 } 205 }
193 206
194 m_nOffset = (size_t)offset, m_nSize = (size_t)size; 207 m_nOffset = (size_t)offset, m_nSize = (size_t)size;
195 m_bUseRange = TRUE; 208 m_bUseRange = TRUE;
196 m_nCurPos = m_nOffset; 209 m_nCurPos = m_nOffset;
197 return TRUE; 210 return TRUE;
198 } 211 }
199 virtual void ClearRange() 212 virtual void ClearRange()
200 { 213 {
201 m_bUseRange = FALSE; 214 m_bUseRange = FALSE;
202 } 215 }
203 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size) 216 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size)
204 { 217 {
205 if (!buffer || !size) { 218 if (!buffer || !size) {
206 return FALSE; 219 return FALSE;
207 } 220 }
208 221
209 base::CheckedNumeric<FX_FILESIZE> safeOffset = offset; 222 FX_SAFE_FILESIZE safeOffset = offset;
210 if (m_bUseRange) { 223 if (m_bUseRange) {
211 safeOffset += m_nOffset; 224 safeOffset += m_nOffset;
212 } 225 }
213 226
214 if (!safeOffset.IsValid()) { 227 if (!safeOffset.IsValid()) {
215 return FALSE; 228 return FALSE;
216 } 229 }
217 230
218 offset = safeOffset.ValueOrDie(); 231 offset = safeOffset.ValueOrDie();
219 232
220 base::CheckedNumeric<size_t> newPos = size; 233 FX_SAFE_SIZET newPos = size;
221 newPos += offset; 234 newPos += offset;
222 if (!newPos.IsValid() || newPos.ValueOrDefault(0) == 0 || newPos.ValueOr Die() > m_nCurSize) { 235 if (!newPos.IsValid() || newPos.ValueOrDefault(0) == 0 || newPos.ValueOr Die() >= m_nCurSize) {
223 return FALSE; 236 return FALSE;
224 } 237 }
225 238
226 m_nCurPos = newPos.ValueOrDie(); 239 m_nCurPos = newPos.ValueOrDie();
227 if (m_dwFlags & FX_MEMSTREAM_Consecutive) { 240 if (m_dwFlags & FX_MEMSTREAM_Consecutive) {
228 FXSYS_memcpy32(buffer, (FX_LPBYTE)m_Blocks[0] + (size_t)offset, size ); 241 FXSYS_memcpy32(buffer, (FX_LPBYTE)m_Blocks[0] + (size_t)offset, size );
229 return TRUE; 242 return TRUE;
230 } 243 }
231 size_t nStartBlock = (size_t)offset / m_nGrowSize; 244 size_t nStartBlock = (size_t)offset / m_nGrowSize;
232 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize); 245 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize);
(...skipping 29 matching lines...) Expand all
262 } 275 }
263 virtual FX_BOOL WriteBlock(const void* buffer, F X_FILESIZE offset, size_t size) 276 virtual FX_BOOL WriteBlock(const void* buffer, F X_FILESIZE offset, size_t size)
264 { 277 {
265 if (!buffer || !size) { 278 if (!buffer || !size) {
266 return FALSE; 279 return FALSE;
267 } 280 }
268 if (m_bUseRange) { 281 if (m_bUseRange) {
269 offset += (FX_FILESIZE)m_nOffset; 282 offset += (FX_FILESIZE)m_nOffset;
270 } 283 }
271 if (m_dwFlags & FX_MEMSTREAM_Consecutive) { 284 if (m_dwFlags & FX_MEMSTREAM_Consecutive) {
272 base::CheckedNumeric<size_t> newPos = size; 285 FX_SAFE_SIZET newPos = size;
273 newPos += offset; 286 newPos += offset;
274 if (!newPos.IsValid()) 287 if (!newPos.IsValid())
275 return FALSE; 288 return FALSE;
276 289
277 m_nCurPos = newPos.ValueOrDie(); 290 m_nCurPos = newPos.ValueOrDie();
278 if (m_nCurPos > m_nTotalSize) { 291 if (m_nCurPos > m_nTotalSize) {
279 m_nTotalSize = (m_nCurPos + m_nGrowSize - 1) / m_nGrowSize * m_n GrowSize; 292 m_nTotalSize = (m_nCurPos + m_nGrowSize - 1) / m_nGrowSize * m_n GrowSize;
280 if (m_Blocks.GetSize() < 1) { 293 if (m_Blocks.GetSize() < 1) {
281 void* block = FX_Alloc(FX_BYTE, m_nTotalSize); 294 void* block = FX_Alloc(FX_BYTE, m_nTotalSize);
282 m_Blocks.Add(block); 295 m_Blocks.Add(block);
283 } else { 296 } else {
284 m_Blocks[0] = FX_Realloc(FX_BYTE, m_Blocks[0], m_nTotalSize) ; 297 m_Blocks[0] = FX_Realloc(FX_BYTE, m_Blocks[0], m_nTotalSize) ;
285 } 298 }
286 if (!m_Blocks[0]) { 299 if (!m_Blocks[0]) {
287 m_Blocks.RemoveAll(); 300 m_Blocks.RemoveAll();
288 return FALSE; 301 return FALSE;
289 } 302 }
290 } 303 }
291 FXSYS_memcpy32((FX_LPBYTE)m_Blocks[0] + (size_t)offset, buffer, size ); 304 FXSYS_memcpy32((FX_LPBYTE)m_Blocks[0] + (size_t)offset, buffer, size );
292 if (m_nCurSize < m_nCurPos) { 305 if (m_nCurSize < m_nCurPos) {
293 m_nCurSize = m_nCurPos; 306 m_nCurSize = m_nCurPos;
294 } 307 }
295 return TRUE; 308 return TRUE;
296 } 309 }
297 310
298 base::CheckedNumeric<size_t> newPos = size; 311 FX_SAFE_SIZET newPos = size;
299 newPos += offset; 312 newPos += offset;
300 if (!newPos.IsValid()) 313 if (!newPos.IsValid()) {
301 return FALSE; 314 return FALSE;
315 }
302 316
303 if (!ExpandBlocks(newPos.ValueOrDie())) { 317 if (!ExpandBlocks(newPos.ValueOrDie())) {
304 return FALSE; 318 return FALSE;
305 } 319 }
306 m_nCurPos = newPos.ValueOrDie(); 320 m_nCurPos = newPos.ValueOrDie();
307 size_t nStartBlock = (size_t)offset / m_nGrowSize; 321 size_t nStartBlock = (size_t)offset / m_nGrowSize;
308 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize); 322 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize);
309 while (size) { 323 while (size) {
310 size_t nWrite = m_nGrowSize - (size_t)offset; 324 size_t nWrite = m_nGrowSize - (size_t)offset;
311 if (nWrite > size) { 325 if (nWrite > size) {
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
419 FX_DWORD mt[MT_N]; 433 FX_DWORD mt[MT_N];
420 } FX_MTRANDOMCONTEXT, * FX_LPMTRANDOMCONTEXT; 434 } FX_MTRANDOMCONTEXT, * FX_LPMTRANDOMCONTEXT;
421 typedef FX_MTRANDOMCONTEXT const * FX_LPCMTRANDOMCONTEXT; 435 typedef FX_MTRANDOMCONTEXT const * FX_LPCMTRANDOMCONTEXT;
422 #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ 436 #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
423 FX_BOOL FX_GenerateCryptoRandom(FX_LPDWORD pBuffer, FX_INT32 iCount); 437 FX_BOOL FX_GenerateCryptoRandom(FX_LPDWORD pBuffer, FX_INT32 iCount);
424 #endif 438 #endif
425 #ifdef __cplusplus 439 #ifdef __cplusplus
426 } 440 }
427 #endif 441 #endif
428 #endif 442 #endif
OLDNEW
« core/include/fxcrt/fx_system.h ('K') | « core/include/fxcrt/fx_system.h ('k') | fpdfsdk/src/fpdfview.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698