Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(403)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcrt/extension.h

Issue 419063002: Fix the potential integer overflow from 'offset+size' in extension.h and fpdfview.cpp (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | fpdfsdk/src/fpdfview.cpp » ('j') | fpdfsdk/src/fpdfview.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #ifndef _FXCRT_EXTENSION_IMP_ 7 #ifndef _FXCRT_EXTENSION_IMP_
8 #define _FXCRT_EXTENSION_IMP_ 8 #define _FXCRT_EXTENSION_IMP_
9 9
10 #include "../../../third_party/numerics/safe_math.h" 10 #include "../../../third_party/numerics/safe_math.h"
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 virtual FX_FILESIZE GetPosition() 61 virtual FX_FILESIZE GetPosition()
62 { 62 {
63 FX_FILESIZE pos = m_pFile->GetPosition(); 63 FX_FILESIZE pos = m_pFile->GetPosition();
64 if (m_bUseRange) { 64 if (m_bUseRange) {
65 pos -= m_nOffset; 65 pos -= m_nOffset;
66 } 66 }
67 return pos; 67 return pos;
68 } 68 }
69 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size) 69 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size)
70 { 70 {
71 if (offset < 0 || offset + size > m_pFile->GetSize()) { 71 base::CheckedNumeric<FX_FILESIZE> pos = size;
palmer 2014/07/25 00:40:14 Putting something like this: typedef base::Ch
jun_fang 2014/07/25 01:04:00 Good idea.
72 pos += offset;
73
74 if (!pos.IsValid() || offset < 0 || size < 0 || pos.ValueOrDie() >= m_pF ile->GetSize()) {
72 return FALSE; 75 return FALSE;
73 } 76 }
77
74 m_nOffset = offset, m_nSize = size; 78 m_nOffset = offset, m_nSize = size;
75 m_bUseRange = TRUE; 79 m_bUseRange = TRUE;
76 m_pFile->SetPosition(m_nOffset); 80 m_pFile->SetPosition(m_nOffset);
77 return TRUE; 81 return TRUE;
78 } 82 }
79 virtual void ClearRange() 83 virtual void ClearRange()
80 { 84 {
81 m_bUseRange = FALSE; 85 m_bUseRange = FALSE;
82 } 86 }
83 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size) 87 virtual FX_BOOL ReadBlock(void* buffer, FX_FILES IZE offset, size_t size)
84 { 88 {
89 base::CheckedNumeric<FX_FILESIZE> pos = offset;
90
85 if (m_bUseRange) { 91 if (m_bUseRange) {
86 if (offset + size > (size_t)GetSize()) { 92 pos += m_nOffset;
93 if (!pos.IsValid() || pos.ValueOrDie() >= (size_t)GetSize()) {
87 return FALSE; 94 return FALSE;
88 } 95 }
89 offset += m_nOffset;
90 } 96 }
91 return (FX_BOOL)m_pFile->ReadPos(buffer, size, offset); 97 return (FX_BOOL)m_pFile->ReadPos(buffer, size, pos.ValueOrDie());
92 } 98 }
93 virtual size_t ReadBlock(void* buffer, size_t s ize) 99 virtual size_t ReadBlock(void* buffer, size_t s ize)
94 { 100 {
95 if (m_bUseRange) { 101 if (m_bUseRange) {
96 FX_FILESIZE availSize = m_nOffset + m_nSize - m_pFile->GetPosition() ; 102 FX_FILESIZE availSize = m_nOffset + m_nSize - m_pFile->GetPosition() ;
97 if ((size_t)availSize < size) { 103 if ((size_t)availSize < size) {
98 size -= size - (size_t)availSize; 104 size -= size - (size_t)availSize;
99 } 105 }
100 } 106 }
101 return m_pFile->Read(buffer, size); 107 return m_pFile->Read(buffer, size);
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
178 { 184 {
179 FX_FILESIZE pos = (FX_FILESIZE)m_nCurPos; 185 FX_FILESIZE pos = (FX_FILESIZE)m_nCurPos;
180 if (m_bUseRange) { 186 if (m_bUseRange) {
181 pos -= (FX_FILESIZE)m_nOffset; 187 pos -= (FX_FILESIZE)m_nOffset;
182 } 188 }
183 return pos; 189 return pos;
184 } 190 }
185 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size) 191 virtual FX_BOOL SetRange(FX_FILESIZE offset, FX_ FILESIZE size)
186 { 192 {
187 base::CheckedNumeric<FX_FILESIZE> range = size; 193 base::CheckedNumeric<FX_FILESIZE> range = size;
188 range += size; 194 range += offset;
189 195 if (!range.IsValid() || offset <= 0 || size <= 0 || range.ValueOrDie() > = m_nCurSize) {
190 if (!range.IsValid() || offset <= 0 || size <= 0 || range.ValueOrDie() > m_nCurSize) {
191 return FALSE; 196 return FALSE;
192 } 197 }
193 198
194 m_nOffset = (size_t)offset, m_nSize = (size_t)size; 199 m_nOffset = (size_t)offset, m_nSize = (size_t)size;
195 m_bUseRange = TRUE; 200 m_bUseRange = TRUE;
196 m_nCurPos = m_nOffset; 201 m_nCurPos = m_nOffset;
197 return TRUE; 202 return TRUE;
198 } 203 }
199 virtual void ClearRange() 204 virtual void ClearRange()
200 { 205 {
(...skipping 11 matching lines...) Expand all
212 } 217 }
213 218
214 if (!safeOffset.IsValid()) { 219 if (!safeOffset.IsValid()) {
215 return FALSE; 220 return FALSE;
216 } 221 }
217 222
218 offset = safeOffset.ValueOrDie(); 223 offset = safeOffset.ValueOrDie();
219 224
220 base::CheckedNumeric<size_t> newPos = size; 225 base::CheckedNumeric<size_t> newPos = size;
221 newPos += offset; 226 newPos += offset;
222 if (!newPos.IsValid() || newPos.ValueOrDefault(0) == 0 || newPos.ValueOr Die() > m_nCurSize) { 227 if (!newPos.IsValid() || newPos.ValueOrDefault(0) == 0 || newPos.ValueOr Die() >= m_nCurSize) {
223 return FALSE; 228 return FALSE;
224 } 229 }
225 230
226 m_nCurPos = newPos.ValueOrDie(); 231 m_nCurPos = newPos.ValueOrDie();
227 if (m_dwFlags & FX_MEMSTREAM_Consecutive) { 232 if (m_dwFlags & FX_MEMSTREAM_Consecutive) {
228 FXSYS_memcpy32(buffer, (FX_LPBYTE)m_Blocks[0] + (size_t)offset, size ); 233 FXSYS_memcpy32(buffer, (FX_LPBYTE)m_Blocks[0] + (size_t)offset, size );
229 return TRUE; 234 return TRUE;
230 } 235 }
231 size_t nStartBlock = (size_t)offset / m_nGrowSize; 236 size_t nStartBlock = (size_t)offset / m_nGrowSize;
232 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize); 237 offset -= (FX_FILESIZE)(nStartBlock * m_nGrowSize);
(...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after
419 FX_DWORD mt[MT_N]; 424 FX_DWORD mt[MT_N];
420 } FX_MTRANDOMCONTEXT, * FX_LPMTRANDOMCONTEXT; 425 } FX_MTRANDOMCONTEXT, * FX_LPMTRANDOMCONTEXT;
421 typedef FX_MTRANDOMCONTEXT const * FX_LPCMTRANDOMCONTEXT; 426 typedef FX_MTRANDOMCONTEXT const * FX_LPCMTRANDOMCONTEXT;
422 #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_ 427 #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
423 FX_BOOL FX_GenerateCryptoRandom(FX_LPDWORD pBuffer, FX_INT32 iCount); 428 FX_BOOL FX_GenerateCryptoRandom(FX_LPDWORD pBuffer, FX_INT32 iCount);
424 #endif 429 #endif
425 #ifdef __cplusplus 430 #ifdef __cplusplus
426 } 431 }
427 #endif 432 #endif
428 #endif 433 #endif
OLDNEW
« no previous file with comments | « no previous file | fpdfsdk/src/fpdfview.cpp » ('j') | fpdfsdk/src/fpdfview.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698