Google Git
Sign in
pdfium / pdfium / refs/heads/chromium/6131^! / .
commit8b1177f2d4254d522f2258bebf6b5ea98a84c129[log] [tgz]
authorLei Zhang <thestig@chromium.org>Wed Nov 15 01:19:40 2023 +0000
committerPdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Nov 15 01:19:40 2023 +0000
treef30f50c418594aabceae7645db9ce163616af1b7
parent5636e90a899fdf710ea2e134251bd7d590b12cd1 [diff]
Fix undefined behavior in FXSYS_wcsnicmp()

Bug: chromium:1501296
Change-Id: Icfda6a9a4cbc052dcab3243ae1959e54a19afe31
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/113513
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>

diff --git a/core/fxcrt/fx_extension.cpp b/core/fxcrt/fx_extension.cpp
index dc312f0..bc8fc26 100644
--- a/core/fxcrt/fx_extension.cpp
+++ b/core/fxcrt/fx_extension.cpp

@@ -129,14 +129,14 @@
   DCHECK(s2);
   DCHECK(count > 0);
 
-  wchar_t wch1 = 0, wch2 = 0;
   while (count-- > 0) {
-    wch1 = static_cast<wchar_t>(FXSYS_towlower(*s1++));
-    wch2 = static_cast<wchar_t>(FXSYS_towlower(*s2++));
-    if (wch1 != wch2)
-      break;
+    wchar_t wch1 = static_cast<wchar_t>(FXSYS_towlower(*s1++));
+    wchar_t wch2 = static_cast<wchar_t>(FXSYS_towlower(*s2++));
+    if (wch1 != wch2) {
+      return wch1 > wch2 ? 1 : -1;
+    }
   }
-  return wch1 - wch2;
+  return 0;
 }
 
 void FXSYS_IntToTwoHexChars(uint8_t n, char* buf) {

diff --git a/core/fxcrt/fx_extension_unittest.cpp b/core/fxcrt/fx_extension_unittest.cpp
index 49a013b..924d8ce 100644
--- a/core/fxcrt/fx_extension_unittest.cpp
+++ b/core/fxcrt/fx_extension_unittest.cpp

@@ -5,6 +5,7 @@
 #include "core/fxcrt/fx_extension.h"
 
 #include <math.h>
+#include <stdint.h>
 
 #include <iterator>
 #include <limits>
@@ -203,6 +204,18 @@
   EXPECT_EQ(FXSYS_wcsnicmp(L"foO", L"Foo", 3), 0);
   EXPECT_EQ(FXSYS_wcsnicmp(L"food", L"FOOT", 3), 0);
   EXPECT_LT(FXSYS_wcsnicmp(L"food", L"FOOT", 4), 0);
+
+  const wchar_t kMax16bitSigned[] = {
+      static_cast<wchar_t>(std::numeric_limits<int16_t>::max()), 0};
+  EXPECT_GT(FXSYS_wcsnicmp(kMax16bitSigned, L"f", 1), 0);
+  const wchar_t kMax16bitUnsigned[] = {
+      static_cast<wchar_t>(std::numeric_limits<uint16_t>::max()), 0};
+  EXPECT_GT(FXSYS_wcsnicmp(kMax16bitUnsigned, L"f", 1), 0);
+
+#if defined(WCHAR_T_IS_32_BIT)
+  const wchar_t kMaxUnicode[] = {static_cast<wchar_t>(0x10ffff), 0};
+  EXPECT_GT(FXSYS_wcsnicmp(kMaxUnicode, L"f", 1), 0);
+#endif
 }
 
 TEST(fxcrt, FXSYS_SafeOps) {