Improve parameter validation for AFPercent_Format(). - Allow extra parameters. - Check for negative parameter values. Change-Id: I2ca962ac2372a7d0e2d002a95d15a87f5c701931 Reviewed-on: https://pdfium-review.googlesource.com/c/51013 Reviewed-by: Wei Li <weili@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>

commit: 7853b2e32350c82384e6417c071a18e549baa818 [log] [tgz]
author: Lei Zhang <thestig@chromium.org> Sat Feb 23 01:03:40 2019 +0000
committer: Chromium commit bot <commit-bot@chromium.org> Sat Feb 23 01:03:40 2019 +0000
tree: d7f1fd7f76ddd58d45ea8696d5b8e40255f2d1bc
parent: 36e541ccbf9f30b0ae2604bd0ac4b3bd9e853d6b [diff]
diff --git a/fxjs/cjs_publicmethods.cpp b/fxjs/cjs_publicmethods.cpp
index 4743739..1811321 100644
--- a/fxjs/cjs_publicmethods.cpp
+++ b/fxjs/cjs_publicmethods.cpp

@@ -775,7 +775,7 @@
     CJS_Runtime* pRuntime,
     const std::vector<v8::Local<v8::Value>>& params) {
 #if _FX_OS_ != _FX_OS_ANDROID_
-  if (params.size() != 2)
+  if (params.size() < 2)
     return CJS_Result::Failure(JSMessage::kParamError);
 
   CJS_EventHandler* pEvent =
@@ -788,8 +788,15 @@
   if (strValue.IsEmpty())
     return CJS_Result::Success();
 
-  int iDec = abs(pRuntime->ToInt32(params[0]));
-  int iSepStyle = ValidStyleOrZero(pRuntime->ToInt32(params[1]));
+  // Acrobat will accept this. Anything larger causes it to throw an error.
+  static constexpr int kMaxSepStyle = 49;
+
+  int iDec = pRuntime->ToInt32(params[0]);
+  int iSepStyle = pRuntime->ToInt32(params[1]);
+  if (iDec < 0 || iSepStyle < 0 || iSepStyle > kMaxSepStyle)
+    return CJS_Result::Failure(JSMessage::kValueError);
+
+  iSepStyle = ValidStyleOrZero(iSepStyle);
 
   // for processing decimal places
   double dValue = atof(strValue.c_str());

diff --git a/testing/resources/javascript/public_methods_expected.txt b/testing/resources/javascript/public_methods_expected.txt
index d4b8821..269d1da 100644
--- a/testing/resources/javascript/public_methods_expected.txt
+++ b/testing/resources/javascript/public_methods_expected.txt

@@ -59,23 +59,23 @@
 Alert: **********************
 Alert: PASS: AFPercent_Format() threw AFPercent_Format: Incorrect number of parameters passed to function.
 Alert: PASS: AFPercent_Format(0) threw AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: ERROR: AFPercent_Format: Incorrect number of parameters passed to function.
-Alert: FAIL: AFPercent_Format(-3, 0) = undefined, expected to throw
-Alert: FAIL: AFPercent_Format(-3, 1) = undefined, expected to throw
-Alert: FAIL: AFPercent_Format(-1, 3) = undefined, expected to throw
-Alert: FAIL: AFPercent_Format(0, -3) = undefined, expected to throw
-Alert: FAIL: AFPercent_Format(0, -1) = undefined, expected to throw
-Alert: FAIL: AFPercent_Format(0, 50) = undefined, expected to throw
-Alert: FAIL: AFPercent_Format(0, 51) = undefined, expected to throw
+Alert: PASS: AFPercent_Format(1, 0, 0) = -512.3%
+Alert: PASS: AFPercent_Format(1, 0, 0, 0) = -512.3%
+Alert: PASS: AFPercent_Format(1, 0, 0, 0, 0) = -512.3%
+Alert: PASS: AFPercent_Format(1, 0, 0, 0, 0, 0) = -512.3%
+Alert: PASS: AFPercent_Format(1, 0, 0) = -512.3%
+Alert: FAIL: AFPercent_Format(1, 0, 1) = -512.3%, expected %-512.3 
+Alert: FAIL: AFPercent_Format(1, 0, 2) = -512.3%, expected %-512.3 
+Alert: FAIL: AFPercent_Format(10, 0, 0) = , expected 0.0000000000% 
+Alert: FAIL: AFPercent_Format(10, 0, 1) = , expected %0.0000000000 
+Alert: FAIL: AFPercent_Format(10, 0, 2) = , expected %0.0000000000 
+Alert: PASS: AFPercent_Format(-3, 0) threw AFPercent_Format: Incorrect parameter value.
+Alert: PASS: AFPercent_Format(-3, 1) threw AFPercent_Format: Incorrect parameter value.
+Alert: PASS: AFPercent_Format(-1, 3) threw AFPercent_Format: Incorrect parameter value.
+Alert: PASS: AFPercent_Format(0, -3) threw AFPercent_Format: Incorrect parameter value.
+Alert: PASS: AFPercent_Format(0, -1) threw AFPercent_Format: Incorrect parameter value.
+Alert: PASS: AFPercent_Format(0, 50) threw AFPercent_Format: Incorrect parameter value.
+Alert: PASS: AFPercent_Format(0, 51) threw AFPercent_Format: Incorrect parameter value.
 Alert: FAIL: AFPercent_Format(1, 0) = , expected 0.0% 
 Alert: FAIL: AFPercent_Format(1, 1) = , expected 0.0% 
 Alert: FAIL: AFPercent_Format(1, 2) = , expected 0,0%
commit	7853b2e32350c82384e6417c071a18e549baa818	[log] [tgz]
author	Lei Zhang <thestig@chromium.org>	Sat Feb 23 01:03:40 2019 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	Sat Feb 23 01:03:40 2019 +0000
tree	d7f1fd7f76ddd58d45ea8696d5b8e40255f2d1bc
parent	36e541ccbf9f30b0ae2604bd0ac4b3bd9e853d6b [diff]