Google Git
Sign in
pdfium/pdfium.git/9ee2baba3fee64efecdb66770d590ea813ce2bc6^!/.
commit
9ee2baba3fee64efecdb66770d590ea813ce2bc6
[log]
author
Tom Sepez <tsepez@chromium.org>
Tue Jun 17 09:03:22 2025 -0700
committer
Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com>
Tue Jun 17 09:03:22 2025 -0700
tree
3b72eba522d6376062b7384186da1b565b9299b5
parent
a4646686ab9486809befa1570e0f6849dfa57d48 [diff]
Convert UNSAFE_TODO() to UNSAFE_BUFFERS() at API point.

Updates TestAsyncLoader.

We need to trust the caller across a public API, so move the unsafe
conversion right up against it, and use spans further down.

Change-Id: Ida01dbba15064ee36c4e4435bedae1c831232244
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/133293
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>

diff --git a/fpdfsdk/fpdf_dataavail_embeddertest.cpp b/fpdfsdk/fpdf_dataavail_embeddertest.cpp
index 834ec53..12c6a65 100644
--- a/fpdfsdk/fpdf_dataavail_embeddertest.cpp
+++ b/fpdfsdk/fpdf_dataavail_embeddertest.cpp

@@ -107,18 +107,16 @@
     return available_ranges_.Contains(RangeSet::Range(start, start + size));
   }
 
-  int GetBlockImpl(unsigned long pos, unsigned char* pBuf, unsigned long size) {
-    if (!IsDataAvailImpl(pos, size)) {
+  int GetBlockImpl(size_t pos, pdfium::span<unsigned char> buf) {
+    if (!IsDataAvailImpl(pos, buf.size())) {
       return 0;
     }
-    const unsigned long end = std::min(
-        pdfium::checked_cast<unsigned long>(file_contents_.size()), pos + size);
+    const size_t end = std::min(file_contents_.size(), buf.size() + pos);
     if (end <= pos) {
       return 0;
     }
-    const unsigned long bytes_to_copy = end - pos;
-    fxcrt::Copy(file_contents().subspan(pos, bytes_to_copy),
-                UNSAFE_TODO(pdfium::span(pBuf, size)));
+    const size_t bytes_to_copy = end - pos;
+    fxcrt::Copy(file_contents().subspan(pos, bytes_to_copy), buf);
     SetDataAvailable(pos, bytes_to_copy);
     return static_cast<int>(bytes_to_copy);
   }
@@ -143,7 +141,9 @@
                        unsigned long pos,
                        unsigned char* pBuf,
                        unsigned long size) {
-    return static_cast<TestAsyncLoader*>(param)->GetBlockImpl(pos, pBuf, size);
+    // SAFETY: required from caller across public API.
+    return static_cast<TestAsyncLoader*>(param)->GetBlockImpl(
+        pos, UNSAFE_BUFFERS(pdfium::span(pBuf, size)));
   }
 
   static void SAddSegment(FX_DOWNLOADHINTS* pThis, size_t offset, size_t size) {