commit fd032dc515fff664bc3214864bba09364b52b351
author Tom Sepez <tsepez@chromium.org> Wed May 08 18:46:37 2024 +0000
committer Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed May 08 18:46:37 2024 +0000
tree 83135ff9b27174c86aa1f0879b4e2f182025b8eb
parent 835353a1b17f3861b9b9a8075254171fe5635413

Mass convert memmove() to FXSYS_memmove().

Then ban all equivalent C RTL functions via a PRESUBMIT check.

The FXSYS_ form requires callers to specify UNSAFE_BUFFERS(). Most
affected files are already have suppresssion #pragmas.

Change-Id: I47d1a74f4eb7b1daa5fa922919326a52b03c98fb
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/118391
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Thomas Sepez <tsepez@google.com>

PRESUBMIT.py

diff --git a/PRESUBMIT.py b/PRESUBMIT.py
index 9bce21d..58cc45e 100644
--- a/PRESUBMIT.py
+++ b/PRESUBMIT.py
@@ -63,7 +63,7 @@
         [_THIRD_PARTY],
     ),
     (
-        r'/v8::Isolate::(?:|Try)GetCurrent()',
+        r'/v8::Isolate::(?:|Try)GetCurrent\(\)',
         (
             'v8::Isolate::GetCurrent() and v8::Isolate::TryGetCurrent() are',
             'banned. Hold a pointer to the v8::Isolate that was entered. Use',
@@ -73,6 +73,30 @@
         True,
         (),
     ),
+    (
+        r'/\bmemcpy\(',
+        ('Use FXSYS_memcpy() in place of memcpy().',),
+        True,
+        [_THIRD_PARTY],
+    ),
+    (
+        r'/\bmemmove\(',
+        ('Use FXSYS_memmove() in place of memmove().',),
+        True,
+        [_THIRD_PARTY],
+    ),
+    (
+        r'/\bmemset\(',
+        ('Use FXSYS_memset() in place of memset().',),
+        True,
+        [_THIRD_PARTY],
+    ),
+    (
+        r'/\bmemclr\(',
+        ('Use FXSYS_memclr() in place of memclr().',),
+        True,
+        [_THIRD_PARTY],
+    ),
 )
 
 

core/fxcodec/flate/flatemodule.cpp

diff --git a/core/fxcodec/flate/flatemodule.cpp b/core/fxcodec/flate/flatemodule.cpp
index 52ec687..0882d93 100644
--- a/core/fxcodec/flate/flatemodule.cpp
+++ b/core/fxcodec/flate/flatemodule.cpp
@@ -26,7 +26,6 @@
 #include "core/fxcrt/fixed_size_data_vector.h"
 #include "core/fxcrt/fx_extension.h"
 #include "core/fxcrt/fx_memcpy_wrappers.h"
-#include "core/fxcrt/fx_memory_wrappers.h"
 #include "core/fxcrt/fx_safe_types.h"
 #include "core/fxcrt/notreached.h"
 #include "core/fxcrt/numerics/safe_conversions.h"
@@ -324,7 +323,7 @@
   const uint32_t BytesPerPixel = (bpc * nColors + 7) / 8;
   uint8_t tag = pSrcData[0];
   if (tag == 0) {
-    memmove(pDestData, pSrcData + 1, row_size);
+    FXSYS_memmove(pDestData, pSrcData + 1, row_size);
     return;
   }
   for (uint32_t byte = 0; byte < row_size; ++byte) {

core/fxcodec/progressive_decoder.cpp

diff --git a/core/fxcodec/progressive_decoder.cpp b/core/fxcodec/progressive_decoder.cpp
index 67420c8..7752fa3 100644
--- a/core/fxcodec/progressive_decoder.cpp
+++ b/core/fxcodec/progressive_decoder.cpp
@@ -505,7 +505,7 @@
                               .subspan(dest_ScanOffset)
                               .data();
       uint32_t size = m_sizeX * dest_Bpp;
-      memmove(scan_des, scan_src, size);
+      FXSYS_memmove(scan_des, scan_src, size);
     }
   }
   if (bLastPass)
@@ -573,7 +573,7 @@
                               .subspan(dest_ScanOffset)
                               .data();
       uint32_t size = m_sizeX * dest_Bpp;
-      memmove(scan_des, scan_src, size);
+      FXSYS_memmove(scan_des, scan_src, size);
     }
     return;
   }

xfa/fde/cfde_texteditengine.cpp

diff --git a/xfa/fde/cfde_texteditengine.cpp b/xfa/fde/cfde_texteditengine.cpp
index 560286a..41f5684 100644
--- a/xfa/fde/cfde_texteditengine.cpp
+++ b/xfa/fde/cfde_texteditengine.cpp
@@ -17,6 +17,7 @@
 #include "core/fxcrt/check.h"
 #include "core/fxcrt/check_op.h"
 #include "core/fxcrt/fx_extension.h"
+#include "core/fxcrt/fx_memory_wrappers.h"
 #include "core/fxcrt/numerics/safe_conversions.h"
 #include "core/fxcrt/span_util.h"
 #include "core/fxge/text_char_pos.h"
@@ -160,13 +161,13 @@
 
   // Move the gap, if necessary.
   if (idx < gap_position_) {
-    memmove(content_.data() + idx + gap_size_, content_.data() + idx,
-            (gap_position_ - idx) * char_size);
+    FXSYS_memmove(content_.data() + idx + gap_size_, content_.data() + idx,
+                  (gap_position_ - idx) * char_size);
     gap_position_ = idx;
   } else if (idx > gap_position_) {
-    memmove(content_.data() + gap_position_,
-            content_.data() + gap_position_ + gap_size_,
-            (idx - gap_position_) * char_size);
+    FXSYS_memmove(content_.data() + gap_position_,
+                  content_.data() + gap_position_ + gap_size_,
+                  (idx - gap_position_) * char_size);
     gap_position_ = idx;
   }
 
@@ -175,9 +176,9 @@
     size_t new_gap_size = length + kGapSize;
     content_.resize(text_length_ + new_gap_size);
 
-    memmove(content_.data() + gap_position_ + new_gap_size,
-            content_.data() + gap_position_ + gap_size_,
-            (text_length_ - gap_position_) * char_size);
+    FXSYS_memmove(content_.data() + gap_position_ + new_gap_size,
+                  content_.data() + gap_position_ + gap_size_,
+                  (text_length_ - gap_position_) * char_size);
 
     gap_size_ = new_gap_size;
   }