Mass convert memmove() to FXSYS_memmove().
Then ban all equivalent C RTL functions via a PRESUBMIT check.
The FXSYS_ form requires callers to specify UNSAFE_BUFFERS(). Most
affected files are already have suppresssion #pragmas.
Change-Id: I47d1a74f4eb7b1daa5fa922919326a52b03c98fb
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/118391
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Thomas Sepez <tsepez@google.com>
diff --git a/PRESUBMIT.py b/PRESUBMIT.py
index 9bce21d..58cc45e 100644
--- a/PRESUBMIT.py
+++ b/PRESUBMIT.py
@@ -63,7 +63,7 @@
[_THIRD_PARTY],
),
(
- r'/v8::Isolate::(?:|Try)GetCurrent()',
+ r'/v8::Isolate::(?:|Try)GetCurrent\(\)',
(
'v8::Isolate::GetCurrent() and v8::Isolate::TryGetCurrent() are',
'banned. Hold a pointer to the v8::Isolate that was entered. Use',
@@ -73,6 +73,30 @@
True,
(),
),
+ (
+ r'/\bmemcpy\(',
+ ('Use FXSYS_memcpy() in place of memcpy().',),
+ True,
+ [_THIRD_PARTY],
+ ),
+ (
+ r'/\bmemmove\(',
+ ('Use FXSYS_memmove() in place of memmove().',),
+ True,
+ [_THIRD_PARTY],
+ ),
+ (
+ r'/\bmemset\(',
+ ('Use FXSYS_memset() in place of memset().',),
+ True,
+ [_THIRD_PARTY],
+ ),
+ (
+ r'/\bmemclr\(',
+ ('Use FXSYS_memclr() in place of memclr().',),
+ True,
+ [_THIRD_PARTY],
+ ),
)
diff --git a/core/fxcodec/flate/flatemodule.cpp b/core/fxcodec/flate/flatemodule.cpp
index 52ec687..0882d93 100644
--- a/core/fxcodec/flate/flatemodule.cpp
+++ b/core/fxcodec/flate/flatemodule.cpp
@@ -26,7 +26,6 @@
#include "core/fxcrt/fixed_size_data_vector.h"
#include "core/fxcrt/fx_extension.h"
#include "core/fxcrt/fx_memcpy_wrappers.h"
-#include "core/fxcrt/fx_memory_wrappers.h"
#include "core/fxcrt/fx_safe_types.h"
#include "core/fxcrt/notreached.h"
#include "core/fxcrt/numerics/safe_conversions.h"
@@ -324,7 +323,7 @@
const uint32_t BytesPerPixel = (bpc * nColors + 7) / 8;
uint8_t tag = pSrcData[0];
if (tag == 0) {
- memmove(pDestData, pSrcData + 1, row_size);
+ FXSYS_memmove(pDestData, pSrcData + 1, row_size);
return;
}
for (uint32_t byte = 0; byte < row_size; ++byte) {
diff --git a/core/fxcodec/progressive_decoder.cpp b/core/fxcodec/progressive_decoder.cpp
index 67420c8..7752fa3 100644
--- a/core/fxcodec/progressive_decoder.cpp
+++ b/core/fxcodec/progressive_decoder.cpp
@@ -505,7 +505,7 @@
.subspan(dest_ScanOffset)
.data();
uint32_t size = m_sizeX * dest_Bpp;
- memmove(scan_des, scan_src, size);
+ FXSYS_memmove(scan_des, scan_src, size);
}
}
if (bLastPass)
@@ -573,7 +573,7 @@
.subspan(dest_ScanOffset)
.data();
uint32_t size = m_sizeX * dest_Bpp;
- memmove(scan_des, scan_src, size);
+ FXSYS_memmove(scan_des, scan_src, size);
}
return;
}
diff --git a/xfa/fde/cfde_texteditengine.cpp b/xfa/fde/cfde_texteditengine.cpp
index 560286a..41f5684 100644
--- a/xfa/fde/cfde_texteditengine.cpp
+++ b/xfa/fde/cfde_texteditengine.cpp
@@ -17,6 +17,7 @@
#include "core/fxcrt/check.h"
#include "core/fxcrt/check_op.h"
#include "core/fxcrt/fx_extension.h"
+#include "core/fxcrt/fx_memory_wrappers.h"
#include "core/fxcrt/numerics/safe_conversions.h"
#include "core/fxcrt/span_util.h"
#include "core/fxge/text_char_pos.h"
@@ -160,13 +161,13 @@
// Move the gap, if necessary.
if (idx < gap_position_) {
- memmove(content_.data() + idx + gap_size_, content_.data() + idx,
- (gap_position_ - idx) * char_size);
+ FXSYS_memmove(content_.data() + idx + gap_size_, content_.data() + idx,
+ (gap_position_ - idx) * char_size);
gap_position_ = idx;
} else if (idx > gap_position_) {
- memmove(content_.data() + gap_position_,
- content_.data() + gap_position_ + gap_size_,
- (idx - gap_position_) * char_size);
+ FXSYS_memmove(content_.data() + gap_position_,
+ content_.data() + gap_position_ + gap_size_,
+ (idx - gap_position_) * char_size);
gap_position_ = idx;
}
@@ -175,9 +176,9 @@
size_t new_gap_size = length + kGapSize;
content_.resize(text_length_ + new_gap_size);
- memmove(content_.data() + gap_position_ + new_gap_size,
- content_.data() + gap_position_ + gap_size_,
- (text_length_ - gap_position_) * char_size);
+ FXSYS_memmove(content_.data() + gap_position_ + new_gap_size,
+ content_.data() + gap_position_ + gap_size_,
+ (text_length_ - gap_position_) * char_size);
gap_size_ = new_gap_size;
}