Google Git
Sign in
pdfium/pdfium.git/refs/heads/chromium/3722^!/.
commit
ac0f524bb10359d2d152b2001bc33e5bdc212c49
[log]
author
Lei Zhang <thestig@chromium.org>
Tue Feb 26 22:33:19 2019 +0000
committer
Chromium commit bot <commit-bot@chromium.org>
Tue Feb 26 22:33:19 2019 +0000
tree
6a5b2edfe38fcb56347ba1b88c60874bc9d94cd3
parent
4d246231ade4283d6de66682163abd793df53c4e [diff]
Optimize FindSubWordLength().

Avoid bounds checking on every element access. This can be very slow
when fuzzing.

BUG=chromium:935241

Change-Id: I9dd331a30dcc1210b6fb43f316dc753c092cbc57
Reviewed-on: https://pdfium-review.googlesource.com/c/51210
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña Moreno <npm@chromium.org>

diff --git a/fxjs/fx_date_helpers.cpp b/fxjs/fx_date_helpers.cpp
index 15f762d..df553b6 100644
--- a/fxjs/fx_date_helpers.cpp
+++ b/fxjs/fx_date_helpers.cpp

@@ -165,8 +165,14 @@
 }
 
 size_t FindSubWordLength(const WideString& str, size_t nStart) {
+  // It is safer, but slower to use WideString::operator[]. Although this code
+  // is normally not performance critical, fuzzers will exercise this code with
+  // very long values for |str|. To keep the fuzzers from timing out, get the
+  // raw string here, and be very careful while accessing it.
+  const wchar_t* data = str.c_str();
+  size_t length = str.GetLength();
   size_t i = nStart;
-  while (i < str.GetLength() && std::iswalnum(str[i]))
+  while (i < length && std::iswalnum(data[i]))
     ++i;
   return i - nStart;
 }