Avoid unsafe buffers in cfde_texteditengine
Mark some cases as UNSAFE_BUFFERS() yet to be resolved.
Bug: pdfium:2154, pdfium:2155
Change-Id: Ic5b5e3bb41914a1408dfec6202e63d9f126eb122
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/119110
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Thomas Sepez <tsepez@google.com>
diff --git a/xfa/fde/cfde_texteditengine.cpp b/xfa/fde/cfde_texteditengine.cpp
index 41f5684..94daa9c 100644
--- a/xfa/fde/cfde_texteditengine.cpp
+++ b/xfa/fde/cfde_texteditengine.cpp
@@ -4,11 +4,6 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
-#if defined(UNSAFE_BUFFERS_BUILD)
-// TODO(crbug.com/pdfium/2153): resolve buffer safety issues.
-#pragma allow_unsafe_buffers
-#endif
-
#include "xfa/fde/cfde_texteditengine.h"
#include <algorithm>
@@ -16,6 +11,7 @@
#include "core/fxcrt/check.h"
#include "core/fxcrt/check_op.h"
+#include "core/fxcrt/compiler_specific.h"
#include "core/fxcrt/fx_extension.h"
#include "core/fxcrt/fx_memory_wrappers.h"
#include "core/fxcrt/numerics/safe_conversions.h"
@@ -161,13 +157,16 @@
// Move the gap, if necessary.
if (idx < gap_position_) {
- FXSYS_memmove(content_.data() + idx + gap_size_, content_.data() + idx,
- (gap_position_ - idx) * char_size);
+ // TODO(crbug.com/pdfium/2155): resolve safety issues,
+ UNSAFE_BUFFERS(FXSYS_memmove(content_.data() + idx + gap_size_,
+ content_.data() + idx,
+ (gap_position_ - idx) * char_size));
gap_position_ = idx;
} else if (idx > gap_position_) {
- FXSYS_memmove(content_.data() + gap_position_,
- content_.data() + gap_position_ + gap_size_,
- (idx - gap_position_) * char_size);
+ // TODO(crbug.com/pdfium/2155): resolve safety issues,
+ UNSAFE_BUFFERS(FXSYS_memmove(content_.data() + gap_position_,
+ content_.data() + gap_position_ + gap_size_,
+ (idx - gap_position_) * char_size));
gap_position_ = idx;
}
@@ -176,9 +175,10 @@
size_t new_gap_size = length + kGapSize;
content_.resize(text_length_ + new_gap_size);
- FXSYS_memmove(content_.data() + gap_position_ + new_gap_size,
- content_.data() + gap_position_ + gap_size_,
- (text_length_ - gap_position_) * char_size);
+ // TODO(crbug.com/pdfium/2155): resolve safety issues,
+ UNSAFE_BUFFERS(FXSYS_memmove(content_.data() + gap_position_ + new_gap_size,
+ content_.data() + gap_position_ + gap_size_,
+ (text_length_ - gap_position_) * char_size));
gap_size_ = new_gap_size;
}
@@ -295,8 +295,8 @@
str += text;
if (text_length_ - gap_position_ > 0) {
- str += WideStringView(content_.data() + gap_position_ + gap_size_,
- text_length_ - gap_position_);
+ str += WideStringView(pdfium::make_span(content_).subspan(
+ gap_position_ + gap_size_, text_length_ - gap_position_));
}
if (validation_enabled_ && delegate_ && !delegate_->OnValidate(str)) {
@@ -759,28 +759,28 @@
if (selection_.start_idx < gap_position_) {
// Fully on left of gap.
if (selection_.start_idx + selection_.count < gap_position_) {
- text += WideStringView(content_.data() + selection_.start_idx,
- selection_.count);
+ text += WideStringView(pdfium::make_span(content_).subspan(
+ selection_.start_idx, selection_.count));
return text;
}
// Pre-gap text
- text += WideStringView(content_.data() + selection_.start_idx,
- gap_position_ - selection_.start_idx);
+ text += WideStringView(pdfium::make_span(content_).subspan(
+ selection_.start_idx, gap_position_ - selection_.start_idx));
if (selection_.count - (gap_position_ - selection_.start_idx) > 0) {
// Post-gap text
- text += WideStringView(
- content_.data() + gap_position_ + gap_size_,
- selection_.count - (gap_position_ - selection_.start_idx));
+ text += WideStringView(pdfium::make_span(content_).subspan(
+ gap_position_ + gap_size_,
+ selection_.count - (gap_position_ - selection_.start_idx)));
}
return text;
}
// Fully right of gap
- text += WideStringView(content_.data() + gap_size_ + selection_.start_idx,
- selection_.count);
+ text += WideStringView(pdfium::make_span(content_).subspan(
+ gap_size_ + selection_.start_idx, selection_.count));
return text;
}
@@ -823,8 +823,8 @@
length = std::min(length, text_length_ - start_idx);
AdjustGap(start_idx + length, 0);
- WideString ret;
- ret += WideStringView(content_.data() + start_idx, length);
+ WideString ret(
+ WideStringView(pdfium::make_span(content_).subspan(start_idx, length)));
if (add_operation == RecordOperation::kInsertRecord) {
AddOperationRecord(std::make_unique<DeleteOperation>(this, start_idx, ret));
@@ -879,11 +879,12 @@
WideString CFDE_TextEditEngine::GetText() const {
WideString str;
- if (gap_position_ > 0)
+ if (gap_position_ > 0) {
str += WideStringView(content_.data(), gap_position_);
+ }
if (text_length_ - gap_position_ > 0) {
- str += WideStringView(content_.data() + gap_position_ + gap_size_,
- text_length_ - gap_position_);
+ str += WideStringView(pdfium::make_span(content_).subspan(
+ gap_position_ + gap_size_, text_length_ - gap_position_));
}
return str;
}
diff --git a/xfa/fde/cfde_textout.cpp b/xfa/fde/cfde_textout.cpp
index a037b92..dc5fb55 100644
--- a/xfa/fde/cfde_textout.cpp
+++ b/xfa/fde/cfde_textout.cpp
@@ -4,11 +4,6 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
-#if defined(UNSAFE_BUFFERS_BUILD)
-// TODO(crbug.com/pdfium/2153): resolve buffer safety issues.
-#pragma allow_unsafe_buffers
-#endif
-
#include "xfa/fde/cfde_textout.h"
#include <algorithm>
@@ -17,6 +12,7 @@
#include "build/build_config.h"
#include "core/fxcrt/check.h"
#include "core/fxcrt/check_op.h"
+#include "core/fxcrt/compiler_specific.h"
#include "core/fxcrt/fx_coordinates.h"
#include "core/fxcrt/fx_extension.h"
#include "core/fxcrt/fx_system.h"
@@ -97,9 +93,9 @@
#else
font = pFxFont;
#endif
-
- device->DrawNormalText(pdfium::make_span(pCurCP, count), font,
- -fFontSize, matrix, color, kOptions);
+ // TODO(crbug.com/pdfium/2155): investigate safety issues.
+ device->DrawNormalText(UNSAFE_BUFFERS(pdfium::make_span(pCurCP, count)),
+ font, -fFontSize, matrix, color, kOptions);
}
pCurFont = pSTFont;
pCurCP = &pos;
@@ -108,8 +104,6 @@
++count;
}
}
-
- bool bRet = true;
if (pCurFont && count) {
pFxFont = pCurFont->GetDevFont();
CFX_Font* font;
@@ -120,12 +114,12 @@
#else
font = pFxFont;
#endif
-
- bRet = device->DrawNormalText(pdfium::make_span(pCurCP, count), font,
- -fFontSize, matrix, color, kOptions);
+ // TODO(crbug.com/pdfium/2155): investigate safety issues.
+ return device->DrawNormalText(
+ UNSAFE_BUFFERS(pdfium::make_span(pCurCP, count)), font, -fFontSize,
+ matrix, color, kOptions);
}
-
- return bRet;
+ return true;
}
CFDE_TextOut::Piece::Piece() = default;
diff --git a/xfa/fde/cfde_wordbreak_data.cpp b/xfa/fde/cfde_wordbreak_data.cpp
index 9c8bd57..557363a 100644
--- a/xfa/fde/cfde_wordbreak_data.cpp
+++ b/xfa/fde/cfde_wordbreak_data.cpp
@@ -4,17 +4,14 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
-#if defined(UNSAFE_BUFFERS_BUILD)
-// TODO(crbug.com/pdfium/2153): resolve buffer safety issues.
-#pragma allow_unsafe_buffers
-#endif
-
#include "xfa/fde/cfde_wordbreak_data.h"
+#include <array>
#include <iterator>
#include "core/fxcrt/check.h"
#include "core/fxcrt/fx_system.h"
+#include "core/fxcrt/span.h"
namespace {
@@ -37,7 +34,7 @@
1 << static_cast<int>(WordBreakProperty::kExtendNumLet),
};
-const uint16_t kWordBreakTable[] = {
+constexpr uint16_t kWordBreakTableData[] = {
// WordBreakProperty::kNone
0xFFFF,
@@ -85,9 +82,11 @@
kWordBreakMaskExtendNumLet)),
};
+const pdfium::span<const uint16_t> kWordBreakTable{kWordBreakTableData};
+
// Table of |WordBreakProperty| for each of the possible uint16_t values,
// packed as nibbles, with the low nibble first.
-const uint8_t kCodePointProperties[32768] = {
+const std::array<uint8_t, 32768> kCodePointProperties = {{
0x00, 0x00, 0x00, 0x00, 0x00, 0x23, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x90, 0xA0,
0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0x89, 0x00, 0x00, 0x07, 0x77, 0x77, 0x77,
@@ -2819,7 +2818,7 @@
0x00, 0x77, 0x77, 0x77, 0x00, 0x77, 0x77, 0x77, 0x00, 0x77, 0x77, 0x77,
0x00, 0x77, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x05, 0x55, 0x00, 0x00,
-};
+}};
} // namespace
