commit 565437d28cc700712e7c0dd70c6cd64c14b59d16
author Lei Zhang <thestig@chromium.org> Thu Aug 04 17:41:13 2022 +0000
committer Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Aug 04 17:41:13 2022 +0000
tree a820c3a4cb4808609239cef90538ee79dc591eee
parent da7723d86e20e5eafddf268b055e66b746cf8ff7

Limit max precision in FormCalc Str() function.

Use the same max precision limit as Acrobat Reader and do not allow
arbitrarily large precision.

Bug: chromium:1337993
Change-Id: Icdcb77040ab8d5a356ed39cab855861d5da8513b
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/96030
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

fxjs/xfa/cfxjse_formcalc_context.cpp

diff --git a/fxjs/xfa/cfxjse_formcalc_context.cpp b/fxjs/xfa/cfxjse_formcalc_context.cpp
index 7ae9533..feedf02 100644
--- a/fxjs/xfa/cfxjse_formcalc_context.cpp
+++ b/fxjs/xfa/cfxjse_formcalc_context.cpp
@@ -4194,7 +4194,8 @@
   }
   float fNumber = ValueToFloat(info.GetIsolate(), numberValue);
 
-  int32_t iWidth = 10;
+  constexpr int32_t kDefaultWidth = 10;
+  int32_t iWidth = kDefaultWidth;
   if (argc > 1) {
     v8::Local<v8::Value> widthValue = GetSimpleValue(info, 1);
     iWidth = static_cast<int32_t>(ValueToFloat(info.GetIsolate(), widthValue));
@@ -4204,11 +4205,14 @@
     }
   }
 
-  int32_t iPrecision = 0;
+  constexpr int32_t kDefaultPrecision = 0;
+  int32_t iPrecision = kDefaultPrecision;
   if (argc > 2) {
-    v8::Local<v8::Value> precisionValue = GetSimpleValue(info, 2);
+    constexpr int32_t kMaxPrecision = 15;
+    v8::Local<v8::Value> precision_value = GetSimpleValue(info, 2);
     iPrecision = std::max(0, static_cast<int32_t>(ValueToFloat(
-                                 info.GetIsolate(), precisionValue)));
+                                 info.GetIsolate(), precision_value)));
+    iPrecision = std::min(iPrecision, kMaxPrecision);
   }
 
   ByteString bsFormat = "%";

fxjs/xfa/cfxjse_formcalc_context_embeddertest.cpp

diff --git a/fxjs/xfa/cfxjse_formcalc_context_embeddertest.cpp b/fxjs/xfa/cfxjse_formcalc_context_embeddertest.cpp
index cc8f249..d53dad1 100644
--- a/fxjs/xfa/cfxjse_formcalc_context_embeddertest.cpp
+++ b/fxjs/xfa/cfxjse_formcalc_context_embeddertest.cpp
@@ -826,6 +826,11 @@
   ExecuteExpectString("Str(234.458, 4)", " 234");
   ExecuteExpectString("Str(31.2345, 4, 2)", "****");
 
+  // Test maximum "n3" precision value.
+  ExecuteExpectString("Str(-765, 19, 14)", "-765.00000000000000");
+  ExecuteExpectString("Str(-765, 20, 15)", "-765.000000000000000");
+  ExecuteExpectString("Str(-765, 21, 16)", " -765.000000000000000");
+
   // Error cases.
   ExecuteExpectError("Str()");
   ExecuteExpectError("Str(1, 2, 3, 4)");