Mark unsafe regions in core/fpdfapi files.
One file remains in this directory which is suppressed at file level,
since it is not straightforward to fix.
Bug: pdfium: 42271175
Change-Id: I33c833aab44f7210482c4bcd6b4fc640e47aaaba
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/119572
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Thomas Sepez <tsepez@google.com>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/core/fpdfapi/render/cpdf_docrenderdata.cpp b/core/fpdfapi/render/cpdf_docrenderdata.cpp
index fd0a7cc..fa60b75 100644
--- a/core/fpdfapi/render/cpdf_docrenderdata.cpp
+++ b/core/fpdfapi/render/cpdf_docrenderdata.cpp
@@ -4,11 +4,6 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
-#if defined(UNSAFE_BUFFERS_BUILD)
-// TODO(crbug.com/pdfium/2154): resolve buffer safety issues.
-#pragma allow_unsafe_buffers
-#endif
-
#include "core/fpdfapi/render/cpdf_docrenderdata.h"
#include <stdint.h>
@@ -25,6 +20,7 @@
#include "core/fpdfapi/parser/cpdf_array.h"
#include "core/fpdfapi/parser/cpdf_document.h"
#include "core/fpdfapi/render/cpdf_type3cache.h"
+#include "core/fxcrt/compiler_specific.h"
#include "core/fxcrt/fixed_size_data_vector.h"
#if BUILDFLAG(IS_WIN)
@@ -89,9 +85,11 @@
return nullptr;
for (uint32_t i = 0; i < 3; ++i) {
- pFuncs[2 - i] = CPDF_Function::Load(pArray->GetDirectObjectAt(i));
- if (!pFuncs[2 - i])
+ UNSAFE_TODO(pFuncs[2 - i]) =
+ CPDF_Function::Load(pArray->GetDirectObjectAt(i));
+ if (!UNSAFE_TODO(pFuncs[2 - i])) {
return nullptr;
+ }
}
} else {
pFuncs[0] = CPDF_Function::Load(pObj);
@@ -116,11 +114,11 @@
for (size_t v = 0; v < CPDF_TransferFunc::kChannelSampleSize; ++v) {
float input = static_cast<float>(v) / 255.0f;
for (int i = 0; i < 3; ++i) {
- if (pFuncs[i]->OutputCount() > kMaxOutputs) {
+ if (UNSAFE_TODO(pFuncs[i])->OutputCount() > kMaxOutputs) {
samples[i][v] = v;
continue;
}
- pFuncs[i]->Call(pdfium::span_from_ref(input), output);
+ UNSAFE_TODO(pFuncs[i])->Call(pdfium::span_from_ref(input), output);
size_t o = FXSYS_roundf(output[0] * 255);
if (o != v)
bIdentity = false;
diff --git a/core/fpdfapi/render/cpdf_imagerenderer.cpp b/core/fpdfapi/render/cpdf_imagerenderer.cpp
index f7cb1d1..d68fb29 100644
--- a/core/fpdfapi/render/cpdf_imagerenderer.cpp
+++ b/core/fpdfapi/render/cpdf_imagerenderer.cpp
@@ -4,11 +4,6 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
-#if defined(UNSAFE_BUFFERS_BUILD)
-// TODO(crbug.com/pdfium/2154): resolve buffer safety issues.
-#pragma allow_unsafe_buffers
-#endif
-
#include "core/fpdfapi/render/cpdf_imagerenderer.h"
#include <math.h>
@@ -36,6 +31,7 @@
#include "core/fpdfapi/render/cpdf_rendercontext.h"
#include "core/fpdfapi/render/cpdf_renderstatus.h"
#include "core/fxcrt/check.h"
+#include "core/fxcrt/compiler_specific.h"
#include "core/fxcrt/fx_safe_types.h"
#include "core/fxcrt/maybe_owned.h"
#include "core/fxge/cfx_defaultrenderdevice.h"
@@ -263,18 +259,18 @@
const uint8_t* mask_scan =
mask_device.GetBitmap()->GetScanline(row).data();
for (int col = 0; col < rect.Width(); col++) {
- int alpha = *mask_scan++;
+ int alpha = UNSAFE_TODO(*mask_scan++);
if (!alpha) {
- dest_scan += 4;
+ UNSAFE_TODO(dest_scan += 4);
continue;
}
int orig = (*dest_scan - matte_b) * 255 / alpha + matte_b;
- *dest_scan++ = std::clamp(orig, 0, 255);
+ UNSAFE_TODO(*dest_scan++) = std::clamp(orig, 0, 255);
orig = (*dest_scan - matte_g) * 255 / alpha + matte_g;
- *dest_scan++ = std::clamp(orig, 0, 255);
+ UNSAFE_TODO(*dest_scan++) = std::clamp(orig, 0, 255);
orig = (*dest_scan - matte_r) * 255 / alpha + matte_r;
- *dest_scan++ = std::clamp(orig, 0, 255);
- dest_scan++;
+ UNSAFE_TODO(*dest_scan++) = std::clamp(orig, 0, 255);
+ UNSAFE_TODO(dest_scan++);
}
}
}
diff --git a/core/fpdfapi/render/cpdf_renderstatus.cpp b/core/fpdfapi/render/cpdf_renderstatus.cpp
index a22fb8b..9c2dd94 100644
--- a/core/fpdfapi/render/cpdf_renderstatus.cpp
+++ b/core/fpdfapi/render/cpdf_renderstatus.cpp
@@ -4,11 +4,6 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
-#if defined(UNSAFE_BUFFERS_BUILD)
-// TODO(crbug.com/pdfium/2154): resolve buffer safety issues.
-#pragma allow_unsafe_buffers
-#endif
-
#include "core/fpdfapi/render/cpdf_renderstatus.h"
#include <stdint.h>
@@ -58,6 +53,7 @@
#include "core/fpdfapi/render/cpdf_type3cache.h"
#include "core/fxcrt/autorestorer.h"
#include "core/fxcrt/check.h"
+#include "core/fxcrt/compiler_specific.h"
#include "core/fxcrt/containers/contains.h"
#include "core/fxcrt/data_vector.h"
#include "core/fxcrt/fx_2d_size.h"
@@ -1236,7 +1232,7 @@
uint32_t fill_argb = m_Options.TranslateColor(mask_argb);
if (alpha != 1.0f) {
uint8_t* fill_argb8 = reinterpret_cast<uint8_t*>(&fill_argb);
- fill_argb8[3] *= FXSYS_roundf(alpha * 255) / 255;
+ UNSAFE_TODO(fill_argb8[3]) *= FXSYS_roundf(alpha * 255) / 255;
}
if (m_pDevice->SetBitMask(bitmap, left, top, fill_argb)) {
return;
@@ -1409,8 +1405,10 @@
uint8_t* dest_pos = dest_buf.subspan(dest_offset).data();
const uint8_t* src_pos = src_buf.subspan(src_offset).data();
for (int col = 0; col < width; col++) {
- *dest_pos++ = transfers[FXRGB2GRAY(src_pos[2], src_pos[1], *src_pos)];
- src_pos += Bpp;
+ UNSAFE_TODO({
+ *dest_pos++ = transfers[FXRGB2GRAY(src_pos[2], src_pos[1], *src_pos)];
+ src_pos += Bpp;
+ });
}
}
} else if (pFunc) {
diff --git a/core/fpdfapi/render/cpdf_type3cache.cpp b/core/fpdfapi/render/cpdf_type3cache.cpp
index 0a793d0..b75aaea 100644
--- a/core/fpdfapi/render/cpdf_type3cache.cpp
+++ b/core/fpdfapi/render/cpdf_type3cache.cpp
@@ -4,11 +4,6 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
-#if defined(UNSAFE_BUFFERS_BUILD)
-// TODO(crbug.com/pdfium/2154): resolve buffer safety issues.
-#pragma allow_unsafe_buffers
-#endif
-
#include "core/fpdfapi/render/cpdf_type3cache.h"
#include <math.h>
@@ -19,6 +14,7 @@
#include "core/fpdfapi/font/cpdf_type3char.h"
#include "core/fpdfapi/font/cpdf_type3font.h"
#include "core/fpdfapi/render/cpdf_type3glyphmap.h"
+#include "core/fxcrt/compiler_specific.h"
#include "core/fxcrt/fx_coordinates.h"
#include "core/fxcrt/fx_safe_types.h"
#include "core/fxge/cfx_glyphbitmap.h"
@@ -30,16 +26,19 @@
bool IsScanLine1bpp(const uint8_t* pBuf, int width) {
int size = width / 8;
for (int i = 0; i < size; i++) {
- if (pBuf[i])
+ if (UNSAFE_TODO(pBuf[i])) {
return true;
+ }
}
- return (width % 8) && (pBuf[width / 8] & (0xff << (8 - width % 8)));
+ return (width % 8) &&
+ (UNSAFE_TODO(pBuf[width / 8]) & (0xff << (8 - width % 8)));
}
bool IsScanLine8bpp(const uint8_t* pBuf, int width) {
for (int i = 0; i < width; i++) {
- if (pBuf[i] > 0x40)
+ if (UNSAFE_TODO(pBuf[i]) > 0x40) {
return true;
+ }
}
return false;
}