commit 946c0d382c532bc3d4067342037bfb98bda83584
author Tom Sepez <tsepez@chromium.org> Thu May 09 20:47:23 2024 +0000
committer Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu May 09 20:47:23 2024 +0000
tree 3b04226d21838ef76e5d4b65f0a0a27eb477cd8a
parent 9e67709fb358aa9bf1c5906007e92b918d819944

Remove file-wide unsafe_buffers pragmas from fpdfsdk/fpdf*.cpp

Bug: pdfium:2154
Change-Id: I1fa8eff1f51eda4fb1a10ca0e04095619608c023
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/118970
Reviewed-by: Thomas Sepez <tsepez@google.com>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>

fpdfsdk/fpdf_attachment.cpp

diff --git a/fpdfsdk/fpdf_attachment.cpp b/fpdfsdk/fpdf_attachment.cpp
index 398bd47..dfd48a7 100644
--- a/fpdfsdk/fpdf_attachment.cpp
+++ b/fpdfsdk/fpdf_attachment.cpp
@@ -2,11 +2,6 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#if defined(UNSAFE_BUFFERS_BUILD)
-// TODO(crbug.com/pdfium/2153): resolve buffer safety issues.
-#pragma allow_unsafe_buffers
-#endif
-
 #include "public/fpdf_attachment.h"
 
 #include <limits.h>
@@ -56,7 +51,9 @@
 
   char buf[32];
   for (int i = 0; i < 16; ++i) {
-    FXSYS_IntToTwoHexChars(digest[i], &buf[i * 2]);
+    // TODO(crbug.com/pdfium/2155): resolve safety issues.
+    FXSYS_IntToTwoHexChars(UNSAFE_BUFFERS(digest[i]),
+                           UNSAFE_BUFFERS(&buf[i * 2]));
   }
   return ByteString(buf, 32);
 }
@@ -141,8 +138,9 @@
     return 0;
 
   CPDF_FileSpec spec(pdfium::WrapRetain(pFile));
-  return Utf16EncodeMaybeCopyAndReturnLength(spec.GetFileName(), buffer,
-                                             buflen);
+  // SAFETY: required from caller.
+  return UNSAFE_BUFFERS(
+      Utf16EncodeMaybeCopyAndReturnLength(spec.GetFileName(), buffer, buflen));
 }
 
 FPDF_EXPORT FPDF_BOOL FPDF_CALLCONV
@@ -216,8 +214,9 @@
                   ->GetUnicodeText();
     }
   }
-
-  return Utf16EncodeMaybeCopyAndReturnLength(value, buffer, buflen);
+  // SAFETY: required from caller.
+  return UNSAFE_BUFFERS(
+      Utf16EncodeMaybeCopyAndReturnLength(value, buffer, buflen));
 }
 
 FPDF_EXPORT FPDF_BOOL FPDF_CALLCONV
@@ -260,9 +259,13 @@
 
   // Create the file stream and have the filespec dictionary link to it.
   const uint8_t* contents_as_bytes = static_cast<const uint8_t*>(contents);
+
+  // TODO(crbug.com/pdfium/2155): resolve safety issues.
   auto pFileStream = pDoc->NewIndirect<CPDF_Stream>(
-      DataVector<uint8_t>(contents_as_bytes, contents_as_bytes + len),
+      DataVector<uint8_t>(contents_as_bytes,
+                          UNSAFE_BUFFERS(contents_as_bytes + len)),
       std::move(pFileStreamDict));
+
   auto pEFDict = pFile->AsMutableDictionary()->SetNewFor<CPDF_Dictionary>("EF");
   pEFDict->SetNewFor<CPDF_Reference>("F", pDoc, pFileStream->GetObjNum());
   return true;