Convert UNSAFE_TODO() to UNSAFE_BUFFERS() at API point.
Updates TestAsyncLoader.
We need to trust the caller across a public API, so move the unsafe
conversion right up against it, and use spans further down.
Change-Id: Ida01dbba15064ee36c4e4435bedae1c831232244
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/133293
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/fpdfsdk/fpdf_dataavail_embeddertest.cpp b/fpdfsdk/fpdf_dataavail_embeddertest.cpp
index 834ec53..12c6a65 100644
--- a/fpdfsdk/fpdf_dataavail_embeddertest.cpp
+++ b/fpdfsdk/fpdf_dataavail_embeddertest.cpp
@@ -107,18 +107,16 @@
return available_ranges_.Contains(RangeSet::Range(start, start + size));
}
- int GetBlockImpl(unsigned long pos, unsigned char* pBuf, unsigned long size) {
- if (!IsDataAvailImpl(pos, size)) {
+ int GetBlockImpl(size_t pos, pdfium::span<unsigned char> buf) {
+ if (!IsDataAvailImpl(pos, buf.size())) {
return 0;
}
- const unsigned long end = std::min(
- pdfium::checked_cast<unsigned long>(file_contents_.size()), pos + size);
+ const size_t end = std::min(file_contents_.size(), buf.size() + pos);
if (end <= pos) {
return 0;
}
- const unsigned long bytes_to_copy = end - pos;
- fxcrt::Copy(file_contents().subspan(pos, bytes_to_copy),
- UNSAFE_TODO(pdfium::span(pBuf, size)));
+ const size_t bytes_to_copy = end - pos;
+ fxcrt::Copy(file_contents().subspan(pos, bytes_to_copy), buf);
SetDataAvailable(pos, bytes_to_copy);
return static_cast<int>(bytes_to_copy);
}
@@ -143,7 +141,9 @@
unsigned long pos,
unsigned char* pBuf,
unsigned long size) {
- return static_cast<TestAsyncLoader*>(param)->GetBlockImpl(pos, pBuf, size);
+ // SAFETY: required from caller across public API.
+ return static_cast<TestAsyncLoader*>(param)->GetBlockImpl(
+ pos, UNSAFE_BUFFERS(pdfium::span(pBuf, size)));
}
static void SAddSegment(FX_DOWNLOADHINTS* pThis, size_t offset, size_t size) {
