Saturate, rather than CHECK() in FX_Number
The CHECK() introduced in
https://pdfium-review.googlesource.com/c/pdfium/+/110970
was readily hit by the fuzzers. Keep them from tripping over this
condition by saturating instead (the behaviour is not well specified
so this seems reasonable).
Bug: chromium:1470690
Change-Id: Ib0230bd43dc67d2233ddccdb4c1004e3ad6e1347
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/111030
Auto-Submit: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
diff --git a/core/fxcrt/fx_number.cpp b/core/fxcrt/fx_number.cpp
index 4e58490..d577531 100644
--- a/core/fxcrt/fx_number.cpp
+++ b/core/fxcrt/fx_number.cpp
@@ -93,7 +93,7 @@
return m_SignedValue;
}
- return pdfium::base::checked_cast<int32_t>(m_FloatValue);
+ return pdfium::base::saturated_cast<int32_t>(m_FloatValue);
}
float FX_Number::GetFloat() const {
diff --git a/core/fxcrt/fx_number_unittest.cpp b/core/fxcrt/fx_number_unittest.cpp
index ebfdfe7..9a1d2eb 100644
--- a/core/fxcrt/fx_number_unittest.cpp
+++ b/core/fxcrt/fx_number_unittest.cpp
@@ -43,15 +43,18 @@
EXPECT_TRUE(number2.IsSigned());
EXPECT_EQ(-100, number2.GetSigned());
EXPECT_FLOAT_EQ(-100.001f, number2.GetFloat());
-}
-TEST(fxnumberDeathTest, FromFloatOutOfIntegerRange) {
- FX_Number number(1e17f);
- EXPECT_FALSE(number.IsInteger());
- EXPECT_TRUE(number.IsSigned());
- ASSERT_DEATH({ number.GetSigned(); },
- // The CHECK macro doesn't produce useful error messages
- "");
+ // Show positive saturation.
+ FX_Number number3(1e17f);
+ EXPECT_FALSE(number3.IsInteger());
+ EXPECT_TRUE(number3.IsSigned());
+ EXPECT_EQ(std::numeric_limits<int32_t>::max(), number3.GetSigned());
+
+ // Show negative saturation.
+ FX_Number number4(-1e17f);
+ EXPECT_FALSE(number4.IsInteger());
+ EXPECT_TRUE(number4.IsSigned());
+ EXPECT_EQ(std::numeric_limits<int32_t>::min(), number4.GetSigned());
}
TEST(fxnumber, FromStringUnsigned) {
