Add DCHECK() for non-zero sized spans with null data members.
Stop short of making this a CHECK() for now since we'll likely segv
when de-referncing any of the span's elements.
-- fix one test where we deliberately violate this.
Change-Id: I2cfa78f9f4e1d75e1f964930386fd3ef3c775d12
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/100530
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/core/fxcrt/cfx_bitstream_unittest.cpp b/core/fxcrt/cfx_bitstream_unittest.cpp
index 4ca380c..9debbd0 100644
--- a/core/fxcrt/cfx_bitstream_unittest.cpp
+++ b/core/fxcrt/cfx_bitstream_unittest.cpp
@@ -158,9 +158,10 @@
// We can't actually allocate enough memory to test the limits of
// the bitstream arithmetic, but as long as we don't try to extract
// any bits, the calculations should be unaffected.
+ const uint8_t kNotReallyBigEnough[32] = {};
constexpr size_t kAllocationBytes = std::numeric_limits<size_t>::max() / 8;
constexpr size_t kAllocationBits = kAllocationBytes * 8;
- CFX_BitStream bitstream({nullptr, kAllocationBytes});
+ CFX_BitStream bitstream({kNotReallyBigEnough, kAllocationBytes});
EXPECT_FALSE(bitstream.IsEOF());
EXPECT_EQ(0U, bitstream.GetPos());
EXPECT_EQ(kAllocationBits, bitstream.BitsRemaining());
diff --git a/third_party/base/span.h b/third_party/base/span.h
index b19544a..f819e92 100644
--- a/third_party/base/span.h
+++ b/third_party/base/span.h
@@ -189,7 +189,9 @@
// [span.cons], span constructors, copy, assignment, and destructor
constexpr span() noexcept : data_(nullptr), size_(0) {}
- constexpr span(T* data, size_t size) noexcept : data_(data), size_(size) {}
+ constexpr span(T* data, size_t size) noexcept : data_(data), size_(size) {
+ DCHECK(data_ || size_ == 0);
+ }
// TODO(dcheng): Implement construction from a |begin| and |end| pointer.
template <size_t N>