Fix build errors prior to roll of new compiler.
UNSAFE_BUFFER_USAGE is now applied to constructors.
-- Justify some calls as safe or TODO().
-- Add build dependency to get -D defines in tests.
Change-Id: I277ea6ad1744f0798f699bfaa96543e3384d9734
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/121091
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Thomas Sepez <tsepez@google.com>
diff --git a/core/fxcodec/jpx/jpx_unittest.cpp b/core/fxcodec/jpx/jpx_unittest.cpp
index 419f6f5..90a16b4 100644
--- a/core/fxcodec/jpx/jpx_unittest.cpp
+++ b/core/fxcodec/jpx/jpx_unittest.cpp
@@ -37,7 +37,7 @@
}
TEST(fxcodec, DecodeDataNullStream) {
- DecodeData dd(nullptr, 0);
+ DecodeData UNSAFE_TODO(dd(nullptr, 0)); // should have default ctor.
uint8_t buffer[16];
// Reads of size 0 do nothing but return an error code.
@@ -64,7 +64,7 @@
}
TEST(fxcodec, DecodeDataZeroSize) {
- DecodeData dd(stream_data, 0);
+ DecodeData UNSAFE_TODO(dd(stream_data, 0)); // Spanify ctor.
uint8_t buffer[16];
// Reads of size 0 do nothing but return an error code.
@@ -93,7 +93,7 @@
TEST(fxcodec, DecodeDataReadInBounds) {
uint8_t buffer[16];
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Exact sized read in a single call.
fxcrt::Fill(buffer, 0xbd);
@@ -109,7 +109,7 @@
EXPECT_EQ(0xbd, buffer[8]);
}
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Simple read.
fxcrt::Fill(buffer, 0xbd);
@@ -144,7 +144,7 @@
TEST(fxcodec, DecodeDataReadBeyondBounds) {
uint8_t buffer[16];
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Read beyond bounds in a single step.
fxcrt::Fill(buffer, 0xbd);
@@ -160,7 +160,7 @@
EXPECT_EQ(0xbd, buffer[8]);
}
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Read well beyond bounds in a single step.
fxcrt::Fill(buffer, 0xbd);
@@ -177,7 +177,7 @@
EXPECT_EQ(0xbd, buffer[8]);
}
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Read of size 6 gets first 6 bytes.
// rest of buffer intact.
@@ -210,7 +210,7 @@
TEST(fxcodec, DecodeDataSkip) {
uint8_t buffer[16];
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Skiping within buffer is allowed.
fxcrt::Fill(buffer, 0xbd);
@@ -239,7 +239,7 @@
EXPECT_EQ(0xbd, buffer[0]);
}
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Skiping directly to EOS is allowed.
fxcrt::Fill(buffer, 0xbd);
@@ -250,7 +250,7 @@
EXPECT_EQ(0xbd, buffer[0]);
}
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Skipping beyond end of stream is allowed and returns full distance.
fxcrt::Fill(buffer, 0xbd);
@@ -261,7 +261,7 @@
EXPECT_EQ(0xbd, buffer[0]);
}
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Skipping way beyond EOS is allowd, doesn't wrap, and returns
// full distance.
@@ -275,7 +275,7 @@
EXPECT_EQ(0xbd, buffer[0]);
}
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Negative skip within buffer not is allowed, position unchanged.
fxcrt::Fill(buffer, 0xbd);
@@ -297,7 +297,7 @@
EXPECT_EQ(0xbd, buffer[1]);
}
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Negative skip way before buffer is not allowed, doesn't wrap
fxcrt::Fill(buffer, 0xbd);
@@ -311,7 +311,7 @@
EXPECT_EQ(0xbd, buffer[1]);
}
{
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Negative skip after EOS isn't alowed, still EOS.
fxcrt::Fill(buffer, 0xbd);
@@ -326,7 +326,7 @@
TEST(fxcodec, DecodeDataSeek) {
uint8_t buffer[16];
- DecodeData dd(stream_data, sizeof(stream_data));
+ DecodeData UNSAFE_TODO(dd(stream_data, sizeof(stream_data)));
// Seeking within buffer is allowed and read succeeds
fxcrt::Fill(buffer, 0xbd);
diff --git a/core/fxcrt/bytestring.cpp b/core/fxcrt/bytestring.cpp
index e9925f7..70a8192 100644
--- a/core/fxcrt/bytestring.cpp
+++ b/core/fxcrt/bytestring.cpp
@@ -51,7 +51,7 @@
// static
ByteString ByteString::FormatFloat(float f) {
char buf[32];
- return ByteString(buf, FloatToString(f, buf));
+ return UNSAFE_TODO(ByteString(buf, FloatToString(f, buf)));
}
// static
diff --git a/core/fxcrt/fixed_size_data_vector.h b/core/fxcrt/fixed_size_data_vector.h
index 621d41e..c96675d 100644
--- a/core/fxcrt/fixed_size_data_vector.h
+++ b/core/fxcrt/fixed_size_data_vector.h
@@ -35,7 +35,8 @@
if (size == 0) {
return FixedSizeDataVector();
}
- return FixedSizeDataVector(FX_AllocUninit(T, size), size);
+ // SAFETY: same `size` value passed to FX_Alloc() as to the ctor.
+ return UNSAFE_BUFFERS(FixedSizeDataVector(FX_AllocUninit(T, size), size));
}
// Allocates a vector of the given size with zeroed memory.
@@ -44,7 +45,8 @@
if (size == 0) {
return FixedSizeDataVector();
}
- return FixedSizeDataVector(FX_Alloc(T, size), size);
+ // SAFETY: same `size` value passed to FX_Alloc() as to the ctor.
+ return UNSAFE_BUFFERS(FixedSizeDataVector(FX_Alloc(T, size), size));
}
// Same as above, but return an empty vector when insufficient memory.
@@ -53,7 +55,9 @@
return FixedSizeDataVector();
}
T* ptr = FX_TryAlloc(T, size);
- return FixedSizeDataVector(ptr, ptr ? size : 0u);
+ // SAFETY: same `size` value passed to FX_TryAlloc() above as
+ // passed to ctor when the ptr is non-null.
+ return UNSAFE_BUFFERS(FixedSizeDataVector(ptr, ptr ? size : 0u));
}
FixedSizeDataVector(const FixedSizeDataVector&) = delete;
diff --git a/core/fxcrt/span.h b/core/fxcrt/span.h
index 5eded93..a330d62 100644
--- a/core/fxcrt/span.h
+++ b/core/fxcrt/span.h
@@ -267,7 +267,8 @@
// [span.sub], span subviews
const span first(size_t count) const {
CHECK(count <= size_);
- return span(static_cast<T*>(data_), count);
+ // SAFETY: CHECK() on line above.
+ return UNSAFE_BUFFERS(span(static_cast<T*>(data_), count));
}
const span last(size_t count) const {
@@ -279,8 +280,9 @@
const span subspan(size_t pos, size_t count = dynamic_extent) const {
CHECK(pos <= size_);
CHECK(count == dynamic_extent || count <= size_ - pos);
- return span(UNSAFE_BUFFERS(static_cast<T*>(data_) + pos),
- count == dynamic_extent ? size_ - pos : count);
+ // SAFETY: CHECK()s on lines above.
+ return UNSAFE_BUFFERS(span(static_cast<T*>(data_) + pos,
+ count == dynamic_extent ? size_ - pos : count));
}
// [span.obs], span observers
diff --git a/core/fxcrt/string_view_template.h b/core/fxcrt/string_view_template.h
index 6c1bf44..32294c7 100644
--- a/core/fxcrt/string_view_template.h
+++ b/core/fxcrt/string_view_template.h
@@ -267,7 +267,8 @@
if (pos == 0)
return StringViewTemplate();
- return StringViewTemplate(m_Span.data(), pos);
+ // SAFETY: Loop above keeps `pos` at length of string or less.
+ return UNSAFE_BUFFERS(StringViewTemplate(m_Span.data(), pos));
}
bool operator<(const StringViewTemplate& that) const {
diff --git a/testing/BUILD.gn b/testing/BUILD.gn
index 7edeefa..5364eb2 100644
--- a/testing/BUILD.gn
+++ b/testing/BUILD.gn
@@ -274,7 +274,10 @@
"../testing/image_diff",
"//build/win:default_exe_manifest",
]
- configs += [ ":pdfium_test_config" ]
+ configs += [
+ ":pdfium_test_config",
+ "../:pdfium_common_config",
+ ]
if (is_win) {
sources += [
