Remove UNSAFE_TODO in FPDF_ImportPagesByIndex() Make span from pointer / size pair with UNSAFE_BUFFERS. Also make sure page index values are non-negative. Bug: 42271176 Change-Id: If8ea32ab5536e24f28531b0e8303c59b807201e4 Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/123310 Reviewed-by: Tom Sepez <tsepez@google.com> Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>

commit: dbb290374d1c384e6eefef65412e7e12f4b7c9f3 [log] [tgz]
author: Lei Zhang <thestig@chromium.org> Tue Aug 13 17:08:21 2024 +0000
committer: Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Tue Aug 13 17:08:21 2024 +0000
tree: 41440c7b60dff29bb986c34c60f771c5366e9c11
parent: 9196a7d75f6f17ab00919af205bc24c9e0284ac1 [diff]
diff --git a/fpdfsdk/fpdf_ppo.cpp b/fpdfsdk/fpdf_ppo.cpp
index 334ec6e..7e67782 100644
--- a/fpdfsdk/fpdf_ppo.cpp
+++ b/fpdfsdk/fpdf_ppo.cpp

@@ -99,9 +99,16 @@
   if (length == 0) {
     return false;
   }
-  auto page_span = UNSAFE_TODO(pdfium::make_span(
-      reinterpret_cast<const uint32_t*>(page_indices), length));
-  return exporter.ExportPages(page_span, index);
+
+  // SAFETY: required from caller.
+  auto page_span = UNSAFE_BUFFERS(pdfium::make_span(page_indices, length));
+  for (int page_index : page_span) {
+    if (page_index < 0) {
+      return false;
+    }
+  }
+  return exporter.ExportPages(
+      fxcrt::reinterpret_span<const uint32_t>(page_span), index);
 }
 
 FPDF_EXPORT FPDF_BOOL FPDF_CALLCONV FPDF_ImportPages(FPDF_DOCUMENT dest_doc,
commit	dbb290374d1c384e6eefef65412e7e12f4b7c9f3	[log] [tgz]
author	Lei Zhang <thestig@chromium.org>	Tue Aug 13 17:08:21 2024 +0000
committer	Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com>	Tue Aug 13 17:08:21 2024 +0000
tree	41440c7b60dff29bb986c34c60f771c5366e9c11
parent	9196a7d75f6f17ab00919af205bc24c9e0284ac1 [diff]