Fix indexing in CFXJSE_FormCalcContext::concat_fm_object().
Same issue as in https://pdfium-review.googlesource.com/c/pdfium/+/67171
Change-Id: I69e0969aec31c4a7af0bbbf256ba9698178a1620
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/67211
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/fxjs/xfa/cfxjse_formcalc_context.cpp b/fxjs/xfa/cfxjse_formcalc_context.cpp
index ea0c5ae..9a0c171 100644
--- a/fxjs/xfa/cfxjse_formcalc_context.cpp
+++ b/fxjs/xfa/cfxjse_formcalc_context.cpp
@@ -5154,38 +5154,20 @@
ByteStringView bsFuncName,
CFXJSE_Arguments& args) {
v8::Isolate* pIsolate = ToFormCalcContext(pThis)->GetScriptRuntime();
- uint32_t iLength = 0;
- int32_t argc = args.GetLength();
- std::vector<std::unique_ptr<CFXJSE_Value>> argValues;
- for (int32_t i = 0; i < argc; i++) {
- argValues.push_back(args.GetValue(i));
- if (argValues[i]->IsArray()) {
- auto lengthValue = pdfium::MakeUnique<CFXJSE_Value>(pIsolate);
- argValues[i]->GetObjectProperty("length", lengthValue.get());
- int32_t length = lengthValue->ToInteger();
- iLength = iLength + ((length > 2) ? (length - 2) : 0);
- }
- ++iLength;
- }
-
std::vector<std::unique_ptr<CFXJSE_Value>> returnValues;
- for (int32_t i = 0; i < (int32_t)iLength; i++)
- returnValues.push_back(pdfium::MakeUnique<CFXJSE_Value>(pIsolate));
-
- int32_t index = 0;
- for (int32_t i = 0; i < argc; i++) {
- if (argValues[i]->IsArray()) {
+ for (int32_t i = 0; i < args.GetLength(); ++i) {
+ std::unique_ptr<CFXJSE_Value> argValue = args.GetValue(i);
+ if (argValue->IsArray()) {
auto lengthValue = pdfium::MakeUnique<CFXJSE_Value>(pIsolate);
- argValues[i]->GetObjectProperty("length", lengthValue.get());
-
+ argValue->GetObjectProperty("length", lengthValue.get());
int32_t length = lengthValue->ToInteger();
for (int32_t j = 2; j < length; j++) {
- argValues[i]->GetObjectPropertyByIdx(j, returnValues[index].get());
- index++;
+ returnValues.push_back(pdfium::MakeUnique<CFXJSE_Value>(pIsolate));
+ argValue->GetObjectPropertyByIdx(j, returnValues.back().get());
}
}
- returnValues[index]->Assign(argValues[i].get());
- index++;
+ returnValues.push_back(pdfium::MakeUnique<CFXJSE_Value>(pIsolate));
+ returnValues.back()->Assign(argValue.get());
}
args.GetReturnValue()->SetArray(returnValues);
}