1 // Copyright 2018 The PDFium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6
7 #include "core/fxcrt/fx_number.h"
8
9 #include <ctype.h>
10
11 #include <limits>
12
13 #include "core/fxcrt/fx_extension.h"
14 #include "core/fxcrt/fx_safe_types.h"
15 #include "core/fxcrt/fx_string.h"
16 #include "third_party/base/numerics/safe_conversions.h"
17
FX_Number()18 FX_Number::FX_Number()
19 : m_bIsInteger(true), m_bIsSigned(false), m_UnsignedValue(0) {}
20
FX_Number(int32_t value)21 FX_Number::FX_Number(int32_t value)
22 : m_bIsInteger(true), m_bIsSigned(true), m_SignedValue(value) {}
23
FX_Number(float value)24 FX_Number::FX_Number(float value)
25 : m_bIsInteger(false), m_bIsSigned(true), m_FloatValue(value) {}
26
FX_Number(ByteStringView strc)27 FX_Number::FX_Number(ByteStringView strc)
28 : m_bIsInteger(true), m_bIsSigned(false), m_UnsignedValue(0) {
29 if (strc.IsEmpty())
30 return;
31
32 if (strc.Contains('.')) {
33 m_bIsInteger = false;
34 m_bIsSigned = true;
35 m_FloatValue = StringToFloat(strc);
36 return;
37 }
38
39 // Note, numbers in PDF are typically of the form 123, -123, etc. But,
40 // for things like the Permissions on the encryption hash the number is
41 // actually an unsigned value. We use a uint32_t so we can deal with the
42 // unsigned and then check for overflow if the user actually signed the value.
43 // The Permissions flag is listed in Table 3.20 PDF 1.7 spec.
44 FX_SAFE_UINT32 unsigned_val = 0;
45 bool bNegative = false;
46 size_t cc = 0;
47 if (strc[0] == '+') {
48 cc++;
49 m_bIsSigned = true;
50 } else if (strc[0] == '-') {
51 bNegative = true;
52 m_bIsSigned = true;
53 cc++;
54 }
55
56 for (; cc < strc.GetLength() && isdigit(strc[cc]); ++cc) {
57 // Deliberately not using FXSYS_DecimalCharToInt() in a tight loop to avoid
58 // a duplicate isdigit() call. Note that the order of operation is
59 // important to avoid unintentional overflows.
60 unsigned_val = unsigned_val * 10 + (strc[cc] - '0');
61 }
62
63 uint32_t uValue = unsigned_val.ValueOrDefault(0);
64 if (!m_bIsSigned) {
65 m_UnsignedValue = uValue;
66 return;
67 }
68
69 // We have a sign, so if the value was greater then the signed integer
70 // limits, then we've overflowed and must reset to the default value.
71 constexpr uint32_t uLimit =
72 static_cast<uint32_t>(std::numeric_limits<int>::max());
73
74 if (uValue > (bNegative ? uLimit + 1 : uLimit))
75 uValue = 0;
76
77 // Switch back to the int space so we can flip to a negative if we need.
78 int32_t value = static_cast<int32_t>(uValue);
79 if (bNegative) {
80 // |value| is usually positive, except in the corner case of "-2147483648",
81 // where |uValue| is 2147483648. When it gets casted to an int, |value|
82 // becomes -2147483648. For this case, avoid undefined behavior, because
83 // an int32_t cannot represent 2147483648.
84 static constexpr int kMinInt = std::numeric_limits<int>::min();
85 m_SignedValue = LIKELY(value != kMinInt) ? -value : kMinInt;
86 } else {
87 m_SignedValue = value;
88 }
89 }
90
GetSigned() const91 int32_t FX_Number::GetSigned() const {
92 if (m_bIsInteger) {
93 return m_SignedValue;
94 }
95
96 return pdfium::base::saturated_cast<int32_t>(m_FloatValue);
97 }
98
GetFloat() const99 float FX_Number::GetFloat() const {
100 if (!m_bIsInteger)
101 return m_FloatValue;
102
103 return m_bIsSigned ? static_cast<float>(m_SignedValue)
104 : static_cast<float>(m_UnsignedValue);
105 }
106