daimons / pdfium

Automatically exported from code.google.com/p/pdfium
0 stars 0 forks source link

Wasteful space calculation in FX_AllocString() #149

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
The string has a fixed header which consists of a long and two FX_STRSIZEs.  
Space for this is has always been calculated as 3 * sizeof(long) in 
FX_AllocString(). However, FX_STRSIZE is (dubiously) defined as an int, so the 
actual size is 8 + 4 + 4 == 16 (on linux 64) vs. 3 * 8 == 24 as reserved.

(I was staring at a hex dump of these yesterday, and it didn't dawn on me til 
the middle of last night).

Original issue reported on code.google.com by tsepez@chromium.org on 1 May 2015 at 5:29

GoogleCodeExporter commented 9 years ago
Actually, refcnt's should usually be a (s)size_t, that way you can't allocate 
enough memory to make them overflow.  An upside would be saving 4 bytes where 
sizeof(size_t) < sizeof(long), which is chromeos, and android (I think).

Original comment by tsepez@chromium.org on 1 May 2015 at 9:58

GoogleCodeExporter commented 9 years ago
Fix for the first part:

https://pdfium.googlesource.com/pdfium/+/72fb2e8d680c697be06c4325ddc827c3989bf3c
1

Original comment by tsepez@chromium.org on 1 May 2015 at 9:58

GoogleCodeExporter commented 9 years ago
Fix for the second part:

https://pdfium.googlesource.com/pdfium/+/34989e42d94f0b4f982117032f29ae3cce1e1a3
9

Original comment by tsepez@chromium.org on 1 May 2015 at 11:14