1 // Copyright 2018 The PDFium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6
7 #include "core/fxcrt/fx_number.h"
8
9 #include <ctype.h>
10
11 #include <limits>
12
13 #include "core/fxcrt/fx_extension.h"
14 #include "core/fxcrt/fx_safe_types.h"
15 #include "core/fxcrt/fx_string.h"
16 #include "core/fxcrt/numerics/safe_conversions.h"
17
18 FX_Number::FX_Number() = default;
19
FX_Number(int32_t value)20 FX_Number::FX_Number(int32_t value) : value_(value) {}
21
FX_Number(float value)22 FX_Number::FX_Number(float value) : value_(value) {}
23
FX_Number(ByteStringView strc)24 FX_Number::FX_Number(ByteStringView strc) {
25 if (strc.IsEmpty())
26 return;
27
28 if (strc.Contains('.')) {
29 value_ = StringToFloat(strc);
30 return;
31 }
32
33 // Note, numbers in PDF are typically of the form 123, -123, etc. But,
34 // for things like the Permissions on the encryption hash the number is
35 // actually an unsigned value. We use a uint32_t so we can deal with the
36 // unsigned and then check for overflow if the user actually signed the value.
37 // The Permissions flag is listed in Table 3.20 PDF 1.7 spec.
38 FX_SAFE_UINT32 unsigned_val = 0;
39 bool bIsSigned = false;
40 bool bNegative = false;
41 size_t cc = 0;
42 if (strc[0] == '+') {
43 bIsSigned = true;
44 cc++;
45 } else if (strc[0] == '-') {
46 bIsSigned = true;
47 bNegative = true;
48 cc++;
49 }
50
51 for (; cc < strc.GetLength() && isdigit(strc[cc]); ++cc) {
52 // Deliberately not using FXSYS_DecimalCharToInt() in a tight loop to avoid
53 // a duplicate isdigit() call. Note that the order of operation is
54 // important to avoid unintentional overflows.
55 unsigned_val = unsigned_val * 10 + (strc[cc] - '0');
56 }
57
58 uint32_t uValue = unsigned_val.ValueOrDefault(0);
59 if (!bIsSigned) {
60 value_ = uValue;
61 return;
62 }
63
64 // We have a sign, so if the value was greater then the signed integer
65 // limits, then we've overflowed and must reset to the default value.
66 constexpr uint32_t uLimit =
67 static_cast<uint32_t>(std::numeric_limits<int>::max());
68
69 if (uValue > (bNegative ? uLimit + 1 : uLimit))
70 uValue = 0;
71
72 // Switch back to the int space so we can flip to a negative if we need.
73 int32_t value = static_cast<int32_t>(uValue);
74 if (bNegative) {
75 // |value| is usually positive, except in the corner case of "-2147483648",
76 // where |uValue| is 2147483648. When it gets casted to an int, |value|
77 // becomes -2147483648. For this case, avoid undefined behavior, because
78 // an int32_t cannot represent 2147483648.
79 static constexpr int kMinInt = std::numeric_limits<int>::min();
80 value_ = LIKELY(value != kMinInt) ? -value : kMinInt;
81 } else {
82 value_ = value;
83 }
84 }
85
IsInteger() const86 bool FX_Number::IsInteger() const {
87 return absl::holds_alternative<uint32_t>(value_) ||
88 absl::holds_alternative<int32_t>(value_);
89 }
90
IsSigned() const91 bool FX_Number::IsSigned() const {
92 return absl::holds_alternative<int32_t>(value_) ||
93 absl::holds_alternative<float>(value_);
94 }
95
GetSigned() const96 int32_t FX_Number::GetSigned() const {
97 if (absl::holds_alternative<uint32_t>(value_)) {
98 return static_cast<int32_t>(absl::get<uint32_t>(value_));
99 }
100 if (absl::holds_alternative<int32_t>(value_)) {
101 return absl::get<int32_t>(value_);
102 }
103 return pdfium::saturated_cast<int32_t>(absl::get<float>(value_));
104 }
105
GetFloat() const106 float FX_Number::GetFloat() const {
107 if (absl::holds_alternative<uint32_t>(value_)) {
108 return static_cast<float>(absl::get<uint32_t>(value_));
109 }
110 if (absl::holds_alternative<int32_t>(value_)) {
111 return static_cast<float>(absl::get<int32_t>(value_));
112 }
113 return absl::get<float>(value_);
114 }
115