Cleanup some PPAPI proxy code.

Check for potential overflows in PDFResource::SearchString().

Review URL: https://codereview.chromium.org/1147883002

Cr-Commit-Position: refs/heads/master@{#330675}

ppapi/proxy/flash_font_file_resource.cc

@@ -42,7 +42,7 @@ PP_Bool FlashFontFileResource::GetFontTable(uint32_t table,
         RENDERER, PpapiHostMsg_FlashFontFile_Create(description_, charset_));
   }
 
-  std::string* contents = GetFontTable(table);
+  const std::string* contents = GetFontTable(table);
   if (!contents) {
     std::string out_contents;
     int32_t result = SyncCall<PpapiPluginMsg_FlashFontFile_GetFontTableReply>(
@@ -64,18 +64,17 @@ PP_Bool FlashFontFileResource::GetFontTable(uint32_t table,
   return PP_TRUE;
 }
 
-std::string* FlashFontFileResource::GetFontTable(uint32_t table) const {
+const std::string* FlashFontFileResource::GetFontTable(uint32_t table) const {
   FontTableMap::const_iterator found = font_tables_.find(table);
-  if (found == font_tables_.end())
-    return NULL;
-  return found->second.get();
+  return (found != font_tables_.end()) ? found->second : nullptr;
 }
 
-std::string* FlashFontFileResource::AddFontTable(uint32_t table,
+const std::string* FlashFontFileResource::AddFontTable(
+    uint32_t table,
     const std::string& contents) {
-  linked_ptr<std::string> heap_string(new std::string(contents));
-  font_tables_[table] = heap_string;
-  return heap_string.get();
+  FontTableMap::const_iterator it =
+      font_tables_.set(table, make_scoped_ptr(new std::string(contents)));
+  return it->second;
 }
 
 }  // namespace proxy

ppapi/proxy/flash_font_file_resource.h

@@ -5,12 +5,9 @@
 #ifndef PPAPI_PROXY_FLASH_FONT_FILE_RESOURCE_H_
 #define PPAPI_PROXY_FLASH_FONT_FILE_RESOURCE_H_
 
-#include <map>
 #include <string>
 
-#include "base/basictypes.h"
-#include "base/compiler_specific.h"
-#include "base/memory/linked_ptr.h"
+#include "base/containers/scoped_ptr_hash_map.h"
 #include "ppapi/c/private/pp_private_font_charset.h"
 #include "ppapi/proxy/plugin_resource.h"
 #include "ppapi/proxy/serialized_structs.h"
@@ -42,15 +39,16 @@ class FlashFontFileResource : public PluginResource,
  private:
   // Sees if we have a cache of the font table and returns a pointer to it.
   // Returns NULL if we don't have it.
-  std::string* GetFontTable(uint32_t table) const;
+  const std::string* GetFontTable(uint32_t table) const;
 
-  std::string* AddFontTable(uint32_t table, const std::string& contents);
+  const std::string* AddFontTable(uint32_t table, const std::string& contents);
 
-  typedef std::map<uint32_t, linked_ptr<std::string> > FontTableMap;
+  using FontTableMap =
+      base::ScopedPtrHashMap<uint32_t, scoped_ptr<std::string>>;
   FontTableMap font_tables_;
 
   SerializedFontDescription description_;
-  PP_PrivateFontCharset charset_;
+  const PP_PrivateFontCharset charset_;
 
   DISALLOW_COPY_AND_ASSIGN(FlashFontFileResource);
 };

ppapi/proxy/pdf_resource.cc

@@ -98,13 +98,16 @@ void PDFResource::SearchString(const unsigned short* input_string,
     DCHECK(status == U_ZERO_ERROR);
   }
 
-  *count = static_cast<uint32_t>(pp_results.size());
-  if (*count) {
-    *results = reinterpret_cast<PP_PrivateFindResult*>(malloc(
-        *count * sizeof(PP_PrivateFindResult)));
-    memcpy(*results, &pp_results[0], *count * sizeof(PP_PrivateFindResult));
+  if (pp_results.empty() ||
+      pp_results.size() > std::numeric_limits<uint32_t>::max() ||
+      pp_results.size() > SIZE_MAX / sizeof(PP_PrivateFindResult)) {
+    *count = 0;
+    *results = nullptr;
   } else {
-    *results = NULL;
+    *count = static_cast<uint32_t>(pp_results.size());
+    const size_t result_size = pp_results.size() * sizeof(PP_PrivateFindResult);
+    *results = reinterpret_cast<PP_PrivateFindResult*>(malloc(result_size));
+    memcpy(*results, &pp_results[0], result_size);
   }
 
   usearch_close(searcher);