the Chromium logo

The Chromium Projects

PDFium Security

Welcome to PDFium Security!

Basic Info

Integer Overflow

We want to standardize on handling integer overflows by:

  1. Preferring new[] and new instead of calloc, wherever possible.
  2. In places where the code is not ready to be turned into idiomatic C++, preferring calloc to malloc; definitely prefer calloc to malloc + memset.
  3. Preferring CheckedNumeric<T> to ad hoc checks.
    • For convenience, use the existing typedefs for clarity, e.g. typedef base::CheckedNumeric<FX_DWORD> FX_SAFE_DWORD;. If you need more typedefs like this, or if you need them more widely visible, don't hesitate to make the change.

Yes, that might look odd. Currently, the codebase mixes C++ and C memory allocation, and ultimately, we'd like to get the code to idiomatic C++11, but we're going to get there incrementally.

Uninitialized Memory References

We want to standardize on handling uninitialized memory references with:

  1. Default constructors that do the right thing.
  2. Explicit initial values for all POD members in header files.

Git Workflow

Future Desiderata