diff options
Diffstat (limited to 'chromium/docs/website/site/Home/chromium-security/pdfium-security/index.md')
| -rw-r--r-- | chromium/docs/website/site/Home/chromium-security/pdfium-security/index.md | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/chromium/docs/website/site/Home/chromium-security/pdfium-security/index.md b/chromium/docs/website/site/Home/chromium-security/pdfium-security/index.md new file mode 100644 index 00000000000..a2a0250a6c1 --- /dev/null +++ b/chromium/docs/website/site/Home/chromium-security/pdfium-security/index.md @@ -0,0 +1,56 @@ +--- +breadcrumbs: +- - /Home + - Chromium +- - /Home/chromium-security + - Chromium Security +page_name: pdfium-security +title: PDFium Security +--- + +Welcome to PDFium Security! + +## Basic Info + +* [PDFium project page](https://code.google.com/p/pdfium/) +* [PDFium Git repository](https://pdfium.googlesource.com/) +* [Known PDFium security + issues](https://code.google.com/p/chromium/issues/list?can=2&q=Cr%3DInternals-Plugins-PDF+Type%3DBug-Security+&colspec=ID+Pri+M+Iteration+ReleaseBlock+Cr+Status+Owner+Summary+OS+Modified&cells=tiles) + (Please pick 1 and fix it!) + +## Integer Overflow + +We want to standardize on handling integer overflows by: + +1. Preferring new\[\] and new instead of calloc, wherever possible. +2. In places where the code is not ready to be turned into idiomatic + C++, preferring calloc to malloc; definitely prefer calloc to malloc + + memset. +3. Preferring CheckedNumeric<T> to ad hoc checks. + * For convenience, use the existing typedefs for clarity, e.g. + typedef base::CheckedNumeric<FX_DWORD> FX_SAFE_DWORD;. If + you need more typedefs like this, or if you need them more + widely visible, don't hesitate to make the change. + +Yes, that might look odd. Currently, the codebase mixes C++ and C memory +allocation, and ultimately, we'd like to get the code to idiomatic C++11, but +we're going to get there incrementally. + +## Uninitialized Memory References + +We want to standardize on handling uninitialized memory references with: + +1. Default constructors that do the right thing. +2. Explicit initial values for all POD members in header files. + +## Git Workflow + +* The top line/subject line of the commit message should always be as + explicit as possible. Not just "fix bug", but "Fix UAF in + ModulateFooContainer" or "Fix UMR in thing::DoStuff". + +## Future Desiderata + +* No more non-const references (especially when used as + out-parameters). +* Use std::unique_ptr and pdfium::RetainPtr. No more naked new.
\ No newline at end of file |