Audit _CGPathParseString implementation

Kyle-Ye · Kyle-Ye · commit 8cce154402b7 · 2025-12-20T19:22:16.000+08:00
diff --git a/Sources/OpenSwiftUI_SPI/Overlay/CoreGraphics/CGPath+OpenSwiftUI.h b/Sources/OpenSwiftUI_SPI/Overlay/CoreGraphics/CGPath+OpenSwiftUI.h
@@ -17,15 +17,21 @@ OPENSWIFTUI_ASSUME_NONNULL_BEGIN
 /// Parses a path string and appends the path elements to a mutable path.
 ///
 /// The string format uses space-separated numbers followed by command characters:
-/// - `m` - move to (x y)
-/// - `l` - line to (x y)
-/// - `c` - cubic curve (cp1x cp1y cp2x cp2y x y)
-/// - `q` - quad curve (cpx cpy x y)
-/// - `t` - smooth quad curve (x y), reflects previous control point
-/// - `v` - smooth cubic curve (cp2x cp2y x y), uses current point as cp1
-/// - `y` - shorthand cubic (cp1x cp1y x y), cp2 equals endpoint
-/// - `h` - close subpath
-/// - `re` - rectangle (x y width height)
+///
+/// | Command | Parameters | Description |
+/// |---------|------------|-------------|
+/// | `m` | x y | Move to point |
+/// | `l` | x y | Line to point |
+/// | `c` | cp1x cp1y cp2x cp2y x y | Cubic Bézier curve |
+/// | `q` | cpx cpy x y | Quadratic Bézier curve |
+/// | `t` | x y | Smooth quadratic curve (reflects previous control point) |
+/// | `v` | cp2x cp2y x y | Smooth cubic curve (uses last point as cp1) |
+/// | `y` | cp1x cp1y x y | Shorthand cubic (cp2 equals endpoint) |
+/// | `h` | (none) | Close subpath |
+/// | `re` | x y width height | Rectangle |
+///
+/// Whitespace characters (space, tab, newline, carriage return) are skipped.
+/// Numbers can be integers, decimals, or special values like `Inf`.
 ///
 /// - Parameters:
 ///   - path: The mutable path to append elements to.
diff --git a/Sources/OpenSwiftUI_SPI/Overlay/CoreGraphics/CGPath+OpenSwiftUI.m b/Sources/OpenSwiftUI_SPI/Overlay/CoreGraphics/CGPath+OpenSwiftUI.m
@@ -16,168 +16,122 @@
 @import OpenRenderBox;
 #endif
 
-// NOTE: Not audited yet. Use with caution.
 BOOL _CGPathParseString(CGMutablePathRef path, const char *utf8CString) {
-    if (path == NULL || utf8CString == NULL) {
-        return NO;
-    }
-
-    CGFloat numbers[6];
+    double numbers[6];
     int numCount = 0;
     CGFloat currentX = 0.0, currentY = 0.0;
     CGFloat lastControlX = 0.0, lastControlY = 0.0;
-
     const char *ptr = utf8CString;
-
-    while (YES) {
-        // Skip whitespace (characters <= 0x1f or space 0x20)
-        while (*ptr != '\0' && (*ptr <= 0x1f || *ptr == ' ')) {
-            ptr++;
-        }
-
-        if (*ptr == '\0') {
-            // End of string - success if all numbers consumed
-            return numCount == 0;
-        }
-
-        char c = *ptr;
-
-        // Check if character can start a number
-        // Valid: digits 0-9 (0x30-0x39), '-', '+', '.', 'e', 'E', 'p', 'x', "inf"
-        BOOL isNumberStart = NO;
-        if ((c >= '0' && c <= '9') || c == '-' || c == '+' || c == '.') {
-            isNumberStart = YES;
-        } else if (c == 'e' || c == 'E' || c == 'p' || c == 'x') {
-            isNumberStart = YES;
-        } else if (c == 'i') {
-            // Check for "inf"
-            if (ptr[1] == 'n' && ptr[2] == 'f') {
-                isNumberStart = YES;
-            }
-        }
-
-        if (isNumberStart) {
-            if (numCount >= 6) {
-                return NO;
+    do {
+        while (*ptr <= 0x1f) {
+            switch (*ptr) {
+            case 0: return true;
+            case 9: case 10: case 12: case 13: ptr++; break;
+            default: return false;
             }
-            char *endPtr;
-            numbers[numCount++] = strtod_l(ptr, &endPtr, NULL);
-            ptr = endPtr;
-            continue;
         }
-
-        // Process command character
+        unsigned char c = (unsigned char)*ptr;
+        BOOL isNumberStart = NO;
         switch (c) {
+            case ' ': break;
+            case '+': case '-': case '.': case '0' ... '9':
+            case 'E': case 'P': case 'X': case 'e': case 'p': case 'x':
+                isNumberStart = YES;
+                break;
+            case 'I':
+                if (ptr[1] == 'n' && ptr[2] == 'f') { isNumberStart = YES; }
+                break;
             case 'm':
                 if (numCount != 2) return NO;
                 CGPathMoveToPoint(path, NULL, numbers[0], numbers[1]);
-                lastControlX = currentX = numbers[0];
-                lastControlY = currentY = numbers[1];
+                currentX = lastControlX = numbers[0];
+                currentY = lastControlY = numbers[1];
                 numCount = 0;
                 break;
-
             case 'l':
                 if (numCount != 2) return NO;
                 CGPathAddLineToPoint(path, NULL, numbers[0], numbers[1]);
-                lastControlX = currentX = numbers[0];
-                lastControlY = currentY = numbers[1];
+                currentX = lastControlX = numbers[0];
+                currentY = lastControlY = numbers[1];
                 numCount = 0;
                 break;
-
             case 'c':
                 if (numCount != 6) return NO;
-                CGPathAddCurveToPoint(path, NULL,
-                                      numbers[0], numbers[1],
-                                      numbers[2], numbers[3],
-                                      numbers[4], numbers[5]);
-                lastControlX = numbers[2];
-                lastControlY = numbers[3];
-                currentX = numbers[4];
-                currentY = numbers[5];
+                CGPathAddCurveToPoint(path, NULL, numbers[0], numbers[1],
+                                      numbers[2], numbers[3], numbers[4], numbers[5]);
+                currentX = numbers[2];
+                currentY = numbers[3];
+                lastControlX = numbers[4];
+                lastControlY = numbers[5];
                 numCount = 0;
                 break;
-
             case 'q':
                 if (numCount != 4) return NO;
-                CGPathAddQuadCurveToPoint(path, NULL,
-                                          numbers[0], numbers[1],
+                CGPathAddQuadCurveToPoint(path, NULL, numbers[0], numbers[1],
                                           numbers[2], numbers[3]);
-                lastControlX = numbers[0];
-                lastControlY = numbers[1];
-                currentX = numbers[2];
-                currentY = numbers[3];
+                currentX = numbers[0];
+                currentY = numbers[1];
+                lastControlX = numbers[2];
+                lastControlY = numbers[3];
                 numCount = 0;
                 break;
-
             case 't':
-                // Smooth quad curve: reflect last control point
                 if (numCount != 2) return NO;
                 {
                     CGFloat reflectedX = currentX - 2.0 * lastControlX;
                     CGFloat reflectedY = currentY - 2.0 * lastControlY;
-                    CGPathAddQuadCurveToPoint(path, NULL,
-                                              reflectedX, reflectedY,
+                    CGPathAddQuadCurveToPoint(path, NULL, reflectedX, reflectedY,
                                               numbers[0], numbers[1]);
-                    lastControlX = reflectedX;
-                    lastControlY = reflectedY;
-                    currentX = numbers[0];
-                    currentY = numbers[1];
+                    currentX = reflectedX;
+                    currentY = reflectedY;
+                    lastControlX = numbers[0];
+                    lastControlY = numbers[1];
                 }
                 numCount = 0;
                 break;
-
             case 'v':
-                // Smooth cubic curve: use current point as cp1
                 if (numCount != 4) return NO;
-                CGPathAddCurveToPoint(path, NULL,
-                                      currentX, currentY,
-                                      numbers[0], numbers[1],
-                                      numbers[2], numbers[3]);
-                lastControlX = numbers[0];
-                lastControlY = numbers[1];
-                currentX = numbers[2];
-                currentY = numbers[3];
+                CGPathAddCurveToPoint(path, NULL, lastControlX, lastControlY,
+                                      numbers[0], numbers[1], numbers[2], numbers[3]);
+                lastControlX = numbers[2];
+                lastControlY = numbers[3];
                 numCount = 0;
                 break;
-
             case 'y':
-                // Shorthand cubic: cp2 = endpoint
                 if (numCount != 4) return NO;
-                CGPathAddCurveToPoint(path, NULL,
-                                      numbers[0], numbers[1],
-                                      numbers[2], numbers[3],
-                                      numbers[2], numbers[3]);
-                currentX = numbers[2];
-                currentY = numbers[3];
+                CGPathAddCurveToPoint(path, NULL, numbers[0], numbers[1],
+                                      numbers[2], numbers[3], numbers[2], numbers[3]);
+                lastControlX = numbers[2];
+                lastControlY = numbers[3];
                 numCount = 0;
                 break;
-
             case 'h':
                 if (numCount != 0) return NO;
                 CGPathCloseSubpath(path);
+                lastControlX = 0.0;
                 lastControlY = 0.0;
                 numCount = 0;
                 break;
-
             case 'r':
-                // Check for "re" (rectangle)
-                if (ptr[1] == 'e') {
-                    if (numCount != 4) return NO;
-                    CGPathAddRect(path, NULL, CGRectMake(numbers[0], numbers[1],
-                                                         numbers[2], numbers[3]));
-                    currentX = numbers[0];
-                    currentY = numbers[1];
-                    numCount = 0;
-                    ptr++; // Skip 'e'
-                    break;
-                }
-                return NO;
-
+                if (ptr[1] != 'e') return NO;
+                if (numCount != 4) return NO;
+                CGPathAddRect(path, NULL, CGRectMake(numbers[0], numbers[1],
+                                                     numbers[2], numbers[3]));
+                ptr++;
+                numCount = 0;
+                break;
             default:
-                return NO;
+                return false;
         }
-        ptr++;
-    }
+        if (isNumberStart) {
+            if (numCount == 6) return false;
+            char *endPtr;
+            numbers[numCount++] = strtod_l(ptr, &endPtr, NULL);
+            ptr = endPtr;
+        } else {
+            ptr++;
+        }
+    } while (1);
 }
 
 typedef struct PathInfo {
diff --git a/Tests/OpenSwiftUI_SPITests/Overlay/CoreGraphics/CGPath+OpenSwiftUITests.swift b/Tests/OpenSwiftUI_SPITests/Overlay/CoreGraphics/CGPath+OpenSwiftUITests.swift
@@ -14,38 +14,41 @@ struct CGPath_OpenSwiftUITests {
 
     struct ParseString {
         @Test(arguments: [
-            // Basic commands: move, line, close
-            ("100 0 m 200 100 l h", " 100 0 m 200 100 l h"),
-            // Multiple lines
-            ("0 0 m 100 0 l 100 100 l 0 100 l h", " 0 0 m 100 0 l 100 100 l 0 100 l h"),
-            // Quad curve
-            ("0 0 m 50 0 100 100 q", " 0 0 m 50 0 100 100 q"),
-            // Cubic curve
-            ("0 0 m 25 0 75 100 100 100 c", " 0 0 m 25 0 75 100 100 100 c"),
-            // Rectangle
-            ("10 20 30 40 re", " 10 20 m 40 20 l 40 60 l 10 60 l h"),
+            // m - move to
+            ("100 0 m 200 100 l h", true, " 100 0 m 200 100 l h"),
+            // l - line to (multiple)
+            ("0 0 m 100 0 l 100 100 l 0 100 l h", true, " 0 0 m 100 0 l 100 100 l 0 100 l h"),
+            // q - quad curve
+            ("0 0 m 50 0 100 100 q", true, " 0 0 m 50 0 100 100 q"),
+            // c - cubic curve
+            ("0 0 m 25 0 75 100 100 100 c", true, " 0 0 m 25 0 75 100 100 100 c"),
+            // v - smooth cubic (cp1 = last point)
+            ("0 0 m 50 50 100 100 v", true, " 0 0 m 0 0 50 50 100 100 c"),
+            // y - shorthand cubic (cp2 = endpoint)
+            ("0 0 m 25 0 100 100 y", true, " 0 0 m 25 0 100 100 100 100 c"),
+            // re - rectangle
+            ("10 20 30 40 re", true, " 10 20 m 40 20 l 40 60 l 10 60 l h"),
             // Negative numbers
-            ("-10 -20 m 30 40 l", " -10 -20 m 30 40 l"),
+            ("-10 -20 m 30 40 l", true, " -10 -20 m 30 40 l"),
             // Decimal numbers
-            ("0.5 1.5 m 2.5 3.5 l", " 0.5 1.5 m 2.5 3.5 l"),
+            ("0.5 1.5 m 2.5 3.5 l", true, " 0.5 1.5 m 2.5 3.5 l"),
+            // Whitespace variants (tab, newline)
+            ("0\t0\nm\n100\t100\tl", true, " 0 0 m 100 100 l"),
+            // Invalid: unknown command
+            ("0 0 z", false, ""),
+            // Invalid: wrong number of parameters
+            ("0 m", false, ""),
+            // Invalid: too many numbers
+            ("1 2 3 4 5 6 7 m", false, ""),
         ])
-        func parseString(input: String, expected: String) {
+        func parseString(input: String, expectedResult: Bool, expectedString: String) {
             let path = CGMutablePath()
             let result = _CGPathParseString(path, input)
-            #expect(result == true)
-            let description = _CGPathCopyDescription(path, 0)
-            #expect(description == expected)
-        }
-
-        @Test
-        func parseStringWithInvalidInput() {
-            let path = CGMutablePath()
-            // Unknown command
-            #expect(_CGPathParseString(path, "0 0 z") == false)
-            // Wrong number of parameters for move
-            #expect(_CGPathParseString(path, "0 m") == false)
-            // Too many numbers without command
-            #expect(_CGPathParseString(path, "1 2 3 4 5 6 7 m") == false)
+            #expect(result == expectedResult)
+            if expectedResult {
+                let description = _CGPathCopyDescription(path, 0)
+                #expect(description == expectedString)
+            }
         }
     }
 
