| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Call these from the PDF interpreter. Make the DisplayList and
Trace devices cope.
Use these in the SVG output device.
|
|
|
|
Don't use directly loaded objects; since the image code assumes
that you always use an indirect reference to the dictionary/stream.
|
|
Previously the trailing null terminator would not be written if the
formatted string ended up longer than the buffer.
|
|
|
|
Previously mupdf would attempt to load any indirect reference,
whether it was a stream or not.
|
|
Previously the JBIG2 globals object might be indirect and if that
reference pointed to the object containing the stream itself then
mupdf would recurse until running out of error stack. Thanks to
oss-fuzz for reporting.
|
|
|
|
Use a FZ_PRINTFLIKE macro instead.
|
|
|
|
Events such as mouse up/down can cause a change to the appearance of a
widget annotation. That the change has happened is flagged by incrementing
the iteration count of the appearance stream. The widget is then recognised
as dirty when the ap_iteration value, stored in the pdf_widget structure,
differs from the appearance stream's actual iteration.
This commit removes a line of code that wrongly reset the iteration to 1
each time load_or_create_form was called, hence masking the widget being
dirty.
|
|
|
|
|
|
|
|
|
|
|
|
It should only return true for indirect references that are actually
streams, not just any array/dict that is contained in a stream object.
|
|
length.
|
|
fz_write_byte forgot to write the byte after needing to flush
the buffer.
|
|
Remove direct inclusion of pkcs7 source from the mupdf project and
create a separate libpkcs7 project with others as dependants
|
|
|
|
SIZE_MAX is surprisingly supposed to be in stdint.h, but Android
headers for API levels < 21 accidentally put SIZE_MAX in limits.h.
Headers for API levels >= 21 correctly moved SIZE_MAX to stdint.h.
This is the situation for Android NDK r14 and earlier.
Android NDK r15 and later implement a header unification strategy:
all sets of headers for each API level are combined into a single
set of headers covering all API levels. Any differences are
expressed by #ifdeffing on __ANDROID_API__. When this was done
the moving of SIZE_MAX from limits.h to stdint.h was kept and,
importantly, no #ifdefs were used in limits.h/stdint.h concerning
SIZE_MAX. This means that the move of SIZE_MAX was retroactively
introduced for API levels < 21 in Android NDK r15 and later.
For this reason whenever mupdf uses SIZE_MAX it must include both:
* stdint.h (not just in order to follow the POSIX specification,
but also to compile successfully using Android NDK r15 and later)
* and limits.h (in order to compile successfully using Android NDK
r14 and earlier)
Hence these need to include both stdint.h and limits.h, because:
* source/fitz/memory.c uses SIZE_MAX
* source/fitz/store.c uses SIZE_MAX
The mupdf header include/mupdf/fitz/system.h includes stdint.h so
any file that includes system.h will automatically have stdint.h
This is true for both files. limits.h on the other hand needs to
be explicitly included by whomever uses SIZE_MAX. This was already
done by source/fitz/store.c but not by source/fitz/memory.c, but
has now been added.
|
|
|
|
|
|
Previously mupdf would silently ignore this situation and leave the
buffer uninitialized leading to further issues. Thanks to oss-fuzz
for reporting.
|
|
Previously, while at the very last glyph mupdf would allocate a
new array for a run of distinct glyph widths and then not drop it
while leaving the function. Now a new run of font widths is only
started if not at the very last glyph.
|
|
Thanks to oss-fuzz for reporting.
|
|
|
|
|
|
|
|
|
|
This was forgotten when a gray colorspace was used as a fallback
in case a colorspace was never set. Thanks to oss-fuzz for reporting.
|
|
Add a version of pdf_check_signature function that reports no support,
for builds without openssl. This allows the removal of ifdefs from the
apps.
|
|
|
|
|
|
The mupdf build included an implimentation of the pkcs7 functions that
are needed for signing documents and verifying signatures, the
implementation being either an openssl-based one, or a stub that returned
errors. This commit removes the pkcs7 functions from the main mupdf
library.
For the sake of verification, there wasn't really a need for the pkcs7
functions to be part of mupdf. It was only the checking function that used
them. The checking function is now provided as a helper, outside of the
main build. The openssl-based pkcs7 functions area also supplied as a
helper. Users wishing to verify signatures can either use the checking
function directly, or use the source on which to base their own.
Document signing requires more integration between mupdf and pkcs7
because part of the process is performed at time of signing and part when
saving the document. Mupdf already had a pdf_pkcs7_signer object that
kept information between the two phases. That object has now been extended
to include the pkcs7 functions involved in signing, and the signing
function now requires such an object, rather than a file path to a
certificate. The openssl-based pkcs7 helper provides a function that, given
the path to a certificate, will return a pdf_pkcs7_signer object.
The intention is that different implementations can be produced for
different platforms, based on cryptographic routines built into the
operationg system. In each case, for the sake of document signing, the
routines would be wrapped up as a pdf_pkcs7_signer object.
|
|
|
|
Rather than provide a stream and an explicitly defined set of byte ranges
within that stream, provide a stream that gives access to just the bytes in
the ranges.
|
|
This is needed to simplify the way the bytes for hashing are
passed to pkcs7 functions.
|
|
Previously, pdf-pkcs7.c contained mishmash of functions required
for creating and checking signatures, with no separation between
the parts relating to pdf and those relating to pkcs7. This
commit introduces pdf_signature.c which contains the pdf
specifics, leaving pdf-pkcs7.c to be purely pkcs7 functions.
This should more easily allow the use of pkcs7 solutions other
than openssl. The pkcs7 api is declared in pdf-pkcs7.h. It is
entirely free of mupdf specifics, other than using an fz_stream
to specify the bytes to be hashed.
|
|
Previously, errors were reported with a boolean function return
with a char buffer filled out with the reason in the failure
case. Now an enum is used to report the various failure cases.
The function pdf_check_signature has been left as is so that
existing apps will not need changing.
|
|
The openssl function we were using checked both trust and the
digest. Annoyingly, it checked trust first, so some trickery
had to be used to check the digest for self-signed certificates.
Now we make use of parts of the functions we were calling to
provide the two parts of the check as separate functions.
|
|
|
|
For TIFF it was not just the colorspace, but other data as well.
|
|
|
|
|
|
|
|
|
|
Previously repair might end up increasing xref_len, but the lists
were not correspodingly expanded, leading to ASAN complaints.
|
