summaryrefslogtreecommitdiff
path: root/fitz
AgeCommit message (Collapse)Author
2013-02-28Force colorspaces to match with JPX images.Robin Watts
If the colorspace given in the dictionary of a JPX image differs from the colorspace given in the image itself, decode to the native image format, then convert. This goes a long way towards fixing "1439 - color softmask fails to draw jpx image.pdf" (aka hivemind.pdf). The lack of transfer function support hopefully explains the rest.
2013-02-26Include required quadPoints entry in created markup annotations.Paul Gardiner
Also change the way we pass the text rectangles so that non-axis-aligned ones can be permitted, and relocate the code that calculates the strike-out lines from the bounding boxes
2013-02-26Implement annotation deletion, with necessary changes to partial updatePaul Gardiner
2013-02-22Add fz_get_annot_typePaul Gardiner
2013-02-20Bug 693639: Avoid heap overflow and leaks in error cases.Robin Watts
Avoid heap overflow in the error case in fz_end_tile. Avoid leaking all previously loaded annotations from pdf_load_annots if pdf_is_dict throws an exception. Various whitespace fixes. Many thanks to zeniko.
2013-02-20Bug 693639: fix UTF-8 BOM detection.Tor Andersson
A UTF-8 BOM followed by a UTF-16 BOM would treat the data as UTF-16 rather than UTF-8. Clean up the BOM detection logic. Thanks to zeniko.
2013-02-20Bug 693639: treat NULL scissor in display list as infinite rect.Tor Andersson
Thanks to zeniko.
2013-02-20Bug 693639: fix overflow due to wrong type of intermediate variable.Tor Andersson
Thanks to zeniko.
2013-02-20Bug 693639: allow OpenXPS extension and XML namespaces.Tor Andersson
Thanks to zeniko.
2013-02-20Bug 693639: fix warnings.Tor Andersson
Thanks to zeniko.
2013-02-20Bug 693639: bring fitz.h in line with source use of restrict keyword.Tor Andersson
Thanks to zeniko.
2013-02-19Bug 693639: fix integer overflow in image_tiff.cTor Andersson
Thanks to zeniko.
2013-02-19Bug 693639: don't take references on global (static) resource objects.Tor Andersson
Thanks to zeniko.
2013-02-19Bug 693639: fix incomplete error handling in null device.Tor Andersson
Thanks to zeniko.
2013-02-19Bug 693639: fix potential NULL pointer dereference in base_context.cTor Andersson
Thanks to zeniko.
2013-02-19Fix whitespace.Tor Andersson
2013-02-13Bump version number strings and dates for 1.2 release.Tor Andersson
2013-02-11Fix problem with text selection caused by 0399332d54Paul Gardiner
2013-02-06Rename bbox to irect.Tor Andersson
2013-02-06Add some 'restrict' qualifiers to hopefully speed matrix ops.Robin Watts
Also, move fz_is_infinite_rect and fz_is_empty_rect to be a static inline rather than a macro. (Static inlines are preferred over macros by at least one customers). We appear to be calling them with bboxes too, so add fz_is_infinite_bbox and fz_is_empty_bbox to solve this.
2013-02-06Change to pass structures by reference rather than value.Robin Watts
This is faster on ARM in particular. The primary changes involve fz_matrix, fz_rect and fz_bbox. Rather than passing 'fz_rect r' into a function, we now consistently pass 'const fz_rect *r'. Where a rect is passed in and modified, we miss the 'const' off. Where possible, we return the pointer to the modified structure to allow 'chaining' of expressions. The basic upshot of this work is that we do far fewer copies of rectangle/matrix structures, and all the copies we do are explicit. This has opened the way to other optimisations, also performed in this commit. Rather than using expressions like: fz_concat(fz_scale(sx, sy), fz_translate(tx, ty)) we now have fz_pre_{scale,translate,rotate} functions. These can be implemented much more efficiently than doing the fully fledged matrix multiplication that fz_concat requires. We add fz_rect_{min,max} functions to return pointers to the min/max points of a rect. These can be used to in transformations to directly manipulate values. With a little casting in the path transformation code we can avoid more needless copying. We rename fz_widget_bbox to the more consistent fz_bound_widget.
2013-02-06Fix SEGVs seen on unix caused by the fz_output commit.Robin Watts
It seems that gcc requires arg lists to be 'va_copy'ied, otherwise they can't be reused. This solves problems in the rework of fz_buffer_printf.
2013-02-06Tweak text extraction block creation.Robin Watts
Better tolerate long horizontal spaces without breaking lines.
2013-02-05Tweak HTML output.Robin Watts
Send blocks as paragraphs, rather than lines. Send lines as spans.
2013-02-04Add fz_output, and make output functions use it.Robin Watts
Various functions in the code output to FILE *, when there are times we'd like them to output to other things, such as fz_buffers. Add an fz_output type, together with fz_printf to allow things to output to this.
2013-01-31Add support for annotation creationPaul Gardiner
2013-01-30Improve exception handling in fz_bound_t3_glyphPaul Gardiner
Also simplify some other functions using pdf_dict_puts_drop
2013-01-30Rename fz_irect back to fz_bbox.Tor Andersson
2013-01-30Always pass value structs (rect, matrix, etc) as values not by pointer.Tor Andersson
2013-01-30Rename fz_rect_covering_rect to fz_irect_from_rect.Tor Andersson
It used to be called fz_bbox_covering_rect. It does exact rounding outwards of a rect, so that the resulting irect will always cover the entire area of the input rect. Use fz_round_rect for fuzzy rounding where near-integer values are rounded inwards.
2013-01-30Introduce fz_irect where the old fz_bbox was useful.Tor Andersson
Inside the renderer we often deal with integer sized areas, for pixmaps and scissoring regions. Use a new fz_irect type in these places.
2013-01-30Pass content/clip bbox to device functions by value.Tor Andersson
2013-01-30Eliminate fz_bbox in favor of fz_rect everywhere.Tor Andersson
2013-01-25Make strdup take a const char * to silence some warnings.Tor Andersson
2013-01-23Bug 693520: Fix rendering of non-orthogonal gradients.Robin Watts
Jarkko Poyry(*) points out that gradients are incorrectly rendered when they aren't axis aligned. This review fixes it here using a patch inspired by both his and zenikos patch. Thanks guys. Further thanks to zeniko for spotting that it applies to the XPS code too and providing a patch. * Apologies for the lack of the accent - my editor/git gives problems with them in commit messages.
2013-01-11Bug 693519: Replace char * with const char * in open document.Robin Watts
Simple patch to replace const char * with char *. I made the patch myself, but I suspect it's extremely close to the one submitted by Evgeniy A Dushistov, who reported the bug - many thanks!
2013-01-11Attempt to fix SEGVs seen in fax decoder.Robin Watts
Talking to zeniko, he reports that SEGVs still occur in find_changing within the fax decoder; he doesn't have an example that shows the problem though (either one he can share, or one he cannot). Presumably he has some sort of online feedback thing in the event of crashes. Having stared at the code for a while, I see a potential problem. I think the code may read too many bytes in the case where we are entered with x already within the last byte of w. (i.e. where x >= ((w-1)>>3)<<3). Fixed here.
2013-01-11Bug 693503: Fix NULL dereference in atoi.Robin Watts
If a PDF xref subsection is broken in the wrong place, we can get NULL back from fz_strsep, which causes a SEGV when fed to atoi. Add a new fz_atoi that copes with NULL to avoid this. Problem found in a test file, 3959.pdf.SIGSEGV.ad4.3289 supplied by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
2013-01-03Improve mutool clean behaviour on broken streams.Robin Watts
When cleaning a file with a corrupt stream in it, historically mupdf would give up when it encountered such a stream. This is often not what is desired, as information can be lost. The changes herein allow us to use our best efforts when reading a stream, so that broken streams are reproduced in the output cleaned file. Problem found in a test file, pdf_001/2599.pdf.asan.58.1778 supplied by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
2012-12-24Bug 693503: Fix leak while writing a broken file.Robin Watts
While investigating samples_mupdf_001/2599.pdf.asan.58.1778, a leak showed up while cleaning the file, due to not dropping an object in an error case. mutool clean -dif samples_mupdf_001/2599.pdf.asan.58.1778 leak.pdf Simple Fix. Also extend PDF writing so that it can cope with skipping errors so we at least get something out at the end. Problem found in a test file supplied by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
2012-12-21Use new ADD_WITH_SAT macro in place of expanded code.Robin Watts
With added comment to explain the funky boolean logic.
2012-12-21Bug 593603: Fix problems with tiling.Robin Watts
Two problems with tiling are fixed here. Firstly, if the tiling bounds are huge, the 'patch' region (the region we are writing into), can overflow, causing a SEGV due to the paint code being very confused by pixmaps that go from just under INT_MAX to just over INT_MIN. Fix this by checking explicitly for overflow in these bounds. If the tiles are stupidly huge, but the scissor is small, we can end up looping many more times than we need to. We fix mapping the scissor region back through the inverse transform, and intersecting this with the pattern area. Problem found in 4201.pdf.SIGSEGV.622.3560, a test file supplied by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
2012-12-20Bug 693503: Fix SEGV in glyph painting due to bbox overflow.Robin Watts
When calculating the bbox for draw_glyph, if the x and y origins of the glyph are extreme (too large to fit in an int), we get overflows of the bbox; empty bboxes are transformed to large ones. The fix is to introduce an fz_translate_bbox function that checks for such things. Also, we update various bbox/rect functions to check for empty bboxes before they check for infinite ones (as a bbox of x0=0 x1=0 y0=0 y1=-1 will be detected both as infinite and empty). Problem found in 2485.pdf.SIGSEGV.2a.1652, a test file supplied by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
2012-12-19Bug 693503: 'Flatten' display list for all type3 glyphs.Robin Watts
It is perfectly allowable to have type3 glyphs that refer to other type3 glyphs in the same font (and in theory it's probably even possible to have type3 glyphs that refer back and forth between 2 or more type3 fonts). The old code used to cope with this just fine, but with the change to 'early loading' of the glyphs to display lists at interpret time a problem has crept in. When we load the type 3 font, we load each glyph in turn. If glyph 1 tries to use glyph 2, then we look up the font, only to find that that the font has not been installed yet, so we reload the entire font. This gets us into an infinite loop. As a fix for this, we split the loading of the type3 font into 2; we load the font as normal, then allow the font to be inserted into the list of current fonts. Then we run through the glyphs in the font 'preparing' them (turning them into display lists). This solves the infinite loop issue, but causes another problem; recursive references (such as a font holding a display list that contains a text node that contains a reference to the original font) result in us never being able to free the structures. To avoid this, we insist on never allowing type3 glyphs to be referenced within a type3 display list. The display lists for all type3 glyphs are therefore 'flat'. We achieve this by adding a 'nested' flag to the pdf command stream interpreter structure, and setting this in the case where we are running a glyph stream. We check for that flag in the type3 glyph render function, and if present, we force the 'render_direct' path to be used. Finally, we ensure that fz_text groups are not needlessly created with no contents. Problem found in 2923.pdf.asan.22.2139, a test file supplied by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
2012-12-18Memento: Avoid stack overflows while listing leaked blocks.Robin Watts
Leaking long linked lists leads to stack overflows during the Memento debug output. Avoid this by iterating rather than recursing where possible. Also, for sanities sake, where we intent more than 40 spaces, use a single '*' instead. This keeps logfiles sane.
2012-12-18Protect against draw device stack confusion due to errors while pushing.Robin Watts
Whenever we have an error while pushing a gstate, we run the risk of getting confused over how many pops we need etc. With this commit we introduce some checking at the dev_null level that attempts to make this behaviour consistent. Any caller may now assume that calling an operation that pushes a clip will always succeed. This means the only error cleanup they need to do is to ensure that if they have pushed a clip (or begun a group, or a mask etc) is to pop it too. Any callee may now assume that if it throws an error during the call to a device entrypoint that would create a group/clip/mask then no more calls will be forthcoming until after the caller has completely finished with that group. This is achieved by the dev_null layer (the layer that indirects from device calls through the device structure to the function pointers) swallowing errors and regurgitating them later as required. A count is kept of the number of pushes that have happened since an error occurred during a push (including that initial one). When this count reaches zero, the original error is regurgitated. This allows the caller to keep the cookie correctly updated.
2012-12-14Bug 693503: Fix out of bounds memory access (fax decoder)Robin Watts
With illegal fax streams we could access beyond the right hand edge of the allocated line. Fix this by adding some simple checks. Issue found by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
2012-12-14Bug 693503: Fix SEGV/memory problems in AES.Robin Watts
If an illegal keysize is passed into the AES crypt filter, we currently exit without setting up the AES context. This causes us to fail in all manner of ways later on. We now return failure and callers throw an exception. This appears to solve all the SEGVs and memory exceptions found in crypt_aes by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
2012-12-13Bug 693290: PNG image fuzzing issues.Robin Watts
The issues fixed here were found by zeniko - many thanks. The patch here is our own work - larger change, avoiding casts for a (hopefully) neater result.
2012-12-12Fix fz_try/fz_catch in overflow case.Robin Watts
Thanks to zeniko for pointing out that the recent changes to the fz_try/fz_catch macros to allow for throws in the fz_always block had broken the exception stack overflow case. Thanks also for the example file (nesting stack overflow.pdf), which has now been added to the regression suite.