| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Found by zeniko in his fuzzing tests. Many thanks!
|
|
|
|
Seen with the test file from bu 693677. When we read a file in, we
read the trailer, and the encrypt object before we start to decrypt
other objects. These objects do not make it into the xref table though.
When we write a file out, we run through the file reading in objects
prior to writing them out; when we read in the trailer and the encrypt
object we therefore try to decrypt them, giving errors.
To avoid these errors, put the trailer and the encrypt object into the
xref table when they are first read.
This solves all but 1 problem when cleaning this file with "-dif" (as
the signature object contains a digest block of data that is unencrypted).
This solves all but 3 problems when cleaning this file with "-difggg";
the signature object, and one orphan copy of the crypt dictionary that
is reported twice.
|
|
strncpy is *not* the correct function to use. It does not null terminate,
and it needlessly zeroes past the end. It was designed for fixed length
database records, not strings. Use fz_strlcpy and strlcat instead.
|
|
|
|
If a PDF xref subsection is broken in the wrong place, we can get
NULL back from fz_strsep, which causes a SEGV when fed to atoi.
Add a new fz_atoi that copes with NULL to avoid this.
Problem found in a test file, 3959.pdf.SIGSEGV.ad4.3289 supplied
by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google
Security Team using Address Sanitizer. Many thanks!
|
|
|
|
Thanks to zeniko for pointing this out. If we encounter a new definition
for a given object (presumably due to a repair operation), we used to
throw the old one away, and keep the new one. This could cause any
current holders of the object to be left with a stale pointer.
Now we throw the new one away and keep the old one - with a warning
if they are different.
|
|
Fix an issue spotted by zeniko. The patch is slightly modified
from his supplied one to avoid problems with repeated freeing
of the buffer, and to avoid abusing fz_buffer, but is largely
based on his work.
Many thanks.
|
|
|
|
Only Fade, Wipe and Blinds supported so far.
Hit 'p' in the viewer to go into 'presentation' mode. Page swaps
then transition from page to page. Pages auto advance until key
or mouse is used.
|
|
|
|
Conflicts:
pdf/pdf_xref_aux.c
|
|
Use a "magic" string for filetype detection: filename or mime-type.
|
|
This was necessary to avoid indirecting through a NULL pointer returned
from pdf_js_get_event, but is a generally sensible restriction.
Also separate the execution of the document-level javascript actions
from the pdf_js contstructor, so that doc->js is set during those
actions.
Also add a missing const
|
|
Conflicts:
Makefile
apps/mudraw.c
pdf/pdf_write.c
win32/libmupdf-v8.vcproj
|
|
|
|
|
|
|
|
|
|
|
|
Conflicts:
pdf/mupdf-internal.h
pdf/pdf_font.c
|
|
Previously this had been disabled other than in DEBUG builds under
the belief that it was only used for debugging.
|
|
This will gracefully handle negative size entries as well, as these
would not grow the xref.
|
|
An xref stream describes objects within a range of object numbers.
Fail if either of these are negative.
|
|
|
|
Previously a negative offset of the first object in an object stream or
a negative number of objects in an object stream would cause a huge
allocation. Detect and throw exception on negative values.
|
|
In an xref stream each entry (type, offset and generation) may
be of varible width. Warn if these are negative and assume that
they are not present.
|
|
Also change first argument from fz_context to pdf_document in each
of pdf_to_utf8, pdf_to_utf8_name, pdf_to_ucs2 and pdf_to_ucs2_name
|
|
Now reusing the internal representation of an annotation for widgets
to avoid two separate lists
|
|
|
|
|
|
Instead of using macros for min/max/abs/clamp, we move to using
inline functions. These are more typesafe, and should produce
equivalent code on compilers that support inline (i.e. pretty much
everything we care about these days).
People can always do their own macro versions if they prefer.
|
|
Currently pdf_lexbufs use a static scratch buffer for parsing. In
the main case this is 64K in size, but in other cases it can be
just 256 bytes; this causes problems when parsing long strings.
Even the 64K limit is an implementation limit of Acrobat, not an
architectural limit of PDF.
Change here to allow dynamic buffers. This means a slightly more
complex setup and destruction for each buffer, but more importantly
requires correct cleanup on errors. To avoid having to insert
lots more try/catch clauses this commit includes various changes to
the code so we reuse pdf_lexbufs where possible. This keeps the
speed up.
|
|
Currently pdf_lexbufs use a static scratch buffer for parsing. In
the main case this is 64K in size, but in other cases it can be
just 256 bytes; this causes problems when parsing long strings.
Even the 64K limit is an implementation limit of Acrobat, not an
architectural limit of PDF.
Change here to allow dynamic buffers. This means a slightly more
complex setup and destruction for each buffer, but more importantly
requires correct cleanup on errors. To avoid having to insert
lots more try/catch clauses this commit includes various changes to
the code so we reuse pdf_lexbufs where possible. This keeps the
speed up.
|
|
Remove the shim indirection layer for fz_document. A little less type
safe, but a lot less boiler plate.
|
|
Rather than having a dedicated call to enumerate the rectangles for the
annotations on a page, add an interface for enumerating annotations
with accessor functions. Currently the only accessor function is
the one to get the annotation rectangle.
Use this new scheme in place of fz_bound_annots within mudraw.
Also use this scheme to set the caret cursor in the viewer when over
a data field.
|
|
Currently we were attempting to load the javascript for a document
immediately on opening it. Here we delay it until 1) the encryption
for a document has been loaded, and 2) any repair required to a
document has been done.
This solves various problems, which were leading (indirectly) to bug
693128.
|
|
We add a new fz_bound_annots function (and associated pdf_bound_annots
function) that calls a given callback with the page rectangle of the
annotations on a given page. This is marked as being a 'temporary'
function, so we can remove it/change it in future if required. It
seems likely that we'll want to have some sort of 'iterate over
annotations' function eventually, and this does the job for now.
Add a -j flag to mudraw that outputs a simple mujstest script.
For each page with annotations, the script jumps to that page, then
for each annotation on the page, it sets some text to be entered,
and clicks the annotation. In the case of text fields, this will cause
the text to be entered into that text field; in the case of buttons
it will execute the button.
At the end of each page with annotations, the script is told to
snapshot the page.
These test scripts are not designed to be full tests, but they do
at least provide an easy way for us to generate scripts where
every field in our test suite is interacted with.
|
|
|
|
|
|
Conflicts:
fitz/fitz-internal.h
fitz/stm_buffer.c
pdf/mupdf-internal.h
|
|
|
|
Conflicts:
fitz/doc_document.c
fitz/fitz-internal.h
fitz/fitz.h
fitz/stm_buffer.c
pdf/mupdf-internal.h
pdf/pdf_object.c
pdf/pdf_xobject.c
pdf/pdf_xref.c
win32/mupdf.sln
|
|
|
|
Extend mupdfclean to have a new -l file that writes the file
linearized. This should still be considered experimental
When writing a pdf file, analyse object use, flatten resource use,
reorder the objects, generate a hintstream and output with linearisaton
parameters.
This is enough for Acrobat to accept the file as being optimised
for Fast Web View. We ought to add more tables to the hintstream
in some cases, but I doubt anyone actually uses it, the spec is so
badly written. Certainly acrobat accepts the file as being optimised
for 'Fast Web View'.
Update fz_dict_put to allow for us adding a reference to the dictionary
that is the sole owner of that reference already (i.e. don't drop then
keep something that has a reference count of just 1).
Update pdf_load_image_stream to use the stm_buf from the xref if there
is one.
Update pdf_close_document to discard any stm_bufs it may be holding.
Update fz_dict_put to be pdf_dict_put - this was missed in a renaming
ages ago and has been inconsistent since.
|
|
Needs more work to use the linked list of free xref slots.
|
|
This also provides a way to test whether interactive methods
are supported.
|
|
Make a separate constructor function that does not link in the
interpreter, so we can save space in the mubusy binary by not
including the font and cmap resources.
|
