| Age | Commit message (Collapse) | Author |
|---|
|
The gel bbox was being stored internally as floats (despite
only holding ints). This means that as numbers get large the
bbox can become approximate, rather than exact. If the bbox
becomes smaller than it should, this causes crashes in the
scanline filling code.
This is seen with:
tests_private/fuzzing/mupdf2/17f8aee51ac776994af0b36195cdadd7_signal_sigsegv_5607be_7308_5912.pdf
The solution is simply to use ints rather than floats.
Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for providing the example files.
|
|
If a file specifies a silly number of bpp in the PNG predictor it can
overrun a buffer. This was shown by:
tests_private/fuzzing/mupdf2/013b2dcbd0207501e922910ac335eb59_*.pdf
but no longer shows up due to Simons earlier fix.
Following discussion we still think it's worth having this fix in, as
truncated data streams can cause len < bpp. Possibly we should throw
an error here, but I think that's not necessary as we will return the
short length, and the image reading code will notice that the image
is truncated already.
Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for providing the fuzzing files.
|
|
If columns is quite close to INT_MAX, the column index max overflow
in find_changing which causes an access violation in the next getbits.
This happens e.g. with
0c76a20163f30ea8ec860c4e588ce337_signal_sigsegv_5e7b28_9115_7127.pdf
|
|
This fixes a NULL pointer dereference in
2192b04848b2d8210d1a33e3ddeb2742_asan_heap-oob_a5a57d_2745_2844.pdf
Also, replace MAXC with FZ_MAX_COLORS.
|
|
We define a document handler for each file type (2 in the case of PDF, one
to handle files with the ability to 'run' them, and one without).
We then register these handlers with the context at startup, and then
call fz_open_document... as usual. This enables people to select the
document types they want at will (and even to extend the library with more
document types should they wish).
|
|
This bug shows 2 problems with our data handling.
Firstly, if a zip file entry has less data in the stream than it
is declared to have, we would leave the end of the data uninitialised.
We now put out a warning, and blank it with zeros.
Secondly, if the PNG decompression fails to decode enough data, we
don't notice. Now we give a warning and blank the remaining pixels.
|
|
Certain optimized documents use a rather large common symbol dictionary
for all JBIG2 images. Caching these JBIG2Globals speeds up loading and
rendering of such documents.
|
|
This helps debugging issues with JBIG2 images.
Conflicts:
source/fitz/filter-jbig2.c
|
|
See SumatraPDF's repo for a Windows-only implementation using WIC.
|
|
Some warnings we'd like to enable for MuPDF and still be able to
compile it with warnings as errors using MSVC (2008 to 2013):
* C4115: 'timeval' : named type definition in parentheses
* C4204: nonstandard extension used : non-constant aggregate initializer
* C4295: 'hex' : array is too small to include a terminating null character
* C4389: '==' : signed/unsigned mismatch
* C4702: unreachable code
* C4706: assignment within conditional expression
Also, globally disable C4701 which is frequently caused by MSVC not
being able to correctly figure out fz_try/fz_catch code flow.
And don't define isnan for VS2013 and later where that's no longer needed.
|
|
The SVG device needs rebinding as it holds a file. The PDF device needs
to rebind the underlying pdf document.
All documents need to rebind their underlying streams.
|
|
|
|
|
|
Add a cached color converter mechanism. Use this for rendering meshes
to speed repeated conversions.
This reduces a (release build to ppm at default resolution) run from
23.5s to 13.2 seconds.
|
|
In the existing code for meshes, we decompose the mesh down into
quads (or triangles) and then call a process routine to actually
do the work. This process routine typically maps each vertexes
position/color and plots it.
As each vertex is used several times by neighbouring patches, this
results in each vertex being processed several times. The fix in
this commit is therefore to break the processing into 'prepare' and
'process' phases. Each vertex is 'prepared' before being used in
the 'process' phase. This cuts the number of prepare operations in
half.
In testing, this reduced the time for a (release build, generating ppm
at default resolution) run from 33.4s to 23.5s.
|
|
Remove code that's not used any more as a result of the previous
fix, plus some code that was unused anyway.
|
|
Avoid unnecessary copies. Minimise calls to isbigendian.
|
|
This is required for e.g. 1980_-_compressed_inline_image.pdf and
Bug690300.pdf .
|
|
The pattern repeat calculation should be done in pattern space, but
one of the arguments in the calculation was being taken from device
space. Fix this. Also only apply the bias in the case where the
bias would make it larger.
173 progressions.
|
|
Simple typo. Thanks to Alexander Monakov for spotting this.
|
|
It seems that (int)-98.5 = 98, not -99. Use floorf instead.
|
|
The changes to fz_render_glyph cause the scissor rectangle to no longer
match the transformation matrix which causes Type 3 glyphs to be
clipped at larger resolutions.
|
|
ft_file was removed in a2c945506ea2a2b58edbde84124094c6b4f69eac even
though it might still be needed by downstream consumers (such as
SumatraPDF) for allowing devices to load fonts again when a font has
been loaded by fz_new_font_from_file which doesn't maintain a buffer.
|
|
The actual issue here is that a pixmap is dropped more times than
it should be due to an error in the rendering pipeline.
The problem arises because we fail to push a clip image mask, but
still pop the mask off the stack later. This puts us off by 1 in
the stack handling.
The simplest solution to this (that will be safe no matter what
mistakes are made by the caller too) is to add some simple tests
in the draw device to ensure we do not free too early.
|
|
|
|
|
|
|
|
Use fz_buffer to wrap and reference count data used in font.
|
|
|
|
Add a function to clone stroke states, a magic number to keep in the
reference count to signal that a stroke state is stack-stored, and
automatically clone stack stored stroke states in the keep function.
Use fz_default_stroke_state to initialise stack stored stroke states.
|
|
Self balancing AA-tree.
|
|
Print node and children, not node, children and siblings.
|
|
|
|
|
|
windows settings.
|
|
Image masks don't have a colorspace; check before dereferencing.
|
|
|
|
|
|
|
|
|
|
Was failing to correctly initialise scissors when extending the stack.
This caused the fill text to disappear in fts_15_109.pdf
|
|
When stroking and filling in a single operation, we are supposed
to form the complete stroke+fill image, then blend it back, rather
than filling and blending, then stroking and blending.
This only matters during transparency, or with non-normal blend
modes.
We fix MuPDF to push a knockout group when doing such operations.
|
|
While looking at fts_09_0921, I spotted that the alpha values on images
and fills aren't being sent. Fix that here, together with broken colors
being sent for masks.
fts_09_0921 still renders badly due to the lack of support for blend
modes.
|
|
The luminosity flag and background color are currently ignored.
The clip stack optionally held in the null device is updated here to
be a container stack, together with a flags word (currently just used
to indicate the type of the container at the current place in the
stack), and a user value (used by the SVG device to stash the id for
the mask it's generating).
|
|
Really just a structure indicator as SVG 1.1 doesn't support
blending etc.
|
|
fts_09_0919.pdf shows up some silly mistakes in the clip stack handling
and in the handling of 0 sized pixmaps. Simple fixes.
|
|
fz_reset_gel fails to reset the length of active edges, which could
(AFAICT) lead to pointers in gel->active pointing to memory that's
been previously freed by fz_resize_array.
|
|
A gradient fill that doesn't fill the bbox should be see through
(unless background color is set, but we'll worry about that case
when I find an example file that uses it). Arrange for the pixmap
we draw the gradient fill into to be transparent initially.
Also ensure that when we convert to png we preserve transparency.
|
|
|
|
For consistency with the rest of the code.
|
