| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Previously a value of 0 would cause the document not to be rendered.
|
|
The signer object now has an extra method that informs the caller of
the maximum size the digest might be. This is used to allocate space for
the digest within the file and to size some of the buffers used in the
code.
The openssl-based inplementation of the signer object has been updated to
perform a test digest generation so as to find the size needed. We
believe that the digest size is indendent of the hashed data.
|
|
|
|
Avoid pdf_pass_event interacting with widgets that have the read-only
field set.
|
|
pdf_show_pattern() may resize the pdf run processors gstate array. In doing
so any pointers to it saved by called will become stale. Similarly to
pdf_begin_group() pdf_show_pattern() now returns the updated pointer to the
top of the gstate stack.
For the same reason pdf_show_pattern() can not be given a pointer to a gstate
stack entry and continue using it after the gstate array has been resized. So,
have pdf_show_pattern() take an index to the desired state instead.
|
|
The leak was triggered by the PDF from 699576, but this
commit does not fully fix that bug.
|
|
This was used to prevent infinite cycles in the Type3 font CharProcs,
but the previous commits forbids all cycles in order to prevent memory
leaks due to cyclic reference counts.
|
|
Thanks to oss-fuzz for reporting.
|
|
build_filter_chain_drop() promises to extend (according to the
fs argument) the filter chain it is given, or in case of exception
throw away the at that point potentially extended filter chain it
was given from the beginning.
Because build_filter_chain_drop() calls build_filter_drop() for
every filter it adds it doesn't need to do any cleanup of the
filter chain on its own, that's build_filter_drop()'s responsibility.
Prior to this commit fz_catch() in build_filter_chain_drop() which
would drop the filter chain one time too many (it was already dropped
by build_filter_drop()), causing the callers to use a stale pointer.
Now once the extra fz_drop_stream() has been removed the logic works
as it ought to, even in the case of exceptions. Thanks to oss-fuzz
for reporting.
|
|
Thanks to oss-fuzz for reporting.
|
|
Thanks to Michael J Gruber for providing this oneliner.
|
|
Commit f533104 accidentally removed the line that updated the value
variable.
Also set the field value to a name object for check boxes and radio
buttons, as per the specification.
|
|
|
|
|
|
The exact value used by Adobe will need further investigation, but this
gets pretty close.
|
|
The DA property is marked as inheritable for text fields. It is not
marked inheritable for FreeText annotations, but I don't believe it will
be a problem to treat it as such anyway.
|
|
doc->focus refers to a widget record within a specific page. We shouldn't
NULL it when dropping a different page.
|
|
pdf_pass_event iterates through the annotations to find one with a
bounding box that encompasses the event point. We were choosing the first
found, whereas later annotations are considered above earlier ones so we
should be choosing the last found.
|
|
Without this, for alerts where no title is specified, "undefined" was
displayed.
|
|
Just a case of fixing some incorrect logic.
|
|
In the Javascript function AFSpecial_KeystrokeEx, if there are characters
left over after exhausting the format string, it's not a match.
|
|
This fixes part of bug #699577.
The keystroke event was preventing form fields being cleared, which is
presumably not intended behaviour.
|
|
|
|
|
|
|
|
pdf_get_inheritable also looks in trailer/Root/AcroForm for missing keys,
but this behavior is not supported by anything in the specification.
|
|
Remove duplicate function pdf_lookup_inherited_page_item.
|
|
|
|
Use separate functions to keep the code simpler.
Use memmem to simplify and optimize search for 'endstream' token.
Do not look for 'endobj' since that could cause a false positives in
compressed object streams that have duff lengths.
|
|
The intent is for a user to iterate over the annotations on a page calling
pdf_update_annot for each one. If this function returns true, then the
annotation has changed since the last time it was called, and the user
needs to re-render.
pdf_update_page is a simple loop over the annotations on a page, for use
if you only care about page level granularity.
Users should no longer look at or change the pdf_annot.has_new_ap field.
|
|
Thanks to oss-fuzz for reporting.
|
|
When pdf_xobject_transparency() indicates transparency,
pdf_run_xobject() will push a mask with 2 components (gray +
alpha). Because fz_var was missing for the transparency variable
its value would, if fz_throw() was called, not be preserved in
fz_always{}. This means that fz_always{} would never pop the mask
from the stack. At a later stage some code would call
fz_end_mask() and then trigger an assert() where the number of
components was restricted to 1.
Marking the variable with fz_var means that the mask will now be
popped as expected. Thanks to oss-fuzz for reporting.
|
|
The intent with the previous code was to default to black
upon unsupported number of components in the color array.
The code however first set all components to zero then to
the value of the first component of the color array. Now
the code follows the original intent.
|
|
Thanks to oss-fuzz for reporting.
|
|
|
|
Thanks to oss-fuzz for reporting.
|
|
Alter pdf_can_be_saved_incrementally to return false when a hybrid xref
file has been opened. This doesn't enforce the behaviour, but will ensure
it for apps that determine their behaviour via this test function.
Once changes have been saved to such a file, it is no longer hybrid and so
further saving steps can use incremental updates.
This change was made because we were previously unable to sign hybrid xref
documents in a way that was satisfactory to Adobe Reader. Adobe Reader
reorganises hybrid xref files, thus invalidating any signature.
|
|
|
|
|
|
Always look for the "endstream" marker after a PDF stream to see
if we've hit the end. Allow for "endobj" to cope with producers
that omit endstream entirely.
Avoid slowing down legal files by only checking for the end marker
after the specified length has been read.
|
|
If you define DUMP_LEXER_STREAM than the lexer dumps the input
that it reads from the stream.
|
|
A missing CIDToGIDMap is treated as identity.
|
|
|
|
|
|
When a document is signed multiple times, an incremental update is needed
for each, the multiple updates sometimes written to the file as a single
saving operation. Within pdf_sign_signature it is the call to
pdf_signature_set_value that marks the current section of the xref to which
changes are recorded as "full", so that subsequent changes will trigger the
creation of a new section. Within pdf_sign_signature we were creating the
signature's appearance stream after the call to pdf_signature_set_value and
hence triggering an extra unnecessary setction. This commit moves the
pdf_signature_set_value to after the creation of the appearance stream, so
that we need only as many new xref sections as there are signings.
|
|
The pdf_update_signature_appearance function must be called directly by
the signing code when it signs the document; as only the signing code has
all the text that needs to be written into the appearance.
|
|
|
|
|
|
|
