summaryrefslogtreecommitdiff
path: root/source
AgeCommit message (Collapse)Author
2018-09-04Fix string handling when using gproof files.Sebastian Rasmussen
2018-09-04Add -dSAFER to gs calls in gproof.Michael Vrhel
Unlikely that this could be an issue, but lets add it for safety.
2018-09-04Fix bit rot in gproof support.Michael Vrhel
2018-08-30When unrecoverable errors occur on a page, at least print them.Sebastian Rasmussen
Previously there was no visibility as to what the error was.
2018-08-30Bug 699695: Remember to end groups/softmasks even upon exception.Sebastian Rasmussen
fz_fill_path() may throw an exception halfway through pdf_show_path(), which in this case would not attempt to end any begun groups or softmasks. This led to e.g. leaks of pixmaps held by a group that was never ended. Moving the cleanup to the always block is not foolproof because the cleanup code itself may also throw exceptions, hence preventing the end of the fz_always block from being executed. This commit does put pdf_show_path() in the same situation as pdf_run_xobject() that has the same problem with its cleanup code. Thanks to oss-fuzz for reporting.
2018-08-30Bug 699694: Fix reference counting for JBIG2 globals.Sebastian Rasmussen
fz_open_jbig2d() is called at two locations in MuPDF. At one location a reference to the JBIG2 globals struct was taken before passing it to fz_open_jbig2d(). At the other location no such reference was taken, but rather ownership of the struct was implicitly transferred to fz_open_jbig2d(). This inconsistency led to a leak of the globals struct at the first location. Now, passing a JBIG2 globals struct to fz_open_jbig2d() never implictly takes ownership. Instead the JBIG2 stream will take a reference if it needs it and drops it in case of error. As usual it is the callers responsibility to drop the reference to the globals struct it owns.
2018-08-30Remove unreachable code.Sebastian Rasmussen
JBIG2 images are detected by build_compression_params() and then always passed to fz_open_image_decomp_stream() by build_filter(). Therefore there is no chance for build_filter() at a later stage to detect JBIG2 images, and so that check can be removed.
2018-08-30Remember type of exception upon error while running xobjects.Sebastian Rasmussen
2018-08-28Bug 699683: Skip painting too large images when using interpolation.Tor Andersson
When painting images using interpolation 16.16 fixpoint arithmetics is used. This limits the width/height of any image that can be painted to 32767. There was no size check, so large images caused overflow and subsequent out of bounds accesses which triggered MSAN. This c Thanks to oss-fuzz for reporting.
2018-08-28Bug 699675: Handle lack of default colorspaces when rendering type 3 font glyph.Sebastian Rasmussen
Previously this would result in trying to dereference a NULL pointer. Thanks to oss-fuzz for reporting.
2018-08-28Bug 699672: Handle out of bounds pointer to previous xref.Sebastian Rasmussen
Previously a value of 0 would cause the document not to be rendered.
2018-08-28Avoid use of fixed size buffers for the digest when document signingPaul Gardiner
The signer object now has an extra method that informs the caller of the maximum size the digest might be. This is used to allocate space for the digest within the file and to size some of the buffers used in the code. The openssl-based inplementation of the signer object has been updated to perform a test digest generation so as to find the size needed. We believe that the digest size is indendent of the hashed data.
2018-08-28Truncate name tokens that are too long.Tor Andersson
2018-08-23Honour the read-only form-field flag.Paul Gardiner
Avoid pdf_pass_event interacting with widgets that have the read-only field set.
2018-08-22Bug 699667: Remember to update gstate pointers when showing patterns.Sebastian Rasmussen
pdf_show_pattern() may resize the pdf run processors gstate array. In doing so any pointers to it saved by called will become stale. Similarly to pdf_begin_group() pdf_show_pattern() now returns the updated pointer to the top of the gstate stack. For the same reason pdf_show_pattern() can not be given a pointer to a gstate stack entry and continue using it after the gstate array has been resized. So, have pdf_show_pattern() take an index to the desired state instead.
2018-08-22Plug leak of buffer when button widgets are ignored.Sebastian Rasmussen
The leak was triggered by the PDF from 699576, but this commit does not fully fix that bug.
2018-08-22Remove the old 'nested depth' tracking.Tor Andersson
This was used to prevent infinite cycles in the Type3 font CharProcs, but the previous commits forbids all cycles in order to prevent memory leaks due to cyclic reference counts.
2018-08-22Bug 699666: Forbid cycles in Type3 font CharProcs.Tor Andersson
Thanks to oss-fuzz for reporting.
2018-08-22Bug 699653: Avoid dropping filter chain once too often in case of error.Sebastian Rasmussen
build_filter_chain_drop() promises to extend (according to the fs argument) the filter chain it is given, or in case of exception throw away the at that point potentially extended filter chain it was given from the beginning. Because build_filter_chain_drop() calls build_filter_drop() for every filter it adds it doesn't need to do any cleanup of the filter chain on its own, that's build_filter_drop()'s responsibility. Prior to this commit fz_catch() in build_filter_chain_drop() which would drop the filter chain one time too many (it was already dropped by build_filter_drop()), causing the callers to use a stale pointer. Now once the extra fz_drop_stream() has been removed the logic works as it ought to, even in the case of exceptions. Thanks to oss-fuzz for reporting.
2018-08-21Bug 699652: Fix postscript value stack underflow for index operator.Sebastian Rasmussen
Thanks to oss-fuzz for reporting.
2018-08-21Bug 699271: Fix eternal loop when skipping space before EOF.Sebastian Rasmussen
Thanks to Michael J Gruber for providing this oneliner.
2018-08-21Fix form recalculation issue.Tor Andersson
Commit f533104 accidentally removed the line that updated the value variable. Also set the field value to a name object for check boxes and radio buttons, as per the specification.
2018-08-21Handle form fields where the V is a name object.Tor Andersson
2018-08-21Improve parameter names.Tor Andersson
2018-08-21Fix 699625: Apply more vertical padding for multiline form fields.Tor Andersson
The exact value used by Adobe will need further investigation, but this gets pretty close.
2018-08-21Fix 699641: Follow Parent chain when looking up DA in annotations.Tor Andersson
The DA property is marked as inheritable for text fields. It is not marked inheritable for FreeText annotations, but I don't believe it will be a problem to treat it as such anyway.
2018-08-21Avoid unnecessary NULLing of doc->focusPaul Gardiner
doc->focus refers to a widget record within a specific page. We shouldn't NULL it when dropping a different page.
2018-08-21Choose the lastmost annotation rather than firstmost as mouse event target.Paul Gardiner
pdf_pass_event iterates through the annotations to find one with a bounding box that encompasses the event point. We were choosing the first found, whereas later annotations are considered above earlier ones so we should be choosing the last found.
2018-08-20Use "PDF Alert" as the default javascript alert title.Paul Gardiner
Without this, for alerts where no title is specified, "undefined" was displayed.
2018-08-20Fix inability to uncheck check boxes.Paul Gardiner
Just a case of fixing some incorrect logic.
2018-08-14Fix leak of PDF object in mutool show.Sebastian Rasmussen
2018-08-14Bug 699631: Handle unsupported triangle mesh edge flags.Sebastian Rasmussen
There were two issues with the code parsing the triangle mesh's edge flags: * meshes were not require to start with an independent triangle * out of range edge flags caused vertices to be ignored A mesh where the edge flag of the first vertice is out of range, and the edge flag of the second vertex indicates continuation of a prior triangle would result in trying to create a triangle where the third coordinate would be uninitialized. This commit requires the edge flag of the first vertex to indicate a new independent triangle and if out of range edge flags are encountered they are treated as if they indicate a new triangle. Thanks to oss-fuzz for reporting.
2018-08-14Bug 698898: Always pop draw stack in case of exception.Sebastian Rasmussen
When fz_draw_clip_image_mask() calls fz_get_pixmap_from_image() may throw an exception, in this case beacuse a predicted image has an unsupported number of components (1, 2, 4, 8 and 16 are supported, but 6 is not). When this happens the recently pushed stack element is never popped, which later trips an assert() in fz_draw_end_group() at a later stage. By moving the call to fz_get_pixmap_from_image() inside fz_try the stack will be popped, thus avoiding triggering the assert(). This also requires the pixmap variable to be fz_var()ed because it changes inside the fz_try-block.
2018-08-14Bug 698887: Fix leak of device/pixmap when rendering fails.Sebastian Rasmussen
2018-08-10Check that characters aren't left over in AFSpecial_KeystrokeEx.Fred Ross-Perry
In the Javascript function AFSpecial_KeystrokeEx, if there are characters left over after exhausting the format string, it's not a match.
2018-08-10Don't trigger the keystroke event when clearing a form field.Tor Andersson
This fixes part of bug #699577. The keystroke event was preventing form fields being cleared, which is presumably not intended behaviour.
2018-08-10Treat invalid and truncated hex string characters as '0'.Tor Andersson
2018-08-10Use proper name space for form field flag constants.Tor Andersson
2018-08-10Get and set PDF form field names as text strings.Fred Ross-Perry
2018-08-10Tweak hexdumped data to increase build portability.Tor Andersson
Follow bin2coff layout for hexdumped data instead of trying to emulate the objcopy layout (which seems to break for the android tools). Only use the basename of the resource in hexdump / bin2coff. Ifdef on HAVE_OBJCOPY instead of _WIN32.
2018-08-10Remove functions that implement duplicate functionality.Tor Andersson
pdf_get_inheritable also looks in trailer/Root/AcroForm for missing keys, but this behavior is not supported by anything in the specification.
2018-08-10Detect cycles in pdf_dict_get_inheritable.Tor Andersson
Remove duplicate function pdf_lookup_inherited_page_item.
2018-08-10Respect NoRotate flag for icon-based annotations.Tor Andersson
2018-08-10Use stubs instead of conditional compile with HAVE_LIBCRYPTO.Tor Andersson
The macro is only set when building the pkcs7-helper library, so cannot be used by client code. Build stub functions when compiling the pkcs7-openssl helper library without libcrypto.
2018-08-10Clean up null/range/endstream filter.Tor Andersson
Use separate functions to keep the code simpler. Use memmem to simplify and optimize search for 'endstream' token. Do not look for 'endobj' since that could cause a false positives in compressed object streams that have duff lengths.
2018-08-10Add fz_memmem function taken from musl libc.Tor Andersson
2018-08-10Rejig pdf_update_page and pdf_update_annot.Tor Andersson
The intent is for a user to iterate over the annotations on a page calling pdf_update_annot for each one. If this function returns true, then the annotation has changed since the last time it was called, and the user needs to re-render. pdf_update_page is a simple loop over the annotations on a page, for use if you only care about page level granularity. Users should no longer look at or change the pdf_annot.has_new_ap field.
2018-08-10Bug 699629: Avoid referencing stale/moved nodes in CMap splay tree.Sebastian Rasmussen
Thanks to oss-fuzz for reporting.
2018-08-10Bug 699628: Add fz_var to variable set in fz_try and used in fz_always.Sebastian Rasmussen
When pdf_xobject_transparency() indicates transparency, pdf_run_xobject() will push a mask with 2 components (gray + alpha). Because fz_var was missing for the transparency variable its value would, if fz_throw() was called, not be preserved in fz_always{}. This means that fz_always{} would never pop the mask from the stack. At a later stage some code would call fz_end_mask() and then trigger an assert() where the number of components was restricted to 1. Marking the variable with fz_var means that the mask will now be popped as expected. Thanks to oss-fuzz for reporting.
2018-08-10Preprocessor gluing tokens together causes clang error.Sebastian Rasmussen