summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-07-20Merge to M44: Fix an integer overflow issue in openJpegchromium/2403Lei Zhang
Fixing this issue for an urgent request. It should be fixed in OpenJPEG side. BUG=506763 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1231933008 . (cherry picked from commit d1b0a8d9dc71c67b4ce67f148cebc01d66d1d983) Review URL: https://codereview.chromium.org/1245853002 .
2015-07-13Merge to M44: Integer overflow in CJBig2_Image::expandLei Zhang
1. New size should be larger than old size in JBig2_Realloc. 2. Arguments are integers but parameters are size_t in JBIG2_memset. After integer overflows, it will be presented as a huge unsigned number on 64 bits system. BUG=483981 R=brucedawson@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1148643002 (cherry picked from commit e9ccc9bc449846107f1c539e25677f4877ddf22f) Review URL: https://codereview.chromium.org/1241493002 .
2015-07-13Merge to M44: Fix Heap Overflow in CJBig2_Image::expandLei Zhang
Integer overflow in CJBig2_Image::expand. It causes the size of reallocated is not expected. BUG=483981 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1131023008 (cherry picked from commit 59f4b44d1fbb259967ea518e0bf5fa76b0cc9767) Review URL: https://codereview.chromium.org/1237723002 .
2015-07-13Merge to M44: Upgrade openjpeg to r3002Lei Zhang
BUG=459215 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1160663002 (cherry picked from commit cddfde0cddbc8467e0d5fa04c30405ee257750fc) Review URL: https://codereview.chromium.org/1232063010 .
2015-07-13Merge to M44: Cleanup if early return from ↵Lei Zhang
opj_j2k_copy_default_tcp_and_create_tcd(). The opj_j2k_copy_default_tcp_and_create_tcp() function memcpy's a top-level struct, and then replaces pointers to memory owned by the original struct with new blocks of memory. Unfortunately, an early return can leave the copy with pointers to memory it doesn't own, which causes problems when cleaning up the partially-initialized struct. The referenced bug is triggered when we get a return at original line 7969 or 7385 due to OOM. Moral of the story: creating a "copy constructor" equivalent based on memcpy() instead of copying field by field for structs containing pointers is usually a bad idea. BUG=486538 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1138033007 (cherry picked from commit 3b60890f6ee807a8bfc44056443f77603c23e6b0) Review URL: https://codereview.chromium.org/1231353003 .
2015-07-13Merge to M44: Fix an endless loop in CJBig2_HuffmanTable::parseFromCodedBufferLei Zhang
This issue is trigged by the conversion from unsigned int to signed int. A large unsigned int is converted to int. It's represented as a negative int which is used in the condition of while later. BUG=482639 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1146913003 (cherry picked from commit bc4b82ea7a9c6603c6a1c89e00f4e6381c1b6804) Review URL: https://codereview.chromium.org/1231923006 .
2015-07-13Merge to M44: Fix heap use after free in Document::DoFieldDelay and ↵Lei Zhang
Document::delay This fix removes CJS_DelayData object from m_DelayData array and copies them to a new array, before processing them. So contents of m_DelayData array cannot be used after they get freed. BUG=487928 R=tsepez@chromium.org TEST= Chrome pdf plugin should not crash when poc_stable,testuafdocument1.pdf and testuafdocument2.pdf are viewed. see crbug.com/487928 and crbug.com/487928#c18 for more details. Review URL: https://codereview.chromium.org/1163823002 (cherry picked from commit 4ff7a4246c81a71b4f878e959b3ca304cd76ec8a) Review URL: https://codereview.chromium.org/1223163004 .
2015-07-13Merge to M44: Redo range check in CPDF_SampledFunc::v_Call().Tom Sepez
BUG=471990 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1230663004.
2015-07-13Merge to M44: Abort on OOM by default in FX_Alloc().Lei Zhang
Add a FX_TryAlloc() for those few cases where we might need to continue in face of OOM. Remove FX_AllocNL() (the context of its use would suggest that NL means "No Limit"). This is used for some big allocations, so replace it with TryAlloc(). Large allocations may be worth trying to continue from, since there are few and they have a large chance of failing. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1128043009 (cherry picked from commit 9f6f34892fdfff87c49a9df4c1e34790c0fa1272) BUG=446032 Review URL: https://codereview.chromium.org/1226403008 .
2015-06-12Merge to M44: Fix font rendering issues because of an incorrect transform.John Abd-El-Malek
This regressed in https://pdfium.googlesource.com/pdfium/+/71c24b839498fb89184002ed30fcff353e1e402c. The code would reach into FreeType internals and reset transform_flags. This would effectively set the font's transform matrix to the identity (since a transform is only used if the flag is set). I removed it because I assumed this is only a cache, and any other place that would call FT_Load_Glyph would have set a transform first. Apparently that's not the case (verified through adding some additional code). The fix is to reset the transform matrix after changing it. This is functionally equivalent to the previous behavior, since if the flag was 0 but there was a transform, it would be ignored until another transform is set. BUG=479434 R=thestig@chromium.org, tsepez@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/e4503ea9947d2f9c61704da20271b413a364a9c0 Review URL: https://codereview.chromium.org/1186603003.
2015-06-10Merge to M44: Fix potentially massive memory leak in ↵Lei Zhang
CPDF_DIBSource::LoadJpxBitmap(). Leaks can happen in several places. For this particular bug, it happens when there is a colorspace component count mismatch. BUG=497191 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1153633009 (cherry picked from commit 2a824f1c0ed786aed0dd15a0ea60dc90999e2b2c) Review URL: https://codereview.chromium.org/1178643002.
2015-05-14Make CFX_StringData be scoped by CFX_Bytestring and add methods.chromium/2421chromium/2420chromium/2419chromium/2418chromium/2417chromium/2416chromium/2415chromium/2414chromium/2413chromium/2412chromium/2411chromium/2410chromium/2409chromium/2408chromium/2407chromium/2406chromium/2405chromium/2404Tom Sepez
This is a precondition for someday combining Byte/Wide strings via templates. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1142533002
2015-05-13Fix integer overflow in conversion from float to integer.JUN FANG
BUG=471991 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1141613002
2015-05-14Use phantom handles instead of weak handlesJochen Eisinger
Phantom handles allow for freeing objects with one pass of GC. However, this means that by the time the callback is invoked, the v8 object already does no longer exist. To avoid accidential access to the dead object, there are now two callbacks, where the first must only reset the handle, and the second does the clean-up work. R=tsepez@chromium.org BUG= Review URL: https://codereview.chromium.org/1129253004
2015-05-13Tidy public/ directory.Tom Sepez
- Make include guards consistent with standard and filenames. - Remove stray semicolon folowing extern "C" section close-brace. - Untabify. - Delete trailing whitespace. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1128003005
2015-05-13Fix comparison of CFX_ByteString and CFX_WideString against empty literals.Tom Sepez
Also corrects some ASSERT_'s to EXPECT_'s in the test. BUG=pdfium:160 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1141763002
2015-05-13Set pointers in internal fields directly instead of wrapping themJochen Eisinger
The internal fields are scanned by the garbage collector, so they can't contain arbitrary data. However, aligned pointers are supported by the V8 GC, so the V8 API allows for setting a pointer directly instead of wrapping it in an External container. Not only is this faster, but it's also required for the new v8::Global API which I'm going to update to in a follow-up patch. R=tsepez@chromium.org BUG= Review URL: https://codereview.chromium.org/1139853003
2015-05-12Make (and verify) public/ files compile under C.Tom Sepez
This involves adding some missing extern "C" { } declarations, using FPDF_ types instead of C++ types, and converting pass by reference arguments into pointers. Test this using fpdfview_embedertest for simplicity. BUG=pdfium:158 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1130843003
2015-05-12Describe required properties of public/ files with a README.Tom Sepez
R=thestig@chromium.org Review URL: https://codereview.chromium.org/1140833002
2015-05-12Restore checked strlen conversions.Tom Sepez
The checked conversion can be re-enabled now that there is a public API free of private headers like this one. This reverts commit 6661fd4c26106cd530d187b36f29be7e5c98b70f. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1133323003
2015-05-12NEW public API for pdfwindow font manipulation.chromium/2402chromium/2401chromium/2400Tom Sepez
PDFium side of fix to make chromium free of private header includes. This moves the one snippet of contaminating code from chrome to PDFium itself. BUG=486818 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1126283004
2015-05-11Add owners file for PDFium.chromium/2399Tom Sepez
This is currently blocking a PDFium roll in chrome, see http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presubmit/builds/62816/steps/presubmit/logs/stdio R=thestig@chromium.org Review URL: https://codereview.chromium.org/1136533003
2015-05-11Create top-level public/ header directory.Tom Sepez
These are the only files that embedders of PDFium should be including. They are entirely self-contained, and compile cleanly against -Wall so as to not offend the code that may include them. Having done this, we can see that chromium is pulling in two additional files from the fpdfsdk/include/pdfwindow directory, which is not guaranteed to work. A few files are renamed, adding an "_" to make the names consistent. The exception is fpdfview, which is doc'd as such in the doc. Naturally, paths will need updating in a handful of files in chrome when this rolls in. BUG=pdfium:154 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1135913002
2015-05-08Move function prototypes to new doc_utils.h fileTom Sepez
... rather than redundantly declaring them in several .cpp files, and hoping that the linker lines things up for you. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1128193004
2015-05-08Fix compilation under chromium checkouts.Tom Sepez
This is a fix to hide pdfium's safe_conversions.h from the higher-level callers. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1132163002
2015-05-08Better error from pdfium_test when page too big to render.Tom Sepez
BUG=pdfium:114 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1124423006
2015-05-08Fix errors from commit f0a169e.Lei Zhang
- fread() returns the number of items read. - fix a memory leak in error handling. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1135713004
2015-05-08Fix a bunch of -Wunused-but-set-variable warnings.Lei Zhang
Also fix a few nits and other errors along the way. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1098583002
2015-05-06Support arrays in nonstd::unique_ptr<>.Tom Sepez
This mimics the std:: behaviour. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1130053003
2015-05-06Manual revert of ad2a822ce5c3Tom Sepez
Reason for revert: No longer needed in face of 9ea57a43faea TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1122423006
2015-05-06Remove FX_STRSIZE casts, use safe conversionsTom Sepez
BUG=pdfium:153 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1124043003
2015-05-06Fix fx_string.h compile error under chromium checkouts.chromium/2398chromium/2397chromium/2396Tom Sepez
This gets included in chromium's pdfium_engine.cc, and thus must pass a higher error level. There's probably a follow-up to check why the FPDF_ api doesn't insulate chromium from this file. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1127043004
2015-05-06Fix a couple of divide by zero crashes in PNG/TIFF predictors.Lei Zhang
BUG=484002 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1124563002
2015-05-05Expose additional flags for rasterization.Scott Byer
These flags are unused in Chromium, but are needed for the Cloud Print conversion process, which takes PDF and produces a raster for low-end printers. Certain low-end printers (e.g., B&W laser printers) will turn anti-aliased text into a mess. The existing printing flag isn't sufficient, as other kinds of printers will still want some kinds of anti-aliasing to occur for best results. BUG=482253 TEST=none R=vitalybuka@chromium.org Review URL: https://codereview.chromium.org/1115513002 Patch from Scott Byer <scottbyer@chromium.org>.
2015-05-05Make sure string constructors are efficient on literalsTom Sepez
Separate out the overload when the length is not known, and be sure that strlen() call is in the header so that strlen("foo") => 3 (since many compilers support this optimization). Also delete some unused types. BUG=pdfium:151 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1117263004
2015-05-04Fix issues with != and == in fx_basic_wstringTom Sepez
Part two. Fix same issue in wide strings as in their bytestring counterparts. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1127753002
2015-05-04Kill FX_DEFINEHANDLETom Sepez
I spent at least 2 minutes grep'ing for a class or struct (on the other branch) that was delcared using this. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1129433002
2015-05-04Fix issuse with != and == shown by fx_basic_bstring unit tests.Tom Sepez
R=thestig@chromium.org Review URL: https://codereview.chromium.org/1125703004
2015-05-01Backfill some FX StringC unit tests for == and !=.Tom Sepez
Continuation of https://codereview.chromium.org/1122573002 Applies similar test to immutable versions of strings. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1118973005
2015-05-01Backfill some FX String unit tests for == and !=.Tom Sepez
... and there are a few inconsistencies which we can now fix. Also add a comment about why these strings aren't headed for the dust-bin long term. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1122573002
2015-05-01Save 4 bytes per CFX_ByteString where intptr_t smaller than long.Tom Sepez
Also prevent theoretical roll-over where long smaller than intptr_t. See bug for discussion. BUG=pdfium:149 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1117413002
2015-05-01Save 8 bytes in each CFX_ByteString/WideString (on "LP64" platforms).Tom Sepez
(Also makes the calculation robust in face of changes to the header). BUG=pdfium:149 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1118983003
2015-05-01Adjust the visibility of the standalone targets in the GN build.Dirk Pranke
As part of the migration from GYP->GN, we want to make sure that we can track when new targets are added to either the GYP or GN builds and that we are building everything we expect to build. In GN, unlike GYP, if a build file gets referenced from other files, building 'all' will cause every target to be built in it. This means in particular, that we can end up trying to build targets that are not necessarily intended to be visible to the rest of the build. To get around this, any target that is defined but hidden (like 'pdfium_unittests', ) should still be visible to a top-level target called "//:gn_visibility". R=tsepez@chromium.org, brettw@chromium.org BUG=461019 Review URL: https://codereview.chromium.org/1120183002
2015-04-30Take adavange of unused bytes at end of widestringTom Sepez
Follow-on to https://codereview.chromium.org/1120703003/ R=thestig@chromium.org Review URL: https://codereview.chromium.org/1112423003
2015-04-30Try to take advantage of unused bytes at end of CFX_ByteString.Tom Sepez
Given the representation of StringData, it seems sub-optimal not to be doing this. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1120703003
2015-04-30Provide an array buffer allocator to V8.chromium/2395chromium/2394chromium/2393chromium/2392chromium/2391chromium/2390chromium/2389chromium/2388Tom Sepez
This allows PDFium to work with current V8, so unpin v8 in the pdfium DEPS file. (I also re-ordered one field in CJS_Runtime, just to put two bools together (may pack tighter), and to put all the v8 stuff together). BUG=pdfium:146 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1118043002
2015-04-29Add suppressions for all new failing corpus tests.Tom Sepez
TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1111393004
2015-04-29Corpus roll to pick up the 2015-04-28 Foxit drop.Tom Sepez
This will undoubtedly red up the tree, as we don't have trybots. A follow-up CL will add the suppressions required for each platform at the moment. The new suppressions in this CL are for cases where we didn't generate an expected result file (due to the issue in fx/FRC_3.5_part1/Introduction.txt). R=thestig@chromium.org Review URL: https://codereview.chromium.org/1111213005
2015-04-28Make CFX_WideString::LockBuffer() completely unused.Tom Sepez
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast simplification. There's an additional copy now in one place, so shoot me. BUG=pdfium:144 R=thestig@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/ee7412f5aef353e5c6f1a64d0e1708ed926869d9 Committed: https://pdfium.googlesource.com/pdfium/+/5a256ad29483eb2b13e6e2c89fe0f77a9103f68f Review URL: https://codereview.chromium.org/1053613004
2015-04-28Pin V8 version until initialization issue in b584bab resolved.Tom Sepez
TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1108913004