| Age | Commit message (Collapse) | Author |
|---|
|
Fixing this issue for an urgent request. It should be fixed in OpenJPEG side.
BUG=506763
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1231933008 .
(cherry picked from commit d1b0a8d9dc71c67b4ce67f148cebc01d66d1d983)
Review URL: https://codereview.chromium.org/1245853002 .
|
|
1. New size should be larger than old size in JBig2_Realloc.
2. Arguments are integers but parameters are size_t in JBIG2_memset.
After integer overflows, it will be presented as a huge
unsigned number on 64 bits system.
BUG=483981
R=brucedawson@chromium.org, tsepez@chromium.org
Review URL: https://codereview.chromium.org/1148643002
(cherry picked from commit e9ccc9bc449846107f1c539e25677f4877ddf22f)
Review URL: https://codereview.chromium.org/1241493002 .
|
|
Integer overflow in CJBig2_Image::expand.
It causes the size of reallocated is not
expected.
BUG=483981
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1131023008
(cherry picked from commit 59f4b44d1fbb259967ea518e0bf5fa76b0cc9767)
Review URL: https://codereview.chromium.org/1237723002 .
|
|
BUG=459215
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1160663002
(cherry picked from commit cddfde0cddbc8467e0d5fa04c30405ee257750fc)
Review URL: https://codereview.chromium.org/1232063010 .
|
|
opj_j2k_copy_default_tcp_and_create_tcd().
The opj_j2k_copy_default_tcp_and_create_tcp() function memcpy's a top-level
struct, and then replaces pointers to memory owned by the original struct
with new blocks of memory. Unfortunately, an early return can leave the
copy with pointers to memory it doesn't own, which causes problems when
cleaning up the partially-initialized struct.
The referenced bug is triggered when we get a return at original
line 7969 or 7385 due to OOM.
Moral of the story: creating a "copy constructor" equivalent
based on memcpy() instead of copying field by field for structs
containing pointers is usually a bad idea.
BUG=486538
R=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/1138033007
(cherry picked from commit 3b60890f6ee807a8bfc44056443f77603c23e6b0)
Review URL: https://codereview.chromium.org/1231353003 .
|
|
This issue is trigged by the conversion from unsigned int to signed int.
A large unsigned int is converted to int. It's represented as a negative
int which is used in the condition of while later.
BUG=482639
R=brucedawson@chromium.org
Review URL: https://codereview.chromium.org/1146913003
(cherry picked from commit bc4b82ea7a9c6603c6a1c89e00f4e6381c1b6804)
Review URL: https://codereview.chromium.org/1231923006 .
|
|
Document::delay
This fix removes CJS_DelayData object from m_DelayData array and copies them to
a new array, before processing them. So contents of m_DelayData array cannot be
used after they get freed.
BUG=487928
R=tsepez@chromium.org
TEST= Chrome pdf plugin should not crash when poc_stable,testuafdocument1.pdf
and testuafdocument2.pdf are viewed.
see crbug.com/487928 and crbug.com/487928#c18 for more details.
Review URL: https://codereview.chromium.org/1163823002
(cherry picked from commit 4ff7a4246c81a71b4f878e959b3ca304cd76ec8a)
Review URL: https://codereview.chromium.org/1223163004 .
|
|
BUG=471990
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1230663004.
|
|
Add a FX_TryAlloc() for those few cases where we might need to continue
in face of OOM.
Remove FX_AllocNL() (the context of its use would suggest that NL
means "No Limit"). This is used for some big allocations, so replace
it with TryAlloc(). Large allocations may be worth trying to continue
from, since there are few and they have a large chance of failing.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1128043009
(cherry picked from commit 9f6f34892fdfff87c49a9df4c1e34790c0fa1272)
BUG=446032
Review URL: https://codereview.chromium.org/1226403008 .
|
|
This regressed in https://pdfium.googlesource.com/pdfium/+/71c24b839498fb89184002ed30fcff353e1e402c. The code would reach into FreeType internals and reset transform_flags. This would effectively set the font's transform matrix to the identity (since a transform is only used if the flag is set). I removed it because I assumed this is only a cache, and any other place that would call FT_Load_Glyph would have set a transform first. Apparently that's not the case (verified through adding some additional code). The fix is to reset the transform matrix after changing it. This is functionally equivalent to the previous behavior, since if the flag was 0 but there was a transform, it would be ignored until another transform is set.
BUG=479434
R=thestig@chromium.org, tsepez@chromium.org
Committed: https://pdfium.googlesource.com/pdfium/+/e4503ea9947d2f9c61704da20271b413a364a9c0
Review URL: https://codereview.chromium.org/1186603003.
|
|
CPDF_DIBSource::LoadJpxBitmap().
Leaks can happen in several places. For this particular bug, it happens
when there is a colorspace component count mismatch.
BUG=497191
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1153633009
(cherry picked from commit 2a824f1c0ed786aed0dd15a0ea60dc90999e2b2c)
Review URL: https://codereview.chromium.org/1178643002.
|
|
This is a precondition for someday combining Byte/Wide strings
via templates.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1142533002
|
|
BUG=471991
R=brucedawson@chromium.org
Review URL: https://codereview.chromium.org/1141613002
|
|
Phantom handles allow for freeing objects with one pass of GC. However,
this means that by the time the callback is invoked, the v8 object already
does no longer exist. To avoid accidential access to the dead object, there
are now two callbacks, where the first must only reset the handle, and the
second does the clean-up work.
R=tsepez@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1129253004
|
|
- Make include guards consistent with standard and filenames.
- Remove stray semicolon folowing extern "C" section close-brace.
- Untabify.
- Delete trailing whitespace.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1128003005
|
|
Also corrects some ASSERT_'s to EXPECT_'s in the test.
BUG=pdfium:160
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1141763002
|
|
The internal fields are scanned by the garbage collector, so they can't contain arbitrary data. However, aligned pointers are supported by the V8 GC, so the V8
API allows for setting a pointer directly instead of wrapping it in an External
container.
Not only is this faster, but it's also required for the new v8::Global API which
I'm going to update to in a follow-up patch.
R=tsepez@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1139853003
|
|
This involves adding some missing extern "C" { } declarations,
using FPDF_ types instead of C++ types, and converting pass
by reference arguments into pointers.
Test this using fpdfview_embedertest for simplicity.
BUG=pdfium:158
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1130843003
|
|
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1140833002
|
|
The checked conversion can be re-enabled now that there is a public
API free of private headers like this one.
This reverts commit 6661fd4c26106cd530d187b36f29be7e5c98b70f.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1133323003
|
|
PDFium side of fix to make chromium free of private header
includes. This moves the one snippet of contaminating code
from chrome to PDFium itself.
BUG=486818
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1126283004
|
|
This is currently blocking a PDFium roll in chrome, see
http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presubmit/builds/62816/steps/presubmit/logs/stdio
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1136533003
|
|
These are the only files that embedders of PDFium should be including.
They are entirely self-contained, and compile cleanly against -Wall so
as to not offend the code that may include them.
Having done this, we can see that chromium is pulling in two additional
files from the fpdfsdk/include/pdfwindow directory, which is not guaranteed
to work.
A few files are renamed, adding an "_" to make the names consistent.
The exception is fpdfview, which is doc'd as such in the doc.
Naturally, paths will need updating in a handful of files in chrome
when this rolls in.
BUG=pdfium:154
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1135913002
|
|
... rather than redundantly declaring them in several .cpp files, and
hoping that the linker lines things up for you.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1128193004
|
|
This is a fix to hide pdfium's safe_conversions.h from the
higher-level callers.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1132163002
|
|
BUG=pdfium:114
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1124423006
|
|
- fread() returns the number of items read.
- fix a memory leak in error handling.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1135713004
|
|
Also fix a few nits and other errors along the way.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1098583002
|
|
This mimics the std:: behaviour.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1130053003
|
|
Reason for revert: No longer needed in face of 9ea57a43faea
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1122423006
|
|
BUG=pdfium:153
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1124043003
|
|
This gets included in chromium's pdfium_engine.cc, and thus must pass a
higher error level. There's probably a follow-up to check why the FPDF_ api
doesn't insulate chromium from this file.
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1127043004
|
|
BUG=484002
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1124563002
|
|
These flags are unused in Chromium, but are needed for the Cloud Print
conversion process, which takes PDF and produces a raster for low-end
printers. Certain low-end printers (e.g., B&W laser printers) will
turn anti-aliased text into a mess. The existing printing flag isn't
sufficient, as other kinds of printers will still want some kinds of
anti-aliasing to occur for best results.
BUG=482253
TEST=none
R=vitalybuka@chromium.org
Review URL: https://codereview.chromium.org/1115513002
Patch from Scott Byer <scottbyer@chromium.org>.
|
|
Separate out the overload when the length is not known, and be sure that
strlen() call is in the header so that strlen("foo") => 3 (since many
compilers support this optimization).
Also delete some unused types.
BUG=pdfium:151
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1117263004
|
|
Part two. Fix same issue in wide strings as in their bytestring
counterparts.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1127753002
|
|
I spent at least 2 minutes grep'ing for a class or struct (on the other
branch) that was delcared using this.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1129433002
|
|
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1125703004
|
|
Continuation of https://codereview.chromium.org/1122573002
Applies similar test to immutable versions of strings.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1118973005
|
|
... and there are a few inconsistencies which we can now fix. Also add a
comment about why these strings aren't headed for the dust-bin long term.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1122573002
|
|
Also prevent theoretical roll-over where long smaller than intptr_t.
See bug for discussion.
BUG=pdfium:149
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1117413002
|
|
(Also makes the calculation robust in face of changes to the header).
BUG=pdfium:149
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1118983003
|
|
As part of the migration from GYP->GN, we want to make sure that we
can track when new targets are added to either the GYP or GN builds
and that we are building everything we expect to build.
In GN, unlike GYP, if a build file gets referenced from other files,
building 'all' will cause every target to be built in it. This means in
particular, that we can end up trying to build targets that are not
necessarily intended to be visible to the rest of the build. To get
around this, any target that is defined but hidden (like 'pdfium_unittests',
) should still be visible to a top-level target called
"//:gn_visibility".
R=tsepez@chromium.org, brettw@chromium.org
BUG=461019
Review URL: https://codereview.chromium.org/1120183002
|
|
Follow-on to https://codereview.chromium.org/1120703003/
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1112423003
|
|
Given the representation of StringData, it seems sub-optimal not to be doing this.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1120703003
|
|
This allows PDFium to work with current V8, so unpin v8 in the
pdfium DEPS file.
(I also re-ordered one field in CJS_Runtime, just to put two bools
together (may pack tighter), and to put all the v8 stuff together).
BUG=pdfium:146
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1118043002
|
|
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1111393004
|
|
This will undoubtedly red up the tree, as we don't have trybots. A follow-up
CL will add the suppressions required for each platform at the moment.
The new suppressions in this CL are for cases where we didn't generate an
expected result file (due to the issue in fx/FRC_3.5_part1/Introduction.txt).
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1111213005
|
|
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast
simplification. There's an additional copy now in one place, so
shoot me.
BUG=pdfium:144
R=thestig@chromium.org
Committed: https://pdfium.googlesource.com/pdfium/+/ee7412f5aef353e5c6f1a64d0e1708ed926869d9
Committed: https://pdfium.googlesource.com/pdfium/+/5a256ad29483eb2b13e6e2c89fe0f77a9103f68f
Review URL: https://codereview.chromium.org/1053613004
|
|
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1108913004
|
