summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-06-02kill IPDF_DocParser().Tom Sepez
Its fine to program to interfaces, but since the sole concrete implementation is in the same header as the interface, the code is bypassing it anyways. We can de-virtualize some things along the way, and remove two non-existent function prototypes from one of the headers. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1158053003
2015-06-02Fix heap use after free in Document::DoFieldDelay and Document::delayTom Sepez
This fix removes CJS_DelayData object from m_DelayData array and copies them to a new array, before processing them. So contents of m_DelayData array cannot be used after they get freed. BUG=487928 R=tsepez@chromium.org TEST= Chrome pdf plugin should not crash when poc_stable,testuafdocument1.pdf and testuafdocument2.pdf are viewed. see crbug.com/487928 and crbug.com/487928#c18 for more details. Review URL: https://codereview.chromium.org/1163823002
2015-06-01Add missing comma to third_party.gypBruce Dawson
A reference to nonstd_unique_ptr.h was added with https://codereview.chromium.org/1091283002 but a comma is missing after it. This causes this string to be concatenated with the next, leading to broken sources. This went unnoticed by the build due to the fact that the affected sources are both headers, but they should be properly separated. R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1156663006
2015-05-29Run V8 in predictable mode for pdfium_testJochen Eisinger
This won't post tasks to the background threads BUG=none R=kcc@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1157123003
2015-05-28Fix suppressions for 2015-05-28 dropTom Sepez
TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1154993003
2015-05-28Roll DEPS to pick up 2015-05-28 corpus drop.Tom Sepez
This will undoubtedly RED the tree due to differences in platforms and environments. A subsequent CL will add suppressions to get back to GREEN. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1153393004
2015-05-28Fix ALL the include guards.Tom Sepez
Get rid of leading _CAPITAL identifiers. A large number of these didn't actually match the filename. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1160443004
2015-05-27Remove rendundant ../include from paths of files in include/ directoryTom Sepez
Tiny bit of tidying I noticed while trying to figure out include rules. In other words, cd core/include git grep 'include.*include' git grep 'include.*src' Should produce no output, and cd fpdfsdk/include git grep 'include.*include' | grep -v ../core/include git grep 'include.*src' Should produce no output as well. Fix some IWYU, header guards, include ordering, whitespace along the way. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1162453003
2015-05-26Upgrade openjpeg to r3002JUN FANG
BUG=459215 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1160663002
2015-05-21Update copy of safe_math_impl.h to take a fix from upstream:Tom Sepez
Fix a division by zero when multiplying 0 * y with SafeNumerics. BUG=488302 R=jschuh@chromium.org Review URL: https://codereview.chromium.org/1126243007
2015-05-21Fix four annoying warnings:Tom Sepez
Two "set but unused", one of which is surely an artifact from copying code around, and the other which ought to be used for the sake of clarity. Two are unknown "optimize" pragmas, remove them since the code has been shipped for years on other platforms under full optimization. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1148353002
2015-05-21Fix an endless loop in CJBig2_HuffmanTable::parseFromCodedBufferJUN FANG
This issue is trigged by the conversion from unsigned int to signed int. A large unsigned int is converted to int. It's represented as a negative int which is used in the condition of while later. BUG=482639 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1146913003
2015-05-20Get test running scripts to detect and report common error.Bruce Dawson
testing/tools/run_corpus_tests.py assumes a debug build and will fail cryptically if only a release build is available. Arguably there shouldn't be a default because having one could lead to accidentally running a stale version, but that is probably too much of a change. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1150823003
2015-05-20Integer overflow in CJBig2_Image::expandJUN FANG
1. New size should be larger than old size in JBig2_Realloc. 2. Arguments are integers but parameters are size_t in JBIG2_memset. After integer overflows, it will be presented as a huge unsigned number on 64 bits system. BUG=483981 R=brucedawson@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1148643002
2015-05-20Tidy public fpdfview.h and fpdf_flatten.h.Tom Sepez
Mostly cosmetic; fix a spelling error, make comment style consistent, remove unnecessary #ifdefs, remove unused globals. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1139993003
2015-05-20Turn on warnings for usage of disabled V8 APIsJochen Eisinger
R=vogelheim@chromium.org BUG= Review URL: https://codereview.chromium.org/1146933002
2015-05-19Re-land: Remove FX_Alloc() null checks now that it can't return NULL.Tom Sepez
Fixes the ordering of some assignments broken when converting to checked numerics in CFX_PathData::AddPointCount(). Original Review URL: https://codereview.chromium.org/1142713005 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1135893008
2015-05-19Revert "Remove FX_Alloc() null checks now that it can't return NULL."Tom Sepez
This reverts commit eb6527763171cdb4b0fbfea5a20d691f4d67b660. Reason for revert: broke javascript tests. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1145843005
2015-05-19Remove FX_Alloc() null checks now that it can't return NULL.Tom Sepez
This permits some functions to become void's since they, in turn, can't fail. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1142713005
2015-05-19Fix Heap Overflow in CJBig2_Image::expandJUN FANG
Integer overflow in CJBig2_Image::expand. It causes the size of reallocated is not expected. BUG=483981 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1131023008
2015-05-18Cleanup if early return from opj_j2k_copy_default_tcp_and_create_tcd().Tom Sepez
The opj_j2k_copy_default_tcp_and_create_tcp() function memcpy's a top-level struct, and then replaces pointers to memory owned by the original struct with new blocks of memory. Unfortunately, an early return can leave the copy with pointers to memory it doesn't own, which causes problems when cleaning up the partially-initialized struct. The referenced bug is triggered when we get a return at original line 7969 or 7385 due to OOM. Moral of the story: creating a "copy constructor" equivalent based on memcpy() instead of copying field by field for structs containing pointers is usually a bad idea. BUG=486538 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1138033007
2015-05-19Replace v8::Handle with v8::Local and v8::Persistent with v8::GlobalJochen Eisinger
those types are just aliases, and we should consistently use the new version R=tsepez@chromium.org BUG= Review URL: https://codereview.chromium.org/1138823004
2015-05-18Change FX_Alloc to FX_Try_Alloc in _JpegEncodeJUN FANG
This CL is used for: 1. keeping the same logic as before (the behaviour of FX_Alloc was changed for OOM). 2. fixing a potential integer overflow. BUG=N/A R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1126013006
2015-05-18Add safe FX_Alloc2D() macroTom Sepez
This avoids unchecked multiplications when computing a size argument to malloc(). Such an overflow is very scary, and can result in exploitable bugs. Along the way, kill off some return checks, since we know this can't return NULL. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1143663004
2015-05-17Add myself to OWNERS fileJochen Eisinger
R=tsepez@chromium.org BUG= Review URL: https://codereview.chromium.org/1133333005
2015-05-17Replace deprecated with non-deprecated V8 APIsJochen Eisinger
In most cases, we just CHECK() that no exception was thrown. Previously, we'd just crash. Ideally, this should all be fixed and the system should cope with those exceptions, but that's beyond this CL. R=tsepez@chromium.org BUG= Review URL: https://codereview.chromium.org/1126203010
2015-05-15Fix leaks in embedder test's FlateEncode() usage and in FlateEncode().Lei Zhang
For FlateEncode(), error handling code leaked memory. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1144603002
2015-05-15Disable allocation tests that hose the bot.Tom Sepez
Triggering allocation failure can be ... slow. See http://build.chromium.org/p/client.pdfium/builders/win/builds/126 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1142463005
2015-05-15Initialize members of CPDF_TextPageFind class.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1137933004
2015-05-15Fix leaks in the embedder tests themselves.Lei Zhang
Also change EmbedderTest::TearDown() to match the destruction order in Chromium's PDF code. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1138143003
2015-05-15Abort on OOM by default in FX_Alloc().Tom Sepez
Add a FX_TryAlloc() for those few cases where we might need to continue in face of OOM. Remove FX_AllocNL() (the context of its use would suggest that NL means "No Limit"). This is used for some big allocations, so replace it with TryAlloc(). Large allocations may be worth trying to continue from, since there are few and they have a large chance of failing. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1128043009
2015-05-15Remove FX_NEW_VECTOR() macros.Tom Sepez
There isn't much point in having macros that obscure obvious language features. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1135273004
2015-05-15Fix potential UAF in ConcatInPlace.Tom Sepez
If ConcatCopy somehow gets a zero nNewlen, it returns early, without allocating a new m_Data. ConcatInPlace then frees the old one, leaving m_Data dangling. Also be concerned about the multiplication in the widestring version. So use wmemcpy and let the library cope with it. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1130763007
2015-05-14Fix another batch of compiler warnings.Lei Zhang
Also fix typos and remove trailing spaces/tabs. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1141123002
2015-05-14Make CFX_StringData be scoped by CFX_Bytestring and add methods.chromium/2421chromium/2420chromium/2419chromium/2418chromium/2417chromium/2416chromium/2415chromium/2414chromium/2413chromium/2412chromium/2411chromium/2410chromium/2409chromium/2408chromium/2407chromium/2406chromium/2405chromium/2404Tom Sepez
This is a precondition for someday combining Byte/Wide strings via templates. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1142533002
2015-05-13Fix integer overflow in conversion from float to integer.JUN FANG
BUG=471991 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1141613002
2015-05-14Use phantom handles instead of weak handlesJochen Eisinger
Phantom handles allow for freeing objects with one pass of GC. However, this means that by the time the callback is invoked, the v8 object already does no longer exist. To avoid accidential access to the dead object, there are now two callbacks, where the first must only reset the handle, and the second does the clean-up work. R=tsepez@chromium.org BUG= Review URL: https://codereview.chromium.org/1129253004
2015-05-13Tidy public/ directory.Tom Sepez
- Make include guards consistent with standard and filenames. - Remove stray semicolon folowing extern "C" section close-brace. - Untabify. - Delete trailing whitespace. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1128003005
2015-05-13Fix comparison of CFX_ByteString and CFX_WideString against empty literals.Tom Sepez
Also corrects some ASSERT_'s to EXPECT_'s in the test. BUG=pdfium:160 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1141763002
2015-05-13Set pointers in internal fields directly instead of wrapping themJochen Eisinger
The internal fields are scanned by the garbage collector, so they can't contain arbitrary data. However, aligned pointers are supported by the V8 GC, so the V8 API allows for setting a pointer directly instead of wrapping it in an External container. Not only is this faster, but it's also required for the new v8::Global API which I'm going to update to in a follow-up patch. R=tsepez@chromium.org BUG= Review URL: https://codereview.chromium.org/1139853003
2015-05-12Make (and verify) public/ files compile under C.Tom Sepez
This involves adding some missing extern "C" { } declarations, using FPDF_ types instead of C++ types, and converting pass by reference arguments into pointers. Test this using fpdfview_embedertest for simplicity. BUG=pdfium:158 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1130843003
2015-05-12Describe required properties of public/ files with a README.Tom Sepez
R=thestig@chromium.org Review URL: https://codereview.chromium.org/1140833002
2015-05-12Restore checked strlen conversions.Tom Sepez
The checked conversion can be re-enabled now that there is a public API free of private headers like this one. This reverts commit 6661fd4c26106cd530d187b36f29be7e5c98b70f. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1133323003
2015-05-12NEW public API for pdfwindow font manipulation.chromium/2402chromium/2401chromium/2400Tom Sepez
PDFium side of fix to make chromium free of private header includes. This moves the one snippet of contaminating code from chrome to PDFium itself. BUG=486818 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1126283004
2015-05-11Add owners file for PDFium.chromium/2399Tom Sepez
This is currently blocking a PDFium roll in chrome, see http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presubmit/builds/62816/steps/presubmit/logs/stdio R=thestig@chromium.org Review URL: https://codereview.chromium.org/1136533003
2015-05-11Create top-level public/ header directory.Tom Sepez
These are the only files that embedders of PDFium should be including. They are entirely self-contained, and compile cleanly against -Wall so as to not offend the code that may include them. Having done this, we can see that chromium is pulling in two additional files from the fpdfsdk/include/pdfwindow directory, which is not guaranteed to work. A few files are renamed, adding an "_" to make the names consistent. The exception is fpdfview, which is doc'd as such in the doc. Naturally, paths will need updating in a handful of files in chrome when this rolls in. BUG=pdfium:154 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1135913002
2015-05-08Move function prototypes to new doc_utils.h fileTom Sepez
... rather than redundantly declaring them in several .cpp files, and hoping that the linker lines things up for you. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1128193004
2015-05-08Fix compilation under chromium checkouts.Tom Sepez
This is a fix to hide pdfium's safe_conversions.h from the higher-level callers. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1132163002
2015-05-08Better error from pdfium_test when page too big to render.Tom Sepez
BUG=pdfium:114 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1124423006
2015-05-08Fix errors from commit f0a169e.Lei Zhang
- fread() returns the number of items read. - fix a memory leak in error handling. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1135713004