Age | Commit message (Collapse) | Author |
|
Correctly account for non-leaf Nodes that have CPDF_FormField pointers.
Review-Url: https://codereview.chromium.org/2376193002
|
|
BUG=pdfium:597
Review-Url: https://codereview.chromium.org/2345063002
|
|
These will be a replacement for CFX_CountRef in future CLs, since
CFX_CountRef is manually incremented and error-prone.
Review-Url: https://codereview.chromium.org/2377143002
|
|
Remove default arguments.
Review-Url: https://codereview.chromium.org/2380753003
|
|
This reverts commit fe0179ded8202939ea4f2b92a879b8dede7821ea.
This is blocking incremental revision, will try again.
Review-Url: https://codereview.chromium.org/2377033003
|
|
Review-Url: https://codereview.chromium.org/2372423002
|
|
File was left behind when CPDF_GeneralStateData became
CPDF_GeneralState::StateData internal class.
Review-Url: https://codereview.chromium.org/2377843002
|
|
Review-Url: https://codereview.chromium.org/2369323004
|
|
We implemented the CFX_Observable mechanism for detecting
stale objects some time ago; now just use it in more places.
Change method signatures to required an ObservedPtr to
indicate that the callers are aware that the value may be
destroyed out from underneath them.
BUG=649659
Review-Url: https://codereview.chromium.org/2368403002
|
|
Review-Url: https://codereview.chromium.org/2370943004
|
|
Apart from the IPWL_Filler_Notify overrides, none of
these are overriden because there are no subclasses.
Review-Url: https://codereview.chromium.org/2372263002
|
|
Review-Url: https://codereview.chromium.org/2357173005
|
|
Review-Url: https://codereview.chromium.org/2362063003
|
|
The buffer PixelWeight.m_Weights was allocated by calling FX_TryAlloc(uint8_t, m_dwWeightTablesSize),
but PixelWeight.m_Weights was an int array. Thus bounds check such as |if (idx >= m_dwWeightTablesSize)|
in function CWeightTable::Calc() and |idx < m_dwWeightTablesSize ? &pWeight->m_Weights[idx] : nullptr|
in function CWeightTable::GetValueFromPixelWeight() were insufficient.
This CL strengthens bounds check for accessing int type array PixelWeight.m_Weights.
BUG=chromium:619398
R=ochang@chromium.org, thestig@chromium.org
Review-Url: https://codereview.chromium.org/2322903002
|
|
It has no sub-classes or super-classes, so no need for virtual.
Review-Url: https://codereview.chromium.org/2365383003
|
|
found by libfuzzer
Review-Url: https://codereview.chromium.org/2366143002
|
|
Review-Url: https://codereview.chromium.org/2365143002
|
|
BUG=650277
Review-Url: https://codereview.chromium.org/2371723003
|
|
In all cases, bool can be used instead without problems.
Review-Url: https://codereview.chromium.org/2368693002
|
|
Remove C-casts, nits.
Review-Url: https://codereview.chromium.org/2367743003
|
|
The change at 5b7c9bb differed from the original code in
that a pre-existing object would now be freed, which showed
that a collision could be possible if m_LastObjNum overflowed.
BUG=649206
Review-Url: https://codereview.chromium.org/2361303002
|
|
BUG=648935,649436
Review-Url: https://codereview.chromium.org/2360283004
|
|
Review-Url: https://codereview.chromium.org/2364643003
|
|
Specialize default_delete to avoid having to say
ReleaseDeleter<CPDF_ColorSpace> throughout the code.
Review-Url: https://codereview.chromium.org/2368433003
|
|
found by libfuzzer
Review-Url: https://codereview.chromium.org/2359243003
|
|
This better describes its purpose, and reduces confusion
with the CFX_CountRef class, which is unrelated.
The WeakPtr class itself that manipulates handles is NYI.
Review-Url: https://codereview.chromium.org/2366673003
|
|
Move the creation of the CPDFSDK_Document into FPDFDOC_InitFormFillEnvironment
instead of hidden inside a Get method in CDPFXFA_Document.
Review-Url: https://codereview.chromium.org/2353303004
|
|
Found by libfuzzer
Review-Url: https://codereview.chromium.org/2362813002
|
|
Handle the case that GrowNamedColorList return fail when list is too
long. Otherwise the loop never ends.
Found by libfuzzer
Review-Url: https://codereview.chromium.org/2365663002
|
|
This gives additional protection in case of re-entry. Also
make CFX_CountRef more robust in face of errors.
BUG=649229
Review-Url: https://codereview.chromium.org/2364673002
|
|
More instances of CPDFSDK_Environment being called m_pApp in the code. Renamed
to m_pEnv to be clear that it's the environment not an app object.
Review-Url: https://codereview.chromium.org/2354413002
|
|
Use smart pointers for FXJS_PerIsolateData owned member variables. Also
move creation and deletion of dynamic object map into
FXJS_PerIsolateData's constructor and destructor. Overall, the
interfaces and memory management should be simpler.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2358343002
|
|
Review-Url: https://codereview.chromium.org/2362623002
|
|
This CL moves the code from the .h file into the .cpp file.
Review-Url: https://codereview.chromium.org/2354363003
|
|
Also, it's idempotent, so simplify some logic in callers to
not care if objnum is zero.
The alternate forms are rarely used, using the objnum form
makes it clear that SetReferenceFor() can't possibly register
the object as a side-effect.
Review-Url: https://codereview.chromium.org/2361713002
|
|
win_xfa_clang bot was marked as experimental due to
https://crbug.com/626120 which was fixed a while ago.
Now no longer need to keep it as experimental.
Review-Url: https://codereview.chromium.org/2363603002
|
|
Review-Url: https://codereview.chromium.org/2358243002
|
|
The old SetParam() method had "maybe take ownership" semanitcs
based upon the type argument.
Make GetParam() handle the None case and simplify callers
based upon that behaviour.
Review-Url: https://codereview.chromium.org/2358043003
|
|
Given a large enough value for the character code it's possible to overflow
the conversion to an int. This Cl updates the code to guard against overflow.
BUG=chromium:648739
Review-Url: https://codereview.chromium.org/2358023002
|
|
This CL aims to follow up on thestig's past-land feedback
receveid on https://codereview.chromium.org/2277063003/#msg15 .
In order to avoid static initializers and global data
declaration, CL adds a data struct named PDFiumTest_FPDF_FORMFILLINFO,
which has FPDF_FORMFILLINFO as the first struct member definition.
This allows the use of reinterpret_cast to/from
PDFiumTest_FPDF_FORMFILLINFO and PDF_FORMFILLINFO.
PDFiumTest_FPDF_FORMFILLINFO also two more struct members,
'loadedPages' and 'formHandle', which were previously global
variables.
Review-Url: https://codereview.chromium.org/2330043002
|
|
We have cleared all the leaks in our code. There is no need for
those suppressions. Plus, most of them are obsolete due to code
refactoring.
Still keep this file around so that suppressions can be added if needed
in the future.
BUG=pdfium:242,pdfium:260
Review-Url: https://codereview.chromium.org/2360743002
|
|
Typically the I prefix means Interface, except for CFFL_IFormFiller where it
means Interactive. Rename CFFL_IFormFiller to CFFL_InteractiveFormFiller to
make the meaning explicit.
Review-Url: https://codereview.chromium.org/2357203003
|
|
CFXJS_Engine class should always be constructed with an isolate, except
for its subclasses which may need to create an isolate by themselves.
Move SetIsolate() function to be protected so that only subclasses can
access it.
Review-Url: https://codereview.chromium.org/2354353002
|
|
Per isolate runtime data should be deleted when the associated
isolate's destructed.
Also, the internal of per isolate runtime data is obscure to the JS
engine. So XFA or this class itself has to be in charge of the memory
management. Use smart pointer for it so that the resource
could be released properly.
BUG=pdfium:242
Review-Url: https://codereview.chromium.org/2354923003
|
|
The m_pApp variable holds a CPDFSDK_Environment. This Cl renames the variable
to be m_pEnv so as not to confuse with the various App classes that exist.
Review-Url: https://codereview.chromium.org/2357293002
|
|
Review-Url: https://codereview.chromium.org/2353383002
|
|
Review-Url: https://codereview.chromium.org/2356603003
|
|
and in CPDF_CMapParser
Review-Url: https://codereview.chromium.org/2353963003
|
|
Review-Url: https://codereview.chromium.org/2353143002
|
|
We remove the indirect object holder argument and check that
call sites pass ownable objects, adding a reference in one
place that always was passing an indirect object.
Also check that the invariant isn't violated, we need to fail
here in the wild and investigate -- these are existing UAFs.
Review-Url: https://codereview.chromium.org/2355083002
|