summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-09-22Fix use uninitialized value and stack buffer overflow readkcwu
Found by libfuzzer Review-Url: https://codereview.chromium.org/2362813002
2016-09-22Fix infinite loop when calling GrowNamedColorListkcwu
Handle the case that GrowNamedColorList return fail when list is too long. Otherwise the loop never ends. Found by libfuzzer Review-Url: https://codereview.chromium.org/2365663002
2016-09-22Null CPDF_CountedObj::m_pObj prior to deletiontsepez
This gives additional protection in case of re-entry. Also make CFX_CountRef more robust in face of errors. BUG=649229 Review-Url: https://codereview.chromium.org/2364673002
2016-09-22Rename App to Env where needed.dsinclair
More instances of CPDFSDK_Environment being called m_pApp in the code. Renamed to m_pEnv to be clear that it's the environment not an app object. Review-Url: https://codereview.chromium.org/2354413002
2016-09-22Simplify memory management for per isolate dataweili
Use smart pointers for FXJS_PerIsolateData owned member variables. Also move creation and deletion of dynamic object map into FXJS_PerIsolateData's constructor and destructor. Overall, the interfaces and memory management should be simpler. BUG=pdfium:518 Review-Url: https://codereview.chromium.org/2358343002
2016-09-22Add fuzzer for icc codeckcwu
Review-Url: https://codereview.chromium.org/2362623002
2016-09-22Move CPDFSDK_Environment code to cpp filedsinclair
This CL moves the code from the .h file into the .cpp file. Review-Url: https://codereview.chromium.org/2354363003
2016-09-21Remove some objnum locals with AddIndirectObjecttsepez
Also, it's idempotent, so simplify some logic in callers to not care if objnum is zero. The alternate forms are rarely used, using the objnum form makes it clear that SetReferenceFor() can't possibly register the object as a side-effect. Review-Url: https://codereview.chromium.org/2361713002
2016-09-21Move win_xfa_clang bot back into regular commit queueweili
win_xfa_clang bot was marked as experimental due to https://crbug.com/626120 which was fixed a while ago. Now no longer need to keep it as experimental. Review-Url: https://codereview.chromium.org/2363603002
2016-09-21Use unique_ptr<CPDF_Object, ReleaseDeleter<>> in more placeschromium/2868tsepez
Review-Url: https://codereview.chromium.org/2358243002
2016-09-21Make ownership explicit in CPDF_ContentMarkItem.tsepez
The old SetParam() method had "maybe take ownership" semanitcs based upon the type argument. Make GetParam() handle the None case and simplify callers based upon that behaviour. Review-Url: https://codereview.chromium.org/2358043003
2016-09-21Check for overflow in CMap_GetCode.dsinclair
Given a large enough value for the character code it's possible to overflow the conversion to an int. This Cl updates the code to guard against overflow. BUG=chromium:648739 Review-Url: https://codereview.chromium.org/2358023002
2016-09-21Avoid static initializers and global variables in 'pdfium_test'.tonikitoo
This CL aims to follow up on thestig's past-land feedback receveid on https://codereview.chromium.org/2277063003/#msg15 . In order to avoid static initializers and global data declaration, CL adds a data struct named PDFiumTest_FPDF_FORMFILLINFO, which has FPDF_FORMFILLINFO as the first struct member definition. This allows the use of reinterpret_cast to/from PDFiumTest_FPDF_FORMFILLINFO and PDF_FORMFILLINFO. PDFiumTest_FPDF_FORMFILLINFO also two more struct members, 'loadedPages' and 'formHandle', which were previously global variables. Review-Url: https://codereview.chromium.org/2330043002
2016-09-21Clear LeakSanitizer's suppression listweili
We have cleared all the leaks in our code. There is no need for those suppressions. Plus, most of them are obsolete due to code refactoring. Still keep this file around so that suppressions can be added if needed in the future. BUG=pdfium:242,pdfium:260 Review-Url: https://codereview.chromium.org/2360743002
2016-09-21Make the I in IFormFiller explicitdsinclair
Typically the I prefix means Interface, except for CFFL_IFormFiller where it means Interactive. Rename CFFL_IFormFiller to CFFL_InteractiveFormFiller to make the meaning explicit. Review-Url: https://codereview.chromium.org/2357203003
2016-09-21Set up isolate in CFXJS_Engine's constructorweili
CFXJS_Engine class should always be constructed with an isolate, except for its subclasses which may need to create an isolate by themselves. Move SetIsolate() function to be protected so that only subclasses can access it. Review-Url: https://codereview.chromium.org/2354353002
2016-09-21Fix leaks related to the usage of JSE runtime dataweili
Per isolate runtime data should be deleted when the associated isolate's destructed. Also, the internal of per isolate runtime data is obscure to the JS engine. So XFA or this class itself has to be in charge of the memory management. Use smart pointer for it so that the resource could be released properly. BUG=pdfium:242 Review-Url: https://codereview.chromium.org/2354923003
2016-09-21Rename m_pApp to m_pEnvdsinclair
The m_pApp variable holds a CPDFSDK_Environment. This Cl renames the variable to be m_pEnv so as not to confuse with the various App classes that exist. Review-Url: https://codereview.chromium.org/2357293002
2016-09-21Delete unused methods in CPDF_Parsernpm
Review-Url: https://codereview.chromium.org/2353383002
2016-09-20Change protected to private in CPDF_CID2UnicodeMap and CPDF_ToUnicodeMapchromium/2867npm
Review-Url: https://codereview.chromium.org/2356603003
2016-09-20Delete unused methods and variables in CPDF_CMapManagernpm
and in CPDF_CMapParser Review-Url: https://codereview.chromium.org/2353963003
2016-09-20Delete unused GetBitMap() in fx_agg_drivernpm
Review-Url: https://codereview.chromium.org/2353143002
2016-09-20Make CPDF_Array not do indirect object creation.tsepez
We remove the indirect object holder argument and check that call sites pass ownable objects, adding a reference in one place that always was passing an indirect object. Also check that the invariant isn't violated, we need to fail here in the wild and investigate -- these are existing UAFs. Review-Url: https://codereview.chromium.org/2355083002
2016-09-20CPDF_Document friend cleanupdsinclair
Remove CPDF_Creator and CPDF_Parser as friends of CPDF_Document. Move all member variables to the private section, and add CPDF_TestDocument as a private friend. Review-Url: https://codereview.chromium.org/2349353003
2016-09-20CPDF_OCContext and CPDF_Document are no longer friendsdsinclair
Remove friendship as there doesn't appear to be anything protected that is being accessed by CPDF_OCContext. Review-Url: https://codereview.chromium.org/2355823002
2016-09-20CPDF_Document and CPDF_DataAvail are no longer friendsdsinclair
Remove the friendship between these two classes and replace with accessor methods. Review-Url: https://codereview.chromium.org/2355813002
2016-09-20Cleanup CPDFXFA and CPDF document methodsdsinclair
This CL renames and cleans up some methods that are similar between CPDF_Document and CPDFXFA_Document. Review-Url: https://codereview.chromium.org/2351673004
2016-09-20Re-land "Make CPDF_IndirectObjectHolder use unique_ptr to objects""tsepez
This reverts commit 81e1e3fd2d33478733e47bd007b76fac1a663e74. Review-Url: https://codereview.chromium.org/2353013003
2016-09-20Fix memory leaking on ClosePage.art-snake
BUG=79367, 48791 The fonts was not cleared after unloading pages. Test pdf: http://www.nasa.gov/pdf/750614main_NASA_FY_2014_Budget_Estimates-508.pdf For this file, we have ~5 fonts per page, which equal ~1 Mb per page. In this PDF we have 670 pages, as result after slow scrolling(reading) full document we have ~600 Mb fonts data in memory. Memory usage of PDF Plugin: before this CL: ~660 Mb after this CL: ~100 Mb This is last part of reverted CL: Original CL: https://codereview.chromium.org/2158023002 Revert reason: BUG=647612 Fix bug CL: https://codereview.chromium.org/2350193003 Previous CL: https://codereview.chromium.org/2350243002 Review-Url: https://codereview.chromium.org/2351193002
2016-09-20Assert that dictionary can own the objects it is given.tsepez
Upon indirect object holder destruction, all indirect objects are destroyed -- currently by order of increasing object number -- but ideally without ordering constraints. So currently, we can get away with a dictionary pointing directly at an indirect object with a higher number. It gets destroyed first, invoking Release() on its subordinates, which skips destroying them if they are indirect objects. But we don't want to rely on this artifact of destruction order. Should it happen to be reversed, the dictionary would invoke Release() on freed memory. Interestingly, CPDF_Array skirts the issue by replacing any indirect objects it is given with references. Not clear whether we should do the same thing for dictionaries, or remove it from arrays. The technique certainly complicates understanding ownership. The one violation found is in the unittest that broke the previous CL which tried to use unique_ptrs in indirect object holder. Review-Url: https://codereview.chromium.org/2353093002
2016-09-20Refactor CFX_FontCache to have only one in GE Module.art-snake
After this CL: only one global CFX_FontCache used. Any cached items from it, are released, when they are not being used. This is restore part of reverted CL: Original CL: https://codereview.chromium.org/2158023002 Revert reason: BUG=647612 Fix bug CL: https://codereview.chromium.org/2350193003 Review-Url: https://codereview.chromium.org/2350243002
2016-09-20Fix nullptr dereference in FPDF_GenerateAP().thestig
BUG=645954 Review-Url: https://codereview.chromium.org/2355733002
2016-09-20Fix stack exhaustion in CPDF_PSProc::Parse()tsepez
BUG=648059 Review-Url: https://codereview.chromium.org/2350013003
2016-09-19Revert "Make CPDF_IndirectObjectHolder use unique_ptr to objects"Tom Sepez
This reverts commit c8544d634a1993e2592e41458be215fcd0956031. TBR=dsinclair@chromium.org Review URL: https://codereview.chromium.org/2355683002 .
2016-09-19Make CPDF_IndirectObjectHolder use unique_ptr to objectstsepez
The objects it is given are owned by it and are simply deleted without regard to Release() used by others. Review-Url: https://codereview.chromium.org/2350263002
2016-09-19Remove CPDF_Object::Destroy { delete this; }chromium/2866tsepez
We can delete this just fine on our own. Review-Url: https://codereview.chromium.org/2355593002
2016-09-19Fix "heap use after free" bug.art-snake
BUG=647612 Review-Url: https://codereview.chromium.org/2350193003
2016-09-19Add fuzzer for fax codeckcwu
Review-Url: https://codereview.chromium.org/2342203006
2016-09-19Update DEPS to always pull clang.dsinclair
If the --if-needed argument is passed to the clang update script then we depend on GYP_DEFINES to be set in order to update clang. We no longer define GYP_DEFINES so we fail to update clang (or checkout clang). BUG=chromium:647380 Review-Url: https://codereview.chromium.org/2350093002
2016-09-19Clean up CPDF_Stream.tsepez
Replace the CPDF_Stream(nullptr, 0, nullptr) pattern with a default ctor. Remove unused parameters from CPDF_Stream::SetData(). Both are always passed as FALSE. CPDF_Stream declared its own m_GenNum, which shadowed the one in CPDF_Object. It was used only to distinguish file/memory streams, so add a bool explicitly for this purpose. Remove the union, it would be sad if we confused user data with a C++ object with virtual function calls. Use unique_ptrs with appropriate deleters to manage memory. Review-Url: https://codereview.chromium.org/2347993002
2016-09-19Remove dead code in CCodec_IccModulekcwu
TEST=build pdfium and chromium BUG=pdfium:599 Review-Url: https://codereview.chromium.org/2355523002
2016-09-19Revert of Pdfium: Fix fonts leaking on ClosePage. (patchset #10 id:180001 of ↵dsinclair
https://codereview.chromium.org/2158023002/ ) Reason for revert: Causes heap-use-after-free. See crbug.com/647612. Original issue's description: > Fix memory leaking on ClosePage. > CFX_FontCache refactoring: > after this CL: Only one global CFX_FontCache used. Any cached items from it, are released, when its are not used. > > BUG=79367,48791 > > The fonts was not cleared after unloading pages. > > Test pdf: > > http://www.nasa.gov/pdf/750614main_NASA_FY_2014_Budget_Estimates-508.pdf > > For this file, we have ~5 fonts per page, which equal ~1 Mb per page. > In this PDF we have 670 pages, as result after slow scrolling(reading) full document we have ~600 Mb fonts data in memory. > > memory usage of PDF Plugin: > before this CL: ~660 Mb > after this CL: ~100 Mb > > Committed: https://pdfium.googlesource.com/pdfium/+/cde5101eb15b24519e89fa500fe37038bc8e2201 TBR=tsepez@chromium.org,brucedawson@chromium.org,npm@chromium.org,art-snake@yandex-team.ru # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=79367,48791 Review-Url: https://codereview.chromium.org/2350763002
2016-09-19Remove duplicated charset definitions, and move them to fx_font.hnpm
PWL_FontMap does not need its own charset definitions. fx_edit.h does not need to define DEFAULT_CHARSET. XFA have their own definitions. They look different in that most are MAC or MSWin charset definitions. So they are left untouched. public/fpdf_sysfontinfo.h duplicate ones were left untouched due to being in public folder. Review-Url: https://codereview.chromium.org/2347313002
2016-09-19Fix compare between signed and unsigned values in ↵stackexploit
CPDF_ImageRenderer::StartDIBSource. Correct the compare logic in CPDF_ImageRenderer::StartDIBSource() by using size_t instead of int. BUG=chromium:645036 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2323663002
2016-09-19Avoid nullptr access in sycc422_to_rgb and sycc420_to_rgbstackexploit
BUG=648127 Review-Url: https://codereview.chromium.org/2351623002
2016-09-16Reduce duplicated code in CPDF_Document by adding auxiliary methodschromium/2865chromium/2864chromium/2863npm
ProcessbCJK and CalculateFontDesc methods are used to reduce the code duplication between AddFont and AddWindowsFont methods. Review-Url: https://codereview.chromium.org/2341373003
2016-09-15Fix memory leaking on ClosePage.chromium/2862art-snake
CFX_FontCache refactoring: after this CL: Only one global CFX_FontCache used. Any cached items from it, are released, when its are not used. BUG=79367,48791 The fonts was not cleared after unloading pages. Test pdf: http://www.nasa.gov/pdf/750614main_NASA_FY_2014_Budget_Estimates-508.pdf For this file, we have ~5 fonts per page, which equal ~1 Mb per page. In this PDF we have 670 pages, as result after slow scrolling(reading) full document we have ~600 Mb fonts data in memory. memory usage of PDF Plugin: before this CL: ~660 Mb after this CL: ~100 Mb Review-Url: https://codereview.chromium.org/2158023002
2016-09-15Add string pools to save storage.tsepez
Adds string hashes so CFX strings will interoperate with STL unordered containers. These will be employed per-document in a subsequent cl. BUG=pdfium:597 Review-Url: https://codereview.chromium.org/2341683005
2016-09-15Use either /RECT or /QuadPoints for annotation coordinates, depending on /APtonikitoo
On Acrobat, if "/AP" is present on a text markup definition, the coordinates used to draw the annotation come from "/Rect values, whereas if "/AP" is not defined, the array defined in /QuadPoints is used to grab the annotation coordinates from. PDFium, on the other hand, uses "/Rect" regardless of presence or absence of "/AP". CL fixes PDFium to work similarly to Acrobat, in this case. TEST=testing/resources/pixel/bug_585_*.in BUG=pdfium:585 Review-Url: https://codereview.chromium.org/2289293005
2016-09-15Use ToUnicode mapping even when unicode is 0.npm
CPDF_Font::UnicodeFromCharcode returns 0 only if ToUnicode map maps the charcode to 0. CPDF_SimpleFont::UnicodeFromCharcode and CPDF_CID_Font:: UnicodeFromCharCode return 0 only if the call to CPDF_Font returns 0. In other cases, these methods return an empty string. So when processing text, a 0 return from the method should not be replaced with the charcode. BUG=pdfium:583 Review-Url: https://codereview.chromium.org/2342073002