Age | Commit message (Collapse) | Author |
|
Found by libfuzzer
Review-Url: https://codereview.chromium.org/2362813002
|
|
Handle the case that GrowNamedColorList return fail when list is too
long. Otherwise the loop never ends.
Found by libfuzzer
Review-Url: https://codereview.chromium.org/2365663002
|
|
This gives additional protection in case of re-entry. Also
make CFX_CountRef more robust in face of errors.
BUG=649229
Review-Url: https://codereview.chromium.org/2364673002
|
|
More instances of CPDFSDK_Environment being called m_pApp in the code. Renamed
to m_pEnv to be clear that it's the environment not an app object.
Review-Url: https://codereview.chromium.org/2354413002
|
|
Use smart pointers for FXJS_PerIsolateData owned member variables. Also
move creation and deletion of dynamic object map into
FXJS_PerIsolateData's constructor and destructor. Overall, the
interfaces and memory management should be simpler.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2358343002
|
|
Review-Url: https://codereview.chromium.org/2362623002
|
|
This CL moves the code from the .h file into the .cpp file.
Review-Url: https://codereview.chromium.org/2354363003
|
|
Also, it's idempotent, so simplify some logic in callers to
not care if objnum is zero.
The alternate forms are rarely used, using the objnum form
makes it clear that SetReferenceFor() can't possibly register
the object as a side-effect.
Review-Url: https://codereview.chromium.org/2361713002
|
|
win_xfa_clang bot was marked as experimental due to
https://crbug.com/626120 which was fixed a while ago.
Now no longer need to keep it as experimental.
Review-Url: https://codereview.chromium.org/2363603002
|
|
Review-Url: https://codereview.chromium.org/2358243002
|
|
The old SetParam() method had "maybe take ownership" semanitcs
based upon the type argument.
Make GetParam() handle the None case and simplify callers
based upon that behaviour.
Review-Url: https://codereview.chromium.org/2358043003
|
|
Given a large enough value for the character code it's possible to overflow
the conversion to an int. This Cl updates the code to guard against overflow.
BUG=chromium:648739
Review-Url: https://codereview.chromium.org/2358023002
|
|
This CL aims to follow up on thestig's past-land feedback
receveid on https://codereview.chromium.org/2277063003/#msg15 .
In order to avoid static initializers and global data
declaration, CL adds a data struct named PDFiumTest_FPDF_FORMFILLINFO,
which has FPDF_FORMFILLINFO as the first struct member definition.
This allows the use of reinterpret_cast to/from
PDFiumTest_FPDF_FORMFILLINFO and PDF_FORMFILLINFO.
PDFiumTest_FPDF_FORMFILLINFO also two more struct members,
'loadedPages' and 'formHandle', which were previously global
variables.
Review-Url: https://codereview.chromium.org/2330043002
|
|
We have cleared all the leaks in our code. There is no need for
those suppressions. Plus, most of them are obsolete due to code
refactoring.
Still keep this file around so that suppressions can be added if needed
in the future.
BUG=pdfium:242,pdfium:260
Review-Url: https://codereview.chromium.org/2360743002
|
|
Typically the I prefix means Interface, except for CFFL_IFormFiller where it
means Interactive. Rename CFFL_IFormFiller to CFFL_InteractiveFormFiller to
make the meaning explicit.
Review-Url: https://codereview.chromium.org/2357203003
|
|
CFXJS_Engine class should always be constructed with an isolate, except
for its subclasses which may need to create an isolate by themselves.
Move SetIsolate() function to be protected so that only subclasses can
access it.
Review-Url: https://codereview.chromium.org/2354353002
|
|
Per isolate runtime data should be deleted when the associated
isolate's destructed.
Also, the internal of per isolate runtime data is obscure to the JS
engine. So XFA or this class itself has to be in charge of the memory
management. Use smart pointer for it so that the resource
could be released properly.
BUG=pdfium:242
Review-Url: https://codereview.chromium.org/2354923003
|
|
The m_pApp variable holds a CPDFSDK_Environment. This Cl renames the variable
to be m_pEnv so as not to confuse with the various App classes that exist.
Review-Url: https://codereview.chromium.org/2357293002
|
|
Review-Url: https://codereview.chromium.org/2353383002
|
|
Review-Url: https://codereview.chromium.org/2356603003
|
|
and in CPDF_CMapParser
Review-Url: https://codereview.chromium.org/2353963003
|
|
Review-Url: https://codereview.chromium.org/2353143002
|
|
We remove the indirect object holder argument and check that
call sites pass ownable objects, adding a reference in one
place that always was passing an indirect object.
Also check that the invariant isn't violated, we need to fail
here in the wild and investigate -- these are existing UAFs.
Review-Url: https://codereview.chromium.org/2355083002
|
|
Remove CPDF_Creator and CPDF_Parser as friends of CPDF_Document. Move all
member variables to the private section, and add CPDF_TestDocument as a
private friend.
Review-Url: https://codereview.chromium.org/2349353003
|
|
Remove friendship as there doesn't appear to be anything protected that is
being accessed by CPDF_OCContext.
Review-Url: https://codereview.chromium.org/2355823002
|
|
Remove the friendship between these two classes and replace with accessor
methods.
Review-Url: https://codereview.chromium.org/2355813002
|
|
This CL renames and cleans up some methods that are similar between
CPDF_Document and CPDFXFA_Document.
Review-Url: https://codereview.chromium.org/2351673004
|
|
This reverts commit 81e1e3fd2d33478733e47bd007b76fac1a663e74.
Review-Url: https://codereview.chromium.org/2353013003
|
|
BUG=79367, 48791
The fonts was not cleared after unloading pages.
Test pdf: http://www.nasa.gov/pdf/750614main_NASA_FY_2014_Budget_Estimates-508.pdf
For this file, we have ~5 fonts per page, which equal ~1 Mb per page.
In this PDF we have 670 pages, as result after slow scrolling(reading) full document we have ~600 Mb fonts data in memory.
Memory usage of PDF Plugin:
before this CL: ~660 Mb
after this CL: ~100 Mb
This is last part of reverted CL:
Original CL: https://codereview.chromium.org/2158023002
Revert reason: BUG=647612
Fix bug CL: https://codereview.chromium.org/2350193003
Previous CL: https://codereview.chromium.org/2350243002
Review-Url: https://codereview.chromium.org/2351193002
|
|
Upon indirect object holder destruction, all indirect
objects are destroyed -- currently by order of increasing
object number -- but ideally without ordering constraints.
So currently, we can get away with a dictionary pointing
directly at an indirect object with a higher number. It
gets destroyed first, invoking Release() on its subordinates,
which skips destroying them if they are indirect objects. But
we don't want to rely on this artifact of destruction
order. Should it happen to be reversed, the dictionary
would invoke Release() on freed memory.
Interestingly, CPDF_Array skirts the issue by replacing
any indirect objects it is given with references. Not
clear whether we should do the same thing for dictionaries,
or remove it from arrays. The technique certainly
complicates understanding ownership.
The one violation found is in the unittest that broke the
previous CL which tried to use unique_ptrs in indirect
object holder.
Review-Url: https://codereview.chromium.org/2353093002
|
|
After this CL: only one global CFX_FontCache used. Any cached items
from it, are released, when they are not being used.
This is restore part of reverted CL:
Original CL: https://codereview.chromium.org/2158023002
Revert reason: BUG=647612
Fix bug CL: https://codereview.chromium.org/2350193003
Review-Url: https://codereview.chromium.org/2350243002
|
|
BUG=645954
Review-Url: https://codereview.chromium.org/2355733002
|
|
BUG=648059
Review-Url: https://codereview.chromium.org/2350013003
|
|
This reverts commit c8544d634a1993e2592e41458be215fcd0956031.
TBR=dsinclair@chromium.org
Review URL: https://codereview.chromium.org/2355683002 .
|
|
The objects it is given are owned by it and are simply
deleted without regard to Release() used by others.
Review-Url: https://codereview.chromium.org/2350263002
|
|
We can delete this just fine on our own.
Review-Url: https://codereview.chromium.org/2355593002
|
|
BUG=647612
Review-Url: https://codereview.chromium.org/2350193003
|
|
Review-Url: https://codereview.chromium.org/2342203006
|
|
If the --if-needed argument is passed to the clang update script then we depend
on GYP_DEFINES to be set in order to update clang. We no longer define
GYP_DEFINES so we fail to update clang (or checkout clang).
BUG=chromium:647380
Review-Url: https://codereview.chromium.org/2350093002
|
|
Replace the CPDF_Stream(nullptr, 0, nullptr) pattern with
a default ctor.
Remove unused parameters from CPDF_Stream::SetData(). Both
are always passed as FALSE.
CPDF_Stream declared its own m_GenNum, which shadowed the one
in CPDF_Object. It was used only to distinguish file/memory
streams, so add a bool explicitly for this purpose.
Remove the union, it would be sad if we confused user data
with a C++ object with virtual function calls.
Use unique_ptrs with appropriate deleters to manage memory.
Review-Url: https://codereview.chromium.org/2347993002
|
|
TEST=build pdfium and chromium
BUG=pdfium:599
Review-Url: https://codereview.chromium.org/2355523002
|
|
https://codereview.chromium.org/2158023002/ )
Reason for revert:
Causes heap-use-after-free. See crbug.com/647612.
Original issue's description:
> Fix memory leaking on ClosePage.
> CFX_FontCache refactoring:
> after this CL: Only one global CFX_FontCache used. Any cached items from it, are released, when its are not used.
>
> BUG=79367,48791
>
> The fonts was not cleared after unloading pages.
>
> Test pdf:
>
> http://www.nasa.gov/pdf/750614main_NASA_FY_2014_Budget_Estimates-508.pdf
>
> For this file, we have ~5 fonts per page, which equal ~1 Mb per page.
> In this PDF we have 670 pages, as result after slow scrolling(reading) full document we have ~600 Mb fonts data in memory.
>
> memory usage of PDF Plugin:
> before this CL: ~660 Mb
> after this CL: ~100 Mb
>
> Committed: https://pdfium.googlesource.com/pdfium/+/cde5101eb15b24519e89fa500fe37038bc8e2201
TBR=tsepez@chromium.org,brucedawson@chromium.org,npm@chromium.org,art-snake@yandex-team.ru
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=79367,48791
Review-Url: https://codereview.chromium.org/2350763002
|
|
PWL_FontMap does not need its own charset definitions. fx_edit.h does
not need to define DEFAULT_CHARSET. XFA have their own definitions.
They look different in that most are MAC or MSWin charset definitions.
So they are left untouched. public/fpdf_sysfontinfo.h duplicate ones
were left untouched due to being in public folder.
Review-Url: https://codereview.chromium.org/2347313002
|
|
CPDF_ImageRenderer::StartDIBSource.
Correct the compare logic in CPDF_ImageRenderer::StartDIBSource() by using size_t instead of int.
BUG=chromium:645036
R=ochang@chromium.org
Review-Url: https://codereview.chromium.org/2323663002
|
|
BUG=648127
Review-Url: https://codereview.chromium.org/2351623002
|
|
ProcessbCJK and CalculateFontDesc methods are used to reduce the code
duplication between AddFont and AddWindowsFont methods.
Review-Url: https://codereview.chromium.org/2341373003
|
|
CFX_FontCache refactoring:
after this CL: Only one global CFX_FontCache used. Any cached items from it, are released, when its are not used.
BUG=79367,48791
The fonts was not cleared after unloading pages.
Test pdf:
http://www.nasa.gov/pdf/750614main_NASA_FY_2014_Budget_Estimates-508.pdf
For this file, we have ~5 fonts per page, which equal ~1 Mb per page.
In this PDF we have 670 pages, as result after slow scrolling(reading) full document we have ~600 Mb fonts data in memory.
memory usage of PDF Plugin:
before this CL: ~660 Mb
after this CL: ~100 Mb
Review-Url: https://codereview.chromium.org/2158023002
|
|
Adds string hashes so CFX strings will interoperate with
STL unordered containers.
These will be employed per-document in a subsequent cl.
BUG=pdfium:597
Review-Url: https://codereview.chromium.org/2341683005
|
|
On Acrobat, if "/AP" is present on a text markup definition,
the coordinates used to draw the annotation come from "/Rect
values, whereas if "/AP" is not defined, the array defined
in /QuadPoints is used to grab the annotation coordinates from.
PDFium, on the other hand, uses "/Rect" regardless of
presence or absence of "/AP".
CL fixes PDFium to work similarly to Acrobat, in this case.
TEST=testing/resources/pixel/bug_585_*.in
BUG=pdfium:585
Review-Url: https://codereview.chromium.org/2289293005
|
|
CPDF_Font::UnicodeFromCharcode returns 0 only if ToUnicode map maps the
charcode to 0. CPDF_SimpleFont::UnicodeFromCharcode and CPDF_CID_Font::
UnicodeFromCharCode return 0 only if the call to CPDF_Font returns 0.
In other cases, these methods return an empty string. So when
processing text, a 0 return from the method should not be replaced
with the charcode.
BUG=pdfium:583
Review-Url: https://codereview.chromium.org/2342073002
|