summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-01-26Fix CSS fuzzer input sizeDan Sinclair
Currently we use the size provided by clusterfuzz when initializing the css syntax parser. This maybe incorrect as the CFX_WideString may have a different count after converting to UTF. Use the wide string length instead of the provided size. We need to guard against strings that convert to blank when doing the wide conversion so add an early exit. BUG=682551 Change-Id: I3e014647fcf869681098a1b4446306b8b3eb9323 Reviewed-on: https://pdfium-review.googlesource.com/2391 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-25Calculate code_store safely in CGifLZWDecoder::DecodeNicolas Pena
BUG=682628 Change-Id: I8e88cc0c8392b078afb73f9549ea4dea9a5717fd Reviewed-on: https://pdfium-review.googlesource.com/2390 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-25Prevent skew overflows in gtTileContigNicolas Pena
Using int64 to check whether uint32 operations have overflowed. BUG=681300 Change-Id: I4470d34f2e5e61c0bf96f1c8587cdb7805afe87b Reviewed-on: https://pdfium-review.googlesource.com/2355 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-25Remove last usage of IFX_Retainable.chromium/2993Tom Sepez
Change-Id: Id2ece818c80e8cce4748b9a237871131a7acd6d1 Reviewed-on: https://pdfium-review.googlesource.com/2354 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-25Use opj_uint_ceildiv where it is better than its int versionNicolas Pena
Replaced (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)a, (OPJ_INT32) b) with opj_uint_ceildiv(a, b), which makes much more sense. BUG=683156 Change-Id: Ie9d6736f4ec0f16d14f203850a14f0dabd73ee38 Reviewed-on: https://pdfium-review.googlesource.com/2352 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-24Use std::vector for fx_ucd.h arrays.chromium/2992tsepez
Review-Url: https://codereview.chromium.org/2650773003
2017-01-24Fixup coverage builddsinclair
The original coverage CL made the unittests build correclty with coverage but the code in samples/ builds differently. This CL fixes coverage for pdfium_diff and pdfium_test code. Review-Url: https://codereview.chromium.org/2649403003
2017-01-24No need to define SK_SCALAR_IS_FLOAThalcanary
This is already the default value and is the only supported case. Review-Url: https://codereview.chromium.org/2657453005
2017-01-24Replace some loose (ptr, len) pairs with CFX_ByteStringC in fpdfapi.tsepez
These separate scalars are an anti-pattern given the ability to pass a single entity and later operate on it sensibly. Review-Url: https://codereview.chromium.org/2652033002
2017-01-24Make Gerrit the default for pdfium code reviewsAaron Gable
BUG=665583 Change-Id: Iab5637716f168c290cc58fe85711c29dc7c29a7d Reviewed-on: https://pdfium-review.googlesource.com/2290 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Aaron Gable <agable@chromium.org>
2017-01-24Undefined shift in CPDF_PSEngine::DoOperatortsepez
Also fix an unsafe negation in same block. BUG=641551 BUG=681091 Review-Url: https://codereview.chromium.org/2649283002
2017-01-24Check m_data!=null when adding mctNicolas Pena
m_decorrelation_array and m_offset_array can be assigned to l_mct_data, which can be set in opj_j2k_read_mct. In this method, there can be an early true return before allocating m_data but after freeing it. BUG=678342 Change-Id: Id9ea3cc57a9a278deb1540e5db8a94db86018fd6 Reviewed-on: https://pdfium-review.googlesource.com/2350 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-24Fix CPDF_InterForm::CheckRequiredFields and its callers.Nicolas Pena
The method is used twice in fpdfsdk/cpdfsdk_interform.cpp and twice in fpdfsdk/javascript/Document.cpp, but not in a compatible way. Changed the method so that it now returns true when checks pass, which is the more natural thing to do, considering the name of the method. BUG=pdfium:659 Change-Id: Iacf3049f328df1d4db3fbfc995acf184230ebf48 Reviewed-on: https://pdfium-review.googlesource.com/2297 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-24Track CFDE_CSSComputedStyle with retained ptrsDan Sinclair
Remove the bare new and use CFX_RetainPtr to keep track of the computed styles. Change-Id: Icf235623529797176707482c78676814b7a81b9e Reviewed-on: https://pdfium-review.googlesource.com/2292 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-24Cleanup memory in CFDE_CSSRuleCollectionDan Sinclair
This Cl cleans up the memory for the CFDE_CSSRuleCollection::Data parameter. Change-Id: I449ffdeebdc6463bf68b991fffecdc6cf0b25362 Reviewed-on: https://pdfium-review.googlesource.com/2296 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-24Remove ID, Class and Universal selector codeDan Sinclair
The UA style defined in CXFA_TextParser does not specify any ID, Class or Universal selectors. Remove related code. Change-Id: I9f2d760ee86f309a9cfa8a0f1f3e3dd7a15ef4c8 Reviewed-on: https://pdfium-review.googlesource.com/2295 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-24Use std::vector for CFX_RectF arraystsepez
Review-Url: https://codereview.chromium.org/2653743002
2017-01-24Remove CSS Pseudo parsingDan Sinclair
We always match against the pseudo type NONE when matching selectors, so we never end up using any pseudo selectors. This CL removes the pseudo selector parsing code. Change-Id: I7831d12dfff3a6f1dc98ff8e1d63c1090775562c Reviewed-on: https://pdfium-review.googlesource.com/2294 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-23Fix bug found by fuzzer in A85 encoder (bad shift).rbpotter
A85 encoder is not called yet; fix before adding calls to this code in Chromium. BUG=682550 Review-Url: https://codereview.chromium.org/2649263002
2017-01-23Remove obsolete include of build_overrides/v8.gnichromium/2991brettw
This file is no longer needed. BUG=684096 Review-Url: https://codereview.chromium.org/2657433002
2017-01-23Update safe numerics package to get bitwise opstsepez
Fix callers conventions to avoid ambiguity. Fix bad bounds check unmasked by change. Directly include headers no longer pulled in by numerics itself. Review-Url: https://codereview.chromium.org/2640143003
2017-01-23Remove unused author and and user stylesheetsDan Sinclair
We only load atyles from the CXFA_TextParser which loads a static UserAgent stylesheet. This CL removes the User and Author styles from the system and simplifies the storage of the stylesheets. Change-Id: I7abcf39333655f8dd6bc2cfe685c8cf73b779c7d Reviewed-on: https://pdfium-review.googlesource.com/2293 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-23Cleanup CSS parsingDan Sinclair
This Cl removes unused CSS parsing code. The only caller of CFDE_CSSStyleSheet::LoadeBuffer is from CXFA_TextParser which provides a static string. So, we know there are no Media rules, Import rules, FontFace rules or Page rules in the input style. These rules are also not allowed in inline styles. This CL removes the supporting code. Change-Id: I3a559352b2dd0769c465cbd3da40d1db5f9577b0 Reviewed-on: https://pdfium-review.googlesource.com/2330 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-23Replace CXFA_StrokeArray and CXFA_WidgetArray with std::vectortsepez
Review-Url: https://codereview.chromium.org/2648773003
2017-01-23Remove some |void Release() { delete this; }| anti-pattern.tsepez
m_pSyntaxParser was unused. Review-Url: https://codereview.chromium.org/2646203002
2017-01-20Replace CFX_ByteArray with CFX_ArrayTemplate<uint8_t>chromium/2990chromium/2989chromium/2988tsepez
Also replace CFX_Int32Array typedef with CFX_ArrayTemplate<int32_t>. Removing the typedefs makes subsequent conversion to std::vector<> easier on a case-by-case basis. Review-Url: https://codereview.chromium.org/2649563003
2017-01-20Remove CFX_Points, CFX_PointsF in favor of std::vectortsepez
CFX_Points was unused. Review-Url: https://codereview.chromium.org/2645523006
2017-01-19Add ObservedPtrs to PWL_CREATEPARAMDan Sinclair
It's possible for both the provider and attached widget to be destroyed before the PWL_CREATEPARAM objects which point to them. This causes issues when those widgets access their attached widget or provider. This CL wraps the pAttachedWidget and pProvider into ObservedPtrs so we will know if the underlying pointer has gone away. BUG=chromium:681351 Change-Id: Ib40445be9487dc3e89a66bb7407abdeed7d2c946 Reviewed-on: https://pdfium-review.googlesource.com/2270 Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-19Fix leak in PixarLogSetupDecodeNicolas Pena
The call may come from TIFFReadRGBAImageOriented, and there no cleanup is done. So free the memory allocation on failure. BUG=681301 Change-Id: I4ac7db03d18eddd3117649ca185dffdcc9189870 Reviewed-on: https://pdfium-review.googlesource.com/2252 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-19Return error in opj_j2k_read_header_procedure if l_marker_size < 2Nicolas Pena
If we do not do this check, it will overflow to a huge unsigned int, so we will allocate a lot of memory etc. BUG=682182 Change-Id: I24b6654860c43e5d4deea753868b9d842f859cff Reviewed-on: https://pdfium-review.googlesource.com/2272 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-19Split fde/css files into individual class files.Dan Sinclair
This CL splits the files in xfa/fde/css into class per file and renames any needed files to match the class names. Update some of the classes to use std::stack. Change-Id: I4eca0fb3556d949a15a873bb0f0fd732f47e4fb1 Reviewed-on: https://pdfium-review.googlesource.com/2253 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-01-19use unique_ptr in fpdf_font_cid.cpptsepez
Also return CFX_MaybeOwned<> from functions so to make cleanup automatic, avoiding a theoretical leak. Review-Url: https://codereview.chromium.org/2641853004
2017-01-18Tidy FXJS_V8, backfill tests.chromium/2986tsepez
Move checks performed as part of JS_Value's object and array handling back into FXJS, to ease removal of JS_Value in the future. Remove some convenience routines in FXJS for objects, to shrink API to be covered during testing. Change some naming (number => double, string => widestring) to make it clearer when there is a C++ type involved. BUG= Review-Url: https://codereview.chromium.org/2637503002
2017-01-18use unique_ptr in xfa_checksum.htsepez
Review-Url: https://codereview.chromium.org/2613143002
2017-01-18Bad indexing in CPDF_Document::FindPageIndex when page tree corrupt.tsepez
Moving to std::vector from the more forgiving CFX_ArrayTemplate revealed the dubious page tree traversal, which depends on the correctness of the /Count entries to properly summarize the total descendants under a given node. The only "correct" thing to do is to throw away these counts as parsed, and re-compute them, perhaps in CountPages(). But I'm not willing to do that since it may break unknown documents in the wild. Pass out-params as pointers while we're at it. BUG=680376 Review-Url: https://codereview.chromium.org/2636403003
2017-01-18Split CFDE_CSSPrimitiveValue apartDan Sinclair
This CL splits the CFDE_CSSPrimitiveValue class into individual classes per value type. This moves the numeric itypes out of the FDE_CSSPrimitiveType list and creates a new CFDE_CSSNumberType list. Change-Id: I6f55e9e3509de7ff1e82dcf018a1f1c472565e54 Reviewed-on: https://pdfium-review.googlesource.com/2250 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-18Convert CSS mode stack to std::stackDan Sinclair
This CL converts the css syntax parser to use a std::stack instead of a custom CFX stack. Change-Id: I650c8340693d3608b9264bbf887f1d14847cb68f Reviewed-on: https://pdfium-review.googlesource.com/2218 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-01-18Remove unused syntax parser initialize method.Dan Sinclair
This Cl removes the stream initializer from the FDE CSS parser. The only consumer was the css fuzzer. The fuzzer has been moved to use the string initializer to match the rest of the code. Change-Id: I65445af1159058b7c71d5e1d7c12e60383da6dbd Reviewed-on: https://pdfium-review.googlesource.com/2217 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-18Remove unused codePage and URL code.Dan Sinclair
These methods are never called, removed. Change-Id: I47930c209229c9e50effc433579809b882cd2dc9 Reviewed-on: https://pdfium-review.googlesource.com/2215 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-18Remove GetDeclImp methods in favour of GetDeclarationDan Sinclair
Change-Id: I245d755814123f351a661bda1f38eaa96d4e68ae Reviewed-on: https://pdfium-review.googlesource.com/2214 Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-17Stop using Encoding array to get unicode from charcode in Type 3 fontschromium/2985npm
We should not fill out the m_Encoding for Type3 fonts. This way, we stop getting garbage characters from text extraction. Guessing that unicode == charcode (in the absence of ToUnicode) is our best bet. BUG=pdfium:642 Review-Url: https://codereview.chromium.org/2643543002
2017-01-17More css parser tests; more memory fixes.Dan Sinclair
Change-Id: I929b00204e05eea71c6fd4d52e480cc9c6d6018e Reviewed-on: https://pdfium-review.googlesource.com/2230 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-17Start CSS parser unit testsDan Sinclair
Start adding unit tests for the css parser. Fixup memory leaks that are exposed by the tests. Change-Id: Id863d9cd5f13ab82626bc7b945de925253c88d43 Reviewed-on: https://pdfium-review.googlesource.com/2180 Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-17Add optional coverage flags to buildDan Sinclair
This CL allows generating coverage information for the source files. By adding use_coverage=true to the GN build settings clang will generate .gcno files for each source file and executing the binary will generate a .gcda file for each source file. Those files can then be processed by llvm-cov to generate .gcov reports for each source file. i.e. (assuming use_coverage=true is set for out/coverage) * ninja -C out/coverage pdfium_unittests * cd out/coverage * find obj -name "*.o" -exec llvm-cov -af -stats {} > d.out \; There should now be .gcov files for each source file in the out/coverage directory. Note, llvm-gcov may have a different name or syntax on your machine. Change-Id: I7379579f5f20a5b8b2f3a3b409b868bba4b4d74d Reviewed-on: https://pdfium-review.googlesource.com/2216 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-17Avoid endless loop deleting CFGAS_GEFont.tsepez
It's a ref-counted class, so if we're in the destructor, the ref count has hit zero. We can't make a new ref pointer to itself here, as it will re-invoke the destructor when it goes out of scope. This should have been an obvious anti-pattern in hindsight. The object in question can't be in the m_pFontManager, since the font manager retains a reference, and we wouldn't get to this destructor while that is present. So the cleanup isn't required. Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp. I also converted to use unique_ptrs in a few places near this issue. Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr is not a good idea as it doesn't bump the ref count. Also protect and friend the CFGAS_GEFont destructor, to make sure random deletes don't happen. Also kill off a const cast, and remove unnecessary conversion to retain_ptr when we already have one. TEST=look for absence of -11 in XFA corpus test logs, bots not currently noticing the segv. Argh. Review-Url: https://codereview.chromium.org/2631703003
2017-01-17Rename FDE_CSSRECT and FDE_CSSLENGTHDan Sinclair
This Cl converts the names to FDE_CSSRect and FDE_CSSLength to better match other parts of the code base. Change-Id: I33367ae3d93d912755671486d6d5317cddbc4f62 Reviewed-on: https://pdfium-review.googlesource.com/2179 Commit-Queue: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-16Return early when gif_img_row_bytes is 0chromium/2984Nicolas Pena
We can get into a loop when gif_img_row_bytes is 0 since Decode will return 3 when the second parameter is 0, and there is a while(ret!=0). BUG=681170 Change-Id: I63502a8487c07030fce2373f74cec6b4f0c98297 Reviewed-on: https://pdfium-review.googlesource.com/2211 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-16Check blue,green,red bit count in bmp_decode_rgbNicolas Pena
If the values are going to overflow, return error code, which seems to be 2. BUG=668822 Change-Id: I89b3fcf277e98d65b8c3438e6d9bb84fe62a8de9 Reviewed-on: https://pdfium-review.googlesource.com/2213 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-16Replace remaining CSS interfaces with concrete classesDan Sinclair
This Cl moves IFDE_CSSValue and IFDE_CSSRule to concrete classes and moves the holding of the type into the base class. Change-Id: Iea29cc55256dd2183b60ca8711367d5dc8daaa24 Reviewed-on: https://pdfium-review.googlesource.com/2178 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-16Remove IFDE_CSS interfaces which are only implemented once.Dan Sinclair
This CL cleans up some interface classes from FDE CSS. Change-Id: I975e5d63f8ae6a0bc7bb849b6f11f0ae43092e4d Reviewed-on: https://pdfium-review.googlesource.com/2177 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>