Age | Commit message (Collapse) | Author |
|
Currently we use the size provided by clusterfuzz when initializing the
css syntax parser. This maybe incorrect as the CFX_WideString may have a
different count after converting to UTF. Use the wide string length instead
of the provided size.
We need to guard against strings that convert to blank when doing the wide
conversion so add an early exit.
BUG=682551
Change-Id: I3e014647fcf869681098a1b4446306b8b3eb9323
Reviewed-on: https://pdfium-review.googlesource.com/2391
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
BUG=682628
Change-Id: I8e88cc0c8392b078afb73f9549ea4dea9a5717fd
Reviewed-on: https://pdfium-review.googlesource.com/2390
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Using int64 to check whether uint32 operations have overflowed.
BUG=681300
Change-Id: I4470d34f2e5e61c0bf96f1c8587cdb7805afe87b
Reviewed-on: https://pdfium-review.googlesource.com/2355
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: Id2ece818c80e8cce4748b9a237871131a7acd6d1
Reviewed-on: https://pdfium-review.googlesource.com/2354
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Replaced (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)a, (OPJ_INT32) b) with
opj_uint_ceildiv(a, b), which makes much more sense.
BUG=683156
Change-Id: Ie9d6736f4ec0f16d14f203850a14f0dabd73ee38
Reviewed-on: https://pdfium-review.googlesource.com/2352
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2650773003
|
|
The original coverage CL made the unittests build correclty with coverage but
the code in samples/ builds differently. This CL fixes coverage for pdfium_diff
and pdfium_test code.
Review-Url: https://codereview.chromium.org/2649403003
|
|
This is already the default value and is the only supported case.
Review-Url: https://codereview.chromium.org/2657453005
|
|
These separate scalars are an anti-pattern given the ability to pass a single entity and later operate on it sensibly.
Review-Url: https://codereview.chromium.org/2652033002
|
|
BUG=665583
Change-Id: Iab5637716f168c290cc58fe85711c29dc7c29a7d
Reviewed-on: https://pdfium-review.googlesource.com/2290
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Aaron Gable <agable@chromium.org>
|
|
Also fix an unsafe negation in same block.
BUG=641551
BUG=681091
Review-Url: https://codereview.chromium.org/2649283002
|
|
m_decorrelation_array and m_offset_array can be assigned to l_mct_data,
which can be set in opj_j2k_read_mct. In this method, there can be an
early true return before allocating m_data but after freeing it.
BUG=678342
Change-Id: Id9ea3cc57a9a278deb1540e5db8a94db86018fd6
Reviewed-on: https://pdfium-review.googlesource.com/2350
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The method is used twice in fpdfsdk/cpdfsdk_interform.cpp and twice in
fpdfsdk/javascript/Document.cpp, but not in a compatible way. Changed
the method so that it now returns true when checks pass, which is the
more natural thing to do, considering the name of the method.
BUG=pdfium:659
Change-Id: Iacf3049f328df1d4db3fbfc995acf184230ebf48
Reviewed-on: https://pdfium-review.googlesource.com/2297
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Remove the bare new and use CFX_RetainPtr to keep track of the computed styles.
Change-Id: Icf235623529797176707482c78676814b7a81b9e
Reviewed-on: https://pdfium-review.googlesource.com/2292
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl cleans up the memory for the CFDE_CSSRuleCollection::Data parameter.
Change-Id: I449ffdeebdc6463bf68b991fffecdc6cf0b25362
Reviewed-on: https://pdfium-review.googlesource.com/2296
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The UA style defined in CXFA_TextParser does not specify any ID, Class or
Universal selectors. Remove related code.
Change-Id: I9f2d760ee86f309a9cfa8a0f1f3e3dd7a15ef4c8
Reviewed-on: https://pdfium-review.googlesource.com/2295
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2653743002
|
|
We always match against the pseudo type NONE when matching selectors, so we
never end up using any pseudo selectors. This CL removes the pseudo selector
parsing code.
Change-Id: I7831d12dfff3a6f1dc98ff8e1d63c1090775562c
Reviewed-on: https://pdfium-review.googlesource.com/2294
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
A85 encoder is not called yet; fix before adding
calls to this code in Chromium.
BUG=682550
Review-Url: https://codereview.chromium.org/2649263002
|
|
This file is no longer needed.
BUG=684096
Review-Url: https://codereview.chromium.org/2657433002
|
|
Fix callers conventions to avoid ambiguity.
Fix bad bounds check unmasked by change.
Directly include headers no longer pulled in by numerics itself.
Review-Url: https://codereview.chromium.org/2640143003
|
|
We only load atyles from the CXFA_TextParser which loads a static UserAgent
stylesheet. This CL removes the User and Author styles from the system
and simplifies the storage of the stylesheets.
Change-Id: I7abcf39333655f8dd6bc2cfe685c8cf73b779c7d
Reviewed-on: https://pdfium-review.googlesource.com/2293
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl removes unused CSS parsing code. The only caller of
CFDE_CSSStyleSheet::LoadeBuffer is from CXFA_TextParser which provides a static
string. So, we know there are no Media rules, Import rules, FontFace rules or
Page rules in the input style. These rules are also not allowed in inline
styles. This CL removes the supporting code.
Change-Id: I3a559352b2dd0769c465cbd3da40d1db5f9577b0
Reviewed-on: https://pdfium-review.googlesource.com/2330
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2648773003
|
|
m_pSyntaxParser was unused.
Review-Url: https://codereview.chromium.org/2646203002
|
|
Also replace CFX_Int32Array typedef with CFX_ArrayTemplate<int32_t>.
Removing the typedefs makes subsequent conversion to std::vector<>
easier on a case-by-case basis.
Review-Url: https://codereview.chromium.org/2649563003
|
|
CFX_Points was unused.
Review-Url: https://codereview.chromium.org/2645523006
|
|
It's possible for both the provider and attached widget to be destroyed before
the PWL_CREATEPARAM objects which point to them. This causes issues when those
widgets access their attached widget or provider.
This CL wraps the pAttachedWidget and pProvider into ObservedPtrs so we will
know if the underlying pointer has gone away.
BUG=chromium:681351
Change-Id: Ib40445be9487dc3e89a66bb7407abdeed7d2c946
Reviewed-on: https://pdfium-review.googlesource.com/2270
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The call may come from TIFFReadRGBAImageOriented, and there no cleanup
is done. So free the memory allocation on failure.
BUG=681301
Change-Id: I4ac7db03d18eddd3117649ca185dffdcc9189870
Reviewed-on: https://pdfium-review.googlesource.com/2252
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
If we do not do this check, it will overflow to a huge unsigned int, so
we will allocate a lot of memory etc.
BUG=682182
Change-Id: I24b6654860c43e5d4deea753868b9d842f859cff
Reviewed-on: https://pdfium-review.googlesource.com/2272
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL splits the files in xfa/fde/css into class per file and renames any
needed files to match the class names.
Update some of the classes to use std::stack.
Change-Id: I4eca0fb3556d949a15a873bb0f0fd732f47e4fb1
Reviewed-on: https://pdfium-review.googlesource.com/2253
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Also return CFX_MaybeOwned<> from functions so to make cleanup automatic,
avoiding a theoretical leak.
Review-Url: https://codereview.chromium.org/2641853004
|
|
Move checks performed as part of JS_Value's object and array
handling back into FXJS, to ease removal of JS_Value in the future.
Remove some convenience routines in FXJS for objects, to shrink
API to be covered during testing.
Change some naming (number => double, string => widestring) to
make it clearer when there is a C++ type involved.
BUG=
Review-Url: https://codereview.chromium.org/2637503002
|
|
Review-Url: https://codereview.chromium.org/2613143002
|
|
Moving to std::vector from the more forgiving CFX_ArrayTemplate
revealed the dubious page tree traversal, which depends on the
correctness of the /Count entries to properly summarize the total
descendants under a given node.
The only "correct" thing to do is to throw away these counts as parsed,
and re-compute them, perhaps in CountPages(). But I'm not willing to do
that since it may break unknown documents in the wild.
Pass out-params as pointers while we're at it.
BUG=680376
Review-Url: https://codereview.chromium.org/2636403003
|
|
This CL splits the CFDE_CSSPrimitiveValue class into individual classes per
value type. This moves the numeric itypes out of the FDE_CSSPrimitiveType
list and creates a new CFDE_CSSNumberType list.
Change-Id: I6f55e9e3509de7ff1e82dcf018a1f1c472565e54
Reviewed-on: https://pdfium-review.googlesource.com/2250
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL converts the css syntax parser to use a std::stack instead of a
custom CFX stack.
Change-Id: I650c8340693d3608b9264bbf887f1d14847cb68f
Reviewed-on: https://pdfium-review.googlesource.com/2218
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
This Cl removes the stream initializer from the FDE CSS parser. The only
consumer was the css fuzzer. The fuzzer has been moved to use the string
initializer to match the rest of the code.
Change-Id: I65445af1159058b7c71d5e1d7c12e60383da6dbd
Reviewed-on: https://pdfium-review.googlesource.com/2217
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
These methods are never called, removed.
Change-Id: I47930c209229c9e50effc433579809b882cd2dc9
Reviewed-on: https://pdfium-review.googlesource.com/2215
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I245d755814123f351a661bda1f38eaa96d4e68ae
Reviewed-on: https://pdfium-review.googlesource.com/2214
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
We should not fill out the m_Encoding for Type3 fonts. This way, we
stop getting garbage characters from text extraction. Guessing that
unicode == charcode (in the absence of ToUnicode) is our best bet.
BUG=pdfium:642
Review-Url: https://codereview.chromium.org/2643543002
|
|
Change-Id: I929b00204e05eea71c6fd4d52e480cc9c6d6018e
Reviewed-on: https://pdfium-review.googlesource.com/2230
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Start adding unit tests for the css parser. Fixup memory
leaks that are exposed by the tests.
Change-Id: Id863d9cd5f13ab82626bc7b945de925253c88d43
Reviewed-on: https://pdfium-review.googlesource.com/2180
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL allows generating coverage information for the source files. By adding
use_coverage=true to the GN build settings clang will generate .gcno files for
each source file and executing the binary will generate a .gcda file for
each source file.
Those files can then be processed by llvm-cov to generate .gcov reports for each
source file.
i.e. (assuming use_coverage=true is set for out/coverage)
* ninja -C out/coverage pdfium_unittests
* cd out/coverage
* find obj -name "*.o" -exec llvm-cov -af -stats {} > d.out \;
There should now be .gcov files for each source file in the out/coverage
directory.
Note, llvm-gcov may have a different name or syntax on your machine.
Change-Id: I7379579f5f20a5b8b2f3a3b409b868bba4b4d74d
Reviewed-on: https://pdfium-review.googlesource.com/2216
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.
The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.
Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.
Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.
Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.
Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.
TEST=look for absence of -11 in XFA corpus test logs, bots not
currently noticing the segv. Argh.
Review-Url: https://codereview.chromium.org/2631703003
|
|
This Cl converts the names to FDE_CSSRect and FDE_CSSLength to better match
other parts of the code base.
Change-Id: I33367ae3d93d912755671486d6d5317cddbc4f62
Reviewed-on: https://pdfium-review.googlesource.com/2179
Commit-Queue: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
We can get into a loop when gif_img_row_bytes is 0 since Decode will
return 3 when the second parameter is 0, and there is a while(ret!=0).
BUG=681170
Change-Id: I63502a8487c07030fce2373f74cec6b4f0c98297
Reviewed-on: https://pdfium-review.googlesource.com/2211
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
If the values are going to overflow, return error code, which seems to
be 2.
BUG=668822
Change-Id: I89b3fcf277e98d65b8c3438e6d9bb84fe62a8de9
Reviewed-on: https://pdfium-review.googlesource.com/2213
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This Cl moves IFDE_CSSValue and IFDE_CSSRule to concrete classes and moves the
holding of the type into the base class.
Change-Id: Iea29cc55256dd2183b60ca8711367d5dc8daaa24
Reviewed-on: https://pdfium-review.googlesource.com/2178
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL cleans up some interface classes from FDE CSS.
Change-Id: I975e5d63f8ae6a0bc7bb849b6f11f0ae43092e4d
Reviewed-on: https://pdfium-review.googlesource.com/2177
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|