summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-08-12Avoid an undefined shift in ReadPageHintTable().thestig
Even 39 bits is very generous for the number of bits needed to represent the greatest number of shared object references. BUG=637119 Review-Url: https://codereview.chromium.org/2242723002
2016-08-12fix 617135hong_zhang
to fix bug 617135 617135 described an exploit against pdfium using a malformed gif. This fix introduced a couple edge case handling lines to address the OOB issue. BUG= 617135 Review-Url: https://codereview.chromium.org/2230683002
2016-08-12Make g_LinuxGpFontList be a 2D char array.npm
Review-Url: https://codereview.chromium.org/2240863002
2016-08-11Make FXJS_GetObjectElement return std::vector<CFX_WideString>.chromium/2829chromium/2828tsepez
Analogous to getting the length of JS array, this result should be a C++-side object only. Also rename to FXJS_GetObjectProperty to match JS nomenclature. Review-Url: https://codereview.chromium.org/2242593002
2016-08-11Fix an integer overflow in CStretchEngine constructorweili
When the source bitmap's width and height are large, the multiplication could easily overflow a signed integer. Change to use 'long long' type for calculation to avoid that. BUG=chromium:635663 Review-Url: https://codereview.chromium.org/2240723002
2016-08-11Move CPDFSDK_Annot, CPDFSDK_BAAnnot and CPDFSDK_DateTime to their own files.jaepark
Review-Url: https://codereview.chromium.org/2236743002
2016-08-11Clean up cfx_fontmapper a littlenpm
Added methods to reduce duplicated code Nit fixes Review-Url: https://codereview.chromium.org/2239703003
2016-08-11Remove fgas_system files.dsinclair
The two methods in fgas_system also exist in core/fxcrt/include/fx_ext with the FXSYS_ prefix instead of FX_. Remove the fgas_system files and use the fx_ext versions instead. Review-Url: https://codereview.chromium.org/2233133002
2016-08-11Relax a check in CPDF_HintTables.thestig
CPDF_HintTables::ReadSharedObjHintTable() unnecessarily constraints a FX_FILESIZE value to an int32_t. Relax this check, since the result will be stored in |m_szSharedObjOffsetArray| which is of FX_FILESIZE. Bad values in |m_szSharedObjOffsetArray| will still cause hint table loading to eventually fail. BUG=635565 Review-Url: https://codereview.chromium.org/2230883003
2016-08-11Guard against undefined shift.dsinclair
This Cl fixes the CFDE_XMLSyntaxParser::ParseTextChar() to handle entities where the value goes negative. Currently this could cause an undefined-shift as due to the (ch << 4) calls. Instead, detect if the value has gone negative and return a space character. BUG=chromium:603489 Review-Url: https://codereview.chromium.org/2223823003
2016-08-10Use smart pointers for class owned pointers in xfa/fxfaweili
Use smart pointers instead of raw pointer to make memory management easier for classes mainly under xfa/fxfa. Also change the return type of IFGAS_FontMgr::Create() to smart pointer type. BUG=pdfium:518 Review-Url: https://codereview.chromium.org/2227883002
2016-08-10Minor cleanup of fpdf_cmapsdsinclair
Cleanup some dead code and c-style casts. Review-Url: https://codereview.chromium.org/2235743003
2016-08-10Make Document's 'info' property readonlytonikitoo
As per the PDF specification in [1], page 103, the 'info' property of the Document object is readonly. [1] http://partners.adobe.com/public/developer/en/acrobat/sdk/5186AcroJS.pdf Review-Url: https://codereview.chromium.org/2235883003
2016-08-10Use CPDFSDK_Document::FromFPDFFormHandle in ::FORM_DoPageAActiontonikitoo
... rather then doing c-style type cast. CL also tweaks the method body a bit to have more early-returns rather than too-nested-if blocks. No behavior change is expected, so no new tests are being added. Review-Url: https://codereview.chromium.org/2230983003
2016-08-10Use smart pointers for class owned pointers in xfa/fwl/themeweili
Use smart pointers instead of raw pointer to make memory management easier for classes under xfa/fwl/theme. BUG=pdfium:518 Review-Url: https://codereview.chromium.org/2230813002
2016-08-10Clean up CPDF_HintTables::LoadHintStream a little.thestig
- Return earlier when possible. - Fail rather than crash on invalid values. Review-Url: https://codereview.chromium.org/2235843002
2016-08-10Move CFX_RenderDevice, CFX_FxgeDevice, and CFX_GraphStateData into their own ↵npm
files. This is the third CL to separate fx_ge into classes, one per file. All fx_ge.h includes had to be replaced with new includes The method definitions for CFX_FxgeDevice were not moved to a single file. These methods are defined in two folders different from fxge/ge, so they were left untouched for now. Review-Url: https://codereview.chromium.org/2223213002
2016-08-10Remove backpointer to CJS_Runtime from CJS_Valuetsepez
Review-Url: https://codereview.chromium.org/2227673005
2016-08-09Add another PDFEditTest test case.chromium/2827chromium/2826thestig
BUG=pdfium:545 Review-Url: https://codereview.chromium.org/2229103003
2016-08-09The benefits of having a CPDFSDK_FormActionHandler instance intonikitoo
CPDFSDK_ActionHandler are unclear. It does not add encapsulation, nor simplicity to the logic. CL is a driven-by clean up that merges CPDFSDK_FormActionHandler into CPDFSDK_ActionHandler. It takes the opportunity to delete CPDFSDK_ActionHandler (now) empty constructor and destructor, in favor of compiler-generated ones. No behavior change is expected, so no new tests are being added. Review-Url: https://codereview.chromium.org/2227173002
2016-08-09Fix a leak with FPDFPageObj_NewImgeObj().thestig
BUG=pdfium:545 Review-Url: https://codereview.chromium.org/2194393002
2016-08-09Generate default AP stream for ink annotation.jaepark
This patch generates a default AP stream for ink annotation so that ink annotations without AP stream can be displayed. Also, roll DEPS for testing/corpus to 4119f8e to test ink annotations. BUG=62625 Review-Url: https://codereview.chromium.org/2232553002
2016-08-09Use smart pointers for class owned pointers in xfa/fxbarcodeweili
For classes under xfa/fxbarcode, use smart pointers instead of raw pointer to make memory management easier. Also fix some styling issues along the changes. BUG=pdfium:518 Review-Url: https://codereview.chromium.org/2221023003
2016-08-09Fix typos of the word outer.thestig
Review-Url: https://codereview.chromium.org/2226003003
2016-08-09Generate default AP stream for circle annotation.jaepark
This patch generates a default AP stream for circle annotation so that circle annotations without AP stream can be displayed. Also, roll DEPS for testing/corpus to 71d1f22 to test circle annotations. BUG=62625 Review-Url: https://codereview.chromium.org/2228093002
2016-08-09Use smart pointers for class owned pointersweili
For classes under xfa/fxfa/fm2js, and xfa/fxgraphics, use smart pointers instead of raw pointer to make memory management easier. Also fix some styling issues along the changes. BUG=pdfium:518 Review-Url: https://codereview.chromium.org/2222203002
2016-08-09Generate default AP stream for square annotation.jaepark
This patch generates a default AP stream for square annotation so that square annotations without AP stream can be displayed. Also, roll DEPS for testing/corpus to 7f07c22 to test square annotations. BUG=62625 Review-Url: https://codereview.chromium.org/2219683002
2016-08-09Remove back-pointer to CJS_Runtime from CJS_Datetsepez
Review-Url: https://codereview.chromium.org/2224113003
2016-08-09Fixup various overflow conditionsdsinclair
There were several overflows detected by the PDF from the linked bug. This Cl fixes up the base causes of each of them. BUG=chromium:635473 Review-Url: https://codereview.chromium.org/2226023002
2016-08-08Use virtual function to retrieve interface pointerweili
Use virtual function to return the actual interface type instead of the base interface type to avoid a lot of casts. Also tidy up CFWL_Widget by encapsulating variables, and use smart pointers for class owned member variables. Review-Url: https://codereview.chromium.org/2209153002
2016-08-08openjpeg: Prevent negative x, y values in opj_tcd_init_tilechromium/2825ochang
BUG=632622 Review-Url: https://codereview.chromium.org/2223303002
2016-08-08Add support to Document::gotoNamedDest method.tonikitoo
Patch implements the Document's API gotoNamedDest, which is part of the PDF specification [1], page 129, with the following (short) description: "Use this method to go to a named destination within the PDF document". [1] http://partners.adobe.com/public/developer/en/acrobat/sdk/5186AcroJS.pdf "Named destination" is a common concept in the PDF world. It can be used together with PDF's Links, Annotations, Bookmarks and OpenActions, as well as an action per se, in case "this.gotoNamedDest" is called directly. Note that the implementation makes use of the existing hook CPDFDoc_Environment::FFI_DoGoToAction, which ends up calling out the embedder to actually handle it. In case of Chromium, for instance, it calls PDFiumEngine::Form_DoGoToAction which only handles for now the "page" property of the "destination". Other properties, including zoom level, and scroll position are ignored for the moment. BUG=pdfium:492 Review-Url: https://codereview.chromium.org/2221823003
2016-08-08Add CPDF_Array::IsEmpty().jaepark
Using IsEmpty() is more readable than using GetCount() == 0. Review-Url: https://codereview.chromium.org/2226113002
2016-08-08Remove MsgBox()/Alert() from CJS_EmbedObj.tsepez
They're only related to the |app| object, not all embed's. Alert() itself unused. Review-Url: https://codereview.chromium.org/2224073002
2016-08-08Rename CJS_Timer to GlobalTimer and make private to app.cpptsepez
The CJS_Timer is fairly far removed from JS itself, the wrapper objects are CJS_TimerObj and TimerObj. Make it sound less like them. Having moved the code to app.cpp, the GlobalTimer can now refer directly to the app, rather than its superclass of CJS_EmbedObj. Hence we can pull some app-only timer related methods out of the superclass. Review-Url: https://codereview.chromium.org/2222043002
2016-08-08Check if image width or height are zero before proceeding.dsinclair
If the width of the CJBig2_Image is set to 0 then the stride_pixels will be zero and when we divide we'll get a floating point exception. If the width or height are zero then we can exit early without proceeding with the rest of the constructor. BUG=chromium:635008 Review-Url: https://codereview.chromium.org/2222843004
2016-08-08Add support to Document::URL property getter.tonikitoo
As per the PDF specification at [1] " This property specifies the document's URL. ". IE/Acrobat supports it, and getting it implemented would be one step forward in order to support Acrobat JS script as the one in [2]. [1] http://partners.adobe.com/public/developer/en/acrobat/sdk/5186AcroJS.pdf [2] https://bugs.chromium.org/p/pdfium/issues/detail?id=492 BUG=492 Review-Url: https://codereview.chromium.org/2219183002
2016-08-08Remove backpointer to runtime from CJS_Array.tsepez
This is always available elsewhere, so save the bytes and ease removal of CJS_Array since it now only contains a single v8 local. Review-Url: https://codereview.chromium.org/2217253002
2016-08-08Move CFX_ClipRgn and CFX_PathData into their own files.npm
This is the second CL in an attempt to split up the classes in fxge/include/fx_ge.h into their own files. CFX_ClipRgn is moved to core/fxge/ge because it is only used in core/fxge. The header for CFX_PathData is left in core/fxge/include since it is used elsewhere. Review-Url: https://codereview.chromium.org/2216853004
2016-08-05Add CPDF_ImageObject::GetImage().thestig
And use it where appropriate. Review-Url: https://codereview.chromium.org/2224623002
2016-08-05Remove another potential stale CJS_Timer usagetsepez
Fix memory ownership model for PDFium timers. The |app| class owns the CJS_Timer as part of its vector<unique_ptr> to them. The CJS_Timer "owns" its slot in the global ID to timer map, and removes itself when it is destroyed. Nothing else deletes from the global map. Deleting from the global map is accompanied by a callback to the embedder to clear its resources. Next, the proper way to remove a CJS_Timer is by going through the app, and having the app erase its unique ptr, which then deletes the CJS_Timer, which in turn cleans up the global map. Provide a CJS_Timer::Cancel static method to do this conveniently. There is a alternate path to the CJS_timer via JS and its CJS_TimerObj. CJS_TimerObj owns a TimerObj that currently points to the CJS_Timer. If the timer fires, and cleans itself up, this can go stale. Make the TimerObj maintain a weak reference via global timer ID rather than a direct pointer to the CJS_Timer, so that if the timer fires and is destroyed, future attempts to cancel find nothing. There is another path, where if the JS timer object is GC'd, then we just clean up its CJS_TimerObj without touching the actual CJS_Timers. We could make this match the spec by calling into the new cancel routine as described above, but it seems weird to have a timer depend on whether a gc happened or not. A subsequent CL will rename these objects to more closely match the conventions used by the other JS wrappers. BUG=634716 Review-Url: https://codereview.chromium.org/2221513002
2016-08-05Return v8::Date specialization not v8::Value where possiblechromium/2824chromium/2823chromium/2822chromium/2821tsepez
Also get rid of FXJS_ValueCopy() while we're at it. BUG=pdfium:556 Review-Url: https://codereview.chromium.org/2215093002
2016-08-04openjpeg: Prevent overflows when using opj_aligned_malloc()gogil
BUG=628304 R=thestig@chromium.org, ochang@chromium.org Review-Url: https://codereview.chromium.org/2218783002
2016-08-04Move CFX_GEModule into its own filenpm
This is the first CL in an attempt to split up the classes in fxge/include/fx_ge.h into their own files. Review-Url: https://codereview.chromium.org/2217663002
2016-08-04openjpeg: Prevent integer overflows during calculation of ↵gogil
|l_nb_code_blocks_size| BUG=628890 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2212973002
2016-08-04Use smart pointers for class owned pointersweili
For classes under xfa/fgas, xfa/fwl/basewidget, and xfa/fwl/core, use smart pointers instead of raw pointer to make memory management easier. BUG=pdfium:518 Review-Url: https://codereview.chromium.org/2207093005
2016-08-04Remove unnecessary casting in CPVT_GenerateAP.jaepark
Since CFX_BinaryBuf::GetBuffer() returns uint8_t*, casting to uint8_t* is unnecessary. Review-Url: https://codereview.chromium.org/2218633002
2016-08-04Use smart pointers for class owned pointers under xfa/fdeweili
Use smart pointer to replace raw pointer type for class owned member variables so that memory management will be easier. BUG=pdfium:518 Review-Url: https://codereview.chromium.org/2208423002
2016-08-04Fix issue when firing TimerProc() destroys timerchromium/2820tsepez
We must look the timer up a second time since the callback may have released it. BUG=634394 Review-Url: https://codereview.chromium.org/2214003003
2016-08-04Beef up timer cancellation teststsepez
Adds more questionable invocations of ClearTimeOut(). Also, checking that nothing happened is fragile. Log at least one thing to show that the code ran. Review-Url: https://codereview.chromium.org/2218473002