summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-27Fix libfuzzer build broken at 9f7f7f8tsepez
BUG=660015 TBR=npm@chromium.org Review-Url: https://codereview.chromium.org/2452523005
2016-10-26libtiff: Fix unsigned vs signed comparison warning.thestig
tif_pixarlog.c revision 1.45. commitid: IX5L3QQ5Qtzcofcz BUG=chromium:654172 Review-Url: https://codereview.chromium.org/2452293002
2016-10-26libtiff: Prevent a buffer overflow in function PixarLogDecode.stackexploit
Fix potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images. The issue has been fixed in upstream (libtiff revision 1.44, author: erouault, commitid: 2SqWSFG5a8Ewffcz, date: 2016-06-28 23:12:19 +0800). This CL applies the official patch to tif_pixarlog.c. BUG=chromium:654172 R=dsinclair@chromium.org, thestig@chromium.org Review-Url: https://codereview.chromium.org/2453253003
2016-10-26Fix some FX_BOOL / int noise in xfatsepez
Review-Url: https://codereview.chromium.org/2453983002
2016-10-26Fix some FX_BOOL / int noise in fxcrt.chromium/2902tsepez
Review-Url: https://codereview.chromium.org/2450183003
2016-10-26Take advantage of implicit std::unique_ptr<>(nulltpr_t) ctor.tsepez
Review-Url: https://codereview.chromium.org/2453163002
2016-10-26Add more checks to tiff_read() and tiff_seek().thestig
BUG=chromium:659519 Review-Url: https://codereview.chromium.org/2456553002
2016-10-26Traverse PDF page tree only once in CPDF_Documentnpm
Try 2: main fix was recursively popping elements from the stack. Since the Traverse method can be called on non-root nodes from GetPage(), we have to make sure to properly update the parents. Try 1 at https://codereview.chromium.org/2414423002/ In our current implementation of CPDF_Document::GetPage, we traverse the PDF page tree until we find the index we are looking for. This is slow when we do calls GetPage(0), GetPage(1), ... since in this case the page tree will be traversed n times if there are n pages. This CL makes sure the page tree is only traversed once. Time to load the PDF from the bug below in chrome official build: Before this CL: around 1 minute 25 seconds After this CL: around 4 seconds BUG=chromium:638513 Review-Url: https://codereview.chromium.org/2442403002
2016-10-26Avoid some FX_BOOL/bool noise in fx_codec_fax.cpptsepez
NEXTBIT() is particularly pernicious in that it isn't syntactically an expression, but rather two expressions. Replace it with an inline along the way. Review-Url: https://codereview.chromium.org/2452123002
2016-10-26Fix some bool/int mismatches.tsepez
Found by winxfa bot when fx_bool defined to bool. Review-Url: https://codereview.chromium.org/2449293002
2016-10-25Fix some return FALSE in functions that return pointerschromium/2901tsepez
This previously compiled because FALSE is #defined to 0, and 0 is a perfectly fine value for a pointer. Review-Url: https://codereview.chromium.org/2448943003
2016-10-25Avoid dubious use of comma operator in fde_csssyntax.htsepez
Review-Url: https://codereview.chromium.org/2446113005
2016-10-25Name core/fxge/android files appropriately and use one file per classnpm
- Rename files so that they correspond to class names. - Remove OS_Android ifs, since they are unneeded. - Split fpf_skiafontmgr.h into classes, one per file. Review-Url: https://codereview.chromium.org/2448293002
2016-10-25Use m_GlyphIndex as backup for m_ExtGID on Macnpm
When CGFontGetGlyphWithGlyphName returns 0, it means the glyph name was not recognized. In this case, try using the glyph index to load the glyph. BUG=pdfium:625 Review-Url: https://codereview.chromium.org/2445933002
2016-10-24Add ASan bots in commit queueweili
Add ASan bots into commit queue to prevent tree closures due to leaks etc. memory errors. BUG=pdfium:1 Review-Url: https://codereview.chromium.org/2445013002
2016-10-24Rename IFX_ stream nameschromium/2900tsepez
It's been troubling for some time that an IFX_FileStream might actually be an in-memory buffer with no backing file. Review-Url: https://codereview.chromium.org/2443723002
2016-10-24Fix root dictionary leak in cpdf_document_unittestNicolas Pena
The CPDF_Document does not own its root dictionary, so add ownership in CPDF_TestDocumentForPages, using ReleaseDeleter because the dictionary cannot be deleted. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/2445753002 .
2016-10-21Add CPDF_Document::GetPage() unittestschromium/2899npm
Added a nontrivial page tree and a test that pages are being fetched properly, both when requested in order and in reverse order. This will help prevent introducing bugs while changing the way the page tree is processed. BUG=chromium:638513 Review-Url: https://chromiumcodereview.appspot.com/2435783006
2016-10-21Remove dead code in CPDF_CustomAccesstsepez
Review-Url: https://chromiumcodereview.appspot.com/2441653004
2016-10-21Re-enable CHECK() than only 0-numbered objects are released.tsepez
Review-Url: https://chromiumcodereview.appspot.com/2424933002
2016-10-21Fix some div by 0s in safe_math_impl.hchromium/2898tsepez
The majority of these are already upstream in base/, the remainder will need upstreaming. Also pull some upstream changes to reduce diffing. Upstream CL is https://codereview.chromium.org/2440143003/ BUG=657436 Review-Url: https://chromiumcodereview.appspot.com/2441753003
2016-10-21Clean up fpf_skiafontmgrnpm
Remove unused methods, create namespace, nits. Review-Url: https://chromiumcodereview.appspot.com/2433543002
2016-10-21Revert of Fix loading page using hint tables. (patchset #5 id:80001 of ↵npm
https://codereview.chromium.org/2437773003/ ) Reason for revert: CPDF_DataAvail::IsPageAvail is causing crashes. BUG=chromium:658168, chromium:658170 Original issue's description: > Fix loading page using hint tables. > > When linearized document have hint table, > The FPDFAvail_IsPageAvail return true, but > FPDF_LoadPage return nullptr, for non first pages. > > This happens, bacause document not use hint tables, to load page. > > To fix this, I force save the page's ObjNum in document. > > R=npm, dsinclair > > Committed: https://pdfium.googlesource.com/pdfium/+/ef38283688c1ee7c08bcf4204cfb78e09c039782 TBR=dsinclair@chromium.org,tsepez@chromium.org,thestig@chromium.org,art-snake@yandex-team.ru # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://chromiumcodereview.appspot.com/2442663005
2016-10-20Fix loading page using hint tables.chromium/2897art-snake
When linearized document have hint table, The FPDFAvail_IsPageAvail return true, but FPDF_LoadPage return nullptr, for non first pages. This happens, bacause document not use hint tables, to load page. To fix this, I force save the page's ObjNum in document. R=npm, dsinclair Review-Url: https://chromiumcodereview.appspot.com/2437773003
2016-10-20Revert of Traverse PDF page tree only once in CPDF_Document (patchset #4 ↵dsinclair
id:60001 of https://codereview.chromium.org/2414423002/ ) Reason for revert: Possible cause of crbug.com/657897 reverting to find out. BUG=657897 Original issue's description: > Traverse PDF page tree only once in CPDF_Document > > In our current implementation of CPDF_Document::GetPage, we traverse > the PDF page tree until we find the index we are looking for. This is > slow when we do calls GetPage(0), GetPage(1), ... since in this case > the page tree will be traversed n times if there are n pages. This CL > makes sure the page tree is only traversed once. > > Time to load the PDF from the bug below in chrome official build: > Before this CL: 1 minute 40 seconds > After this CL: 5 seconds > > BUG=chromium:638513 > > Committed: https://pdfium.googlesource.com/pdfium/+/7c29e27dae139a205755c1a29b7f3ac8b36ec0da TBR=thestig@chromium.org,tsepez@chromium.org,npm@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=chromium:638513 Review-Url: https://chromiumcodereview.appspot.com/2430313006
2016-10-20Move fwl/lightwidget to fwl/coredsinclair
This CL moves the code from fwl/lightwidget into fwl/core. In anticipation of merging the two hierarchies. Review-Url: https://chromiumcodereview.appspot.com/2430923006
2016-10-20Cleanup unused methods and return values in FWL code.dsinclair
This CL does an initial pass to remove unused methods and return values in the FWL code base. Review-Url: https://chromiumcodereview.appspot.com/2435603003
2016-10-20Remove IFWL_*::Create methods, use newdsinclair
The create methods just proxied to the constructor. Remove Creates and call new directly where needed. Review-Url: https://chromiumcodereview.appspot.com/2433133002
2016-10-20Merge the CFWL_*Imp classes into the IFWL_* classes.dsinclair
This Cl merges the implementation classes up into the IFWL classes as the intermediate classes were just acting as proxies. Review-Url: https://chromiumcodereview.appspot.com/2432423002
2016-10-19Make Document::m_IconList a vector of IconElements. (try 2)chromium/2896thestig
It does not need to be a std::list. This time keep the elements as unique_ptrs. Previous attempt: https://codereview.chromium.org/2428743004/ Review-Url: https://chromiumcodereview.appspot.com/2428373004
2016-10-19Remove SetDataProvider from IFWL_Widgetdsinclair
Method is not called, removed. Review-Url: https://chromiumcodereview.appspot.com/2433103002
2016-10-19Remove FWL Create methods, use new insteaddsinclair
Review-Url: https://chromiumcodereview.appspot.com/2422303003
2016-10-19Remove FWL theme subclassesdsinclair
The CFWL_CheckBoxTP and CFWL_EditTP are subclassed with the CXFA_FWLEditTP and CXFA_FWLCheckBoxTP. The super classes are never instantiated or used, so fold the subclasses back to the parent and use them directly. Review-Url: https://chromiumcodereview.appspot.com/2418413005
2016-10-18Revert of Make Document::m_IconList a vector of IconElements. (patchset #2 ↵dsinclair
id:20001 of https://codereview.chromium.org/2428743004/ ) Reason for revert: Appears to be blocking the roll due to compile failure https://codereview.chromium.org/2429053002 Attempting to revert to see if the roll will pass. Original issue's description: > Make Document::m_IconList a vector of IconElements. > > There's no need for std::list<std::unique_ptr<IconElement>>. > > Committed: https://pdfium.googlesource.com/pdfium/+/f328d0d378b8df8a3416988d96c34f1d3f9d26d1 TBR=npm@chromium.org,thestig@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://chromiumcodereview.appspot.com/2431913003
2016-10-18Merge IFWL_App and FWL_AppImp togetherdsinclair
The IFWL_App class just acts as a proxy to the FWL_AppImp code. This Cl removes FWL_AppImp and merges the code back up to IFWL_App, simplifying the object hierarchy. Review-Url: https://codereview.chromium.org/2430563003
2016-10-18Make Document::m_IconList a vector of IconElements.thestig
There's no need for std::list<std::unique_ptr<IconElement>>. Review-Url: https://codereview.chromium.org/2428743004
2016-10-18Traverse PDF page tree only once in CPDF_Documentchromium/2895npm
In our current implementation of CPDF_Document::GetPage, we traverse the PDF page tree until we find the index we are looking for. This is slow when we do calls GetPage(0), GetPage(1), ... since in this case the page tree will be traversed n times if there are n pages. This CL makes sure the page tree is only traversed once. Time to load the PDF from the bug below in chrome official build: Before this CL: 1 minute 40 seconds After this CL: 5 seconds BUG=chromium:638513 Review-Url: https://codereview.chromium.org/2414423002
2016-10-18Add a test case for bug 494057.thestig
The expectation is set incorrectly to allow the test to pass. BUG=chromium:494057 Review-Url: https://codereview.chromium.org/2430583002
2016-10-17Cleanup unneeded FWL theme code.dsinclair
This CL removes FWL theme code methods which do not have implementations. Review-Url: https://codereview.chromium.org/2422373002
2016-10-17FPDFPage_TransformAnnots(): don't re-insert unowned object on top of itselftsepez
Underlying cause of the bug, unmasked when CPDF_Dictionary lost a redundancy check. BUG=656162 Review-Url: https://codereview.chromium.org/2425003002
2016-10-17Fix segv in AddImage()tsepez
The assumption that only indirect objects would be passed is wrong. Restore old behaviour despite muddying ownership constraints. R=thestig@chromium.org BUG=656145 Review-Url: https://codereview.chromium.org/2425843002
2016-10-17Move fxge/android to if(is_android) on buildchromium/2894npm
core/fxge/android files all have if _FX_OS_ == _FX_ANDROID_. Instead, put the files inside if (is_android) on Build.gn. Also, the skia file is already under if (pdf_use_skia), so the if defined(_SKIA_SUPPORT_) can be removed. Review-Url: https://codereview.chromium.org/2413983004
2016-10-17Rename CFX_CountRef to CFX_SharedCopyOnWritetsepez
Avoid confusing this class with other ref-counted objects. Review-Url: https://codereview.chromium.org/2426673002
2016-10-17Revert "Make CPDF_Object containers hold objects via unique pointers."tsepez
This reverts commit 1d023881cd53485303c0fcc0b5878e700dc470fd. Reason for revert -- fuzzers hit issues. TBR=thestig@chromium.org Review-Url: https://codereview.chromium.org/2425783002
2016-10-17lcms: Revise previous cmsStageAllocMatrix fixkcwu
Also fixed wrong patch file name. This is fixup of 958e57cb and d2023170 TEST=apply this change in lcms' repo and make check BUG=chromium:651849,chromium:654198 Review-Url: https://codereview.chromium.org/2424803002
2016-10-17lcms: reject NaN when reading float numberskcwu
LerpFloat functions expect input values are normal float. They first clamp values to the range of [0.0, 1.0] and then calculate interpolation with the input values. If the input value is NaN, it will lead to heap buffer overflow because the index to LutTable is calculated based on the said value and fclamp(NaN) is not in expected [0.0, 1.0] range. This patch rejects all NaN values earlier when reading float numbers. So it also changed behavior for cases other than LerpFloat. I think it is okay because NaN doesn't make sense for usual calculations. BUG=654676 Review-Url: https://codereview.chromium.org/2422553002
2016-10-17Strengthen bounds check in CWeightTable::Calc * part IIstackexploit
This CL implemented a better version of CWeightTable::GetPixelWeightSize(), which will calculate the size of array PixelWeight.m_Weights correctly to prevent potential heap buffer overflow conditions. BUG=chromium:654183 R=ochang@chromium.org, thestig@chromium.org, dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2404453003
2016-10-15Fix some nits in cpdf_annotlist.cpp.thestig
Review-Url: https://codereview.chromium.org/2395693002
2016-10-14Revert "Update CPDF_IndirectObjectHolder APIs for unique objects."Tom Sepez
This reverts commit 3ba098595ae56b64eacc0c25ab76b89a4d78d920. TBR=thestig@chromium.org,weili@chromium.org Review URL: https://codereview.chromium.org/2424533003 .
2016-10-14Ready to enable MSan build for PDFiumchromium/2891weili
Add all the necessary files used for MSan build and run. BUG=pdfium:1 Review-Url: https://codereview.chromium.org/2384353002