Age | Commit message (Collapse) | Author |
|
This reverts commit b69a98cf50537130f88ce3a799117f2ca8353ac5.
Reason for revert: crashes on mac.
BUG=654387
TBR=thestig@chromium.org
Review-Url: https://codereview.chromium.org/2410483002
|
|
The patch (https://codereview.chromium.org/2284063002) for Issue 618267
was insufficient. The integer overflow still could be triggered and could
lead to heap buffer overflow.
This CL strengthens integer overflow check in function _TIFFCheckRealloc.
BUG=chromium:654169
R=ochang@chromium.org, tsepez@chromium.org, dsinclair@chromium.org
Review-Url: https://codereview.chromium.org/2405693002
|
|
The position indexes of color elements must be monotonic increasing.
Bail out if the decoded index is less or equal to the previous index.
BUG=pdfium:615
Review-Url: https://codereview.chromium.org/2398033002
|
|
BUG=chromium:653044
Review-Url: https://codereview.chromium.org/2397783002
|
|
Instead of relying on ' ' to determine whether the CFX_Bytestring
is added on one place or another, use another vector. When trying
to match fonts from the fontmapper, compare with both vectors.
BUG=pdfium:510
Review-Url: https://codereview.chromium.org/2395883002
|
|
Skia's interface to transfer modes is
not described by an enum instead
of a class.
R=reed@google.com, dsinclair@chromium.org
Review-Url: https://codereview.chromium.org/2394683004
|
|
The embeddertests were closing the document before the formfill environment.
This caused a use-after-free as we try to use the document during formfill
destruction.
This Cl fixes the destruction order in the embedder tests. As well, a few guards
are put in place to keep the system from crashing if the wrong destruction
order is called.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/2398063002 .
|
|
Unused, remove.
Review-Url: https://codereview.chromium.org/2397513003
|
|
Rename CPDFSDK_Environment to make it explicit that this is part of the formfill
system.
Review-Url: https://codereview.chromium.org/2391313002
|
|
This CL updates CPDFXFA_Document so it never owns the CPDFSDK_Document. The
CPDFSDK_Document is now always owned by the CPDFXFA_Environment. This also
cleans up the strange need to reverse the order of document and form destruction
when using XFA.
Review-Url: https://codereview.chromium.org/2397473006
|
|
- Remove some unused stuff from pageint.h.
- Replace some FX_BOOL with bool in pageint.h, and related.
- Replace some "protected" with "private" in pageint.h.
- Move 2 methods into namespace in fpdf_page_parser_old.cpp.
Review-Url: https://codereview.chromium.org/2399573002
|
|
This reverts commit b73c99335bfbd158ad16dd59c9c52396ffd2b54b.
TBR=thestig@chromium.org
Review-Url: https://codereview.chromium.org/2393783004
|
|
This avoids a re-assignment that can otherwise cause a later fault.
BUG=pdfium:607
Review-Url: https://codereview.chromium.org/2393953002
|
|
This Cl cleans up the code regarding CPDFSDK_Annots in CPDFSDK_PageView.
This includes:
* Makes DeleteAnnot XFA only and wraps at the call site.
* Removes unused methods
* Replaces use of CountAnnots and GetAnnot with vector iteration
* Removes {Set|Kill}FocusAnnot from CPDFSDK_PageView
* Renames m_fxAnnotArray to m_SDKAnnotArray
Review-Url: https://codereview.chromium.org/2384323005
|
|
FX_BOOL can be replaced by bool. Also replaced in a couple other places
so that Winbots pass.
Review-Url: https://codereview.chromium.org/2395803002
|
|
For cmdStageAllocMatrix, InputChans is length of Matrix, OutputChans is
length of Offsets. The original code will allocate NewElem->Offset with
length Cols=InputChans (cmslut.c:417). This results in heap buffer
overflow later.
BUG=chromium:651849
Review-Url: https://codereview.chromium.org/2384063006
|
|
There's no way to take ownership back from the CPDF_Array
without deleting the object, so add a new primitive to make
elements become indirect rather than manipulating them
outside the class.
This should solve the ASSERT(objnum == 0) issue that
blocked the previous roll.
Review-Url: https://codereview.chromium.org/2391883003
|
|
Each of these files contains a single class, rename the file to match the
internal class name.
Review-Url: https://codereview.chromium.org/2385423004
|
|
Remove redundant DEPS files and DEPS file entries.
Review-Url: https://codereview.chromium.org/2390833003
|
|
Missed these again. Scripting fail.
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2393433003
|
|
- Added private method to avoid duplicated code.
- If the unicode calculation overflows, 0 is used instead of crashing.
Review-Url: https://codereview.chromium.org/2392103002
|
|
When fuzzing the image formats, its possible to get a read request which
would go negative. Handle the request and return FALSE for the read.
BUG=chromium:621836
Review-Url: https://codereview.chromium.org/2386343002
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2393593002
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2392603004
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2386423004
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2392773003
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2386263003
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2391013002
|
|
m_Map maps to unsigned integer, but m_MultiCharBuf.GetLength() returns
an integer. There will be integer overflow if the length is big, and
UBSAN will complain. Thus, using FX_SAFE_UINT32. Replacing with uint32
would work as well: the point is to consider the length as uint instead
of int.
BUG=chromium:652232
Review-Url: https://codereview.chromium.org/2393573002
|
|
Review-Url: https://codereview.chromium.org/2387333002
|
|
Update clip to use intersect verb
from canvas.
R=dsinclair@chromium.org
Review-Url: https://codereview.chromium.org/2384283002
|
|
id:120001 of https://codereview.chromium.org/2375343004/ )
Reason for revert:
Broke PDFExtensionTest when rolling DEPS in Chromium.
Original issue's description:
> Assert that only 0-numbered objects are Released()
>
> This condition holds because numbered objects are brute-force
> deleted by the indirect object holder, rather than being
> released.
>
> Be careful about recursive deletion, check before advancing,
> since we no longer count on Release() doing this for us.
> Fix a few tests where the test was violating ownership rules.
>
> This should be the last step before completely removing Release()
> in favor of direct delete everywhere.
>
> Committed: https://pdfium.googlesource.com/pdfium/+/aba528a362248a54b27a7e9e046e2b65ab83f624
TBR=tsepez@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2387193003
|
|
The test file for fixing bug chromium:651304.
Review-Url: https://codereview.chromium.org/2392553004
|
|
This condition holds because numbered objects are brute-force
deleted by the indirect object holder, rather than being
released.
Be careful about recursive deletion, check before advancing,
since we no longer count on Release() doing this for us.
Fix a few tests where the test was violating ownership rules.
This should be the last step before completely removing Release()
in favor of direct delete everywhere.
Review-Url: https://codereview.chromium.org/2375343004
|
|
Review-Url: https://codereview.chromium.org/2386273004
|
|
Depending on what ReadOK does it's possible for |dircount16| to be used without
being initialized. The read code calls back into PDFium specific code which then
calls into the stream reading code.
Initialize the value to be sure it is set.
BUG=chromium:651632
Review-Url: https://codereview.chromium.org/2389993002
|
|
|Clear| is too easily mistaken for "clear this pointer only."
Review-Url: https://codereview.chromium.org/2385303002
|
|
This CL adds a |IsBeingDestroyed| flag into the CPDFSDK_PageView. We then
bail out of the pageview removal code early if the flag is set.
BUG=chromium:652103
Review-Url: https://codereview.chromium.org/2384243002
|
|
The original way of detecting loops was passing a level parameter
through various functions. This missed some cases which also lead
to load type3 font char, for example, FindFont() may call
CheckType3FontMetrics() which may eventually lead to LoadChar().
The new way is to store the char loading depth, and abort when the depth
exceeds the max.
BUG=chromium:651304
Review-Url: https://codereview.chromium.org/2384853002
|
|
Method is not called, removing.
Review-Url: https://codereview.chromium.org/2391663002
|
|
All the files are already excluded by the build system.
Review-Url: https://codereview.chromium.org/2387863002
|
|
Review-Url: https://codereview.chromium.org/2386433002
|
|
Fix some nullptr errors.
BUG=pdfium:608
Review-Url: https://codereview.chromium.org/2378133003
|
|
Restore CPDF_Dictionary default constructor.
Use it in places where reasonable in the code.
TBR=dsinclair@chromium.org
TBR=thestig@chromium.org
Review-Url: https://codereview.chromium.org/2383843002
|
|
Note: pdfium bots don't seem to touch these files.
Review-Url: https://codereview.chromium.org/2379973005
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2383593002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2383583002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2380713005
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2384503003
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2375963006
|