Age | Commit message (Collapse) | Author |
|
There are places where an object "child" has a raw pointer
back to object "owner" with the understanding that owner will
always outlive child.
Violating this constraint can lead to use after free, but this
requires finding two paths: one that frees the objects in the
wrong order, and one that uses the object after the free. The
purpose of this patch is to detect the constraint violation
even when the second path is not hit.
We create a template that is used in place of TYPE*. It's dtor,
when a memory tool is present, goes out and probes the first
byte of the object to which it points. Used in "child", this
allows the memory tool to prove that the "owner" is still alive
at the time the child is destroyed, and hence the constraint is
never violated.
Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417
Reviewed-on: https://pdfium-review.googlesource.com/5475
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Limit the length of error messages to avoid string formatting failure.
Simplify some CXFA_FMParse error handling code too.
BUG=chromium:708428
Change-Id: I2f5fdb61349a90b3ba681dcc04a26ce0d7f2bdda
Reviewed-on: https://pdfium-review.googlesource.com/5331
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL adds tests for CXFA_FMLexer.
Change-Id: I4cb7000212dda6d2b32211005a1c22deabb813ae
Reviewed-on: https://pdfium-review.googlesource.com/5554
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Update return types to be bools instead of ints. Make some methods private.
Change-Id: I5d55c48a861f90e9bd116ef835c11cdb515002a6
Reviewed-on: https://pdfium-review.googlesource.com/5553
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
The fm2js code takes a pointer to the input string and then walks along
that pointer. There are currently no checks to verify we haven't walked
off the end of the pointer into random memory.
If this happens, we can end up allocating large chunks of memory and
copying random bits.
BUG=chromium:721533
Change-Id: Ia61fe96c1ff9eb9ded63cf8326b7be44986bd9e1
Reviewed-on: https://pdfium-review.googlesource.com/5550
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Remove the inc/dec/get methods that aren't helpful. Change methods to
return void instead of uint32_t and make sure they set the proper error
messages.
Change-Id: I741316e7990a776d528625f34fd941316c524c15
Reviewed-on: https://pdfium-review.googlesource.com/5530
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Add a few constants in the process.
Change-Id: Id69b939e4ea6a3de879e0a1f29d1453e95c838db
Reviewed-on: https://pdfium-review.googlesource.com/5552
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The gamma value is always 2.2, which means the table entries all point
to themselves. Remove the usage of the gamma table.
Change-Id: Idbb06015e8acd9f106f4bd1da5ef06563fb26296
Reviewed-on: https://pdfium-review.googlesource.com/5352
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The only user of CPDF_Creator is FPDF_Doc_Save, and it only uses flags 1
or 2 when calling Create. Thus, the other two flags will never be set.
Change-Id: Ib2eb0ce5585469c7749f0ab350855f1c6a2bba08
Reviewed-on: https://pdfium-review.googlesource.com/5491
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Upstream patch:
https://github.com/vadz/libtiff/commit/5a4eceed8d2f28d05f49add9ce647684d59d461a
Bug: chromium:722071
Change-Id: Idef412edbeb3255375ab18c68721dbaf7c601119
Reviewed-on: https://pdfium-review.googlesource.com/5511
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Users get confused when they set both Skia args to true and their code does not
compile. This CL adds a check for this when generating gn args.
Bug: pdfium:722
Change-Id: I0fb6f6a3fa64b094b674c602f38c736ee7b7fd65
Reviewed-on: https://pdfium-review.googlesource.com/5510
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Cary Clark <caryclark@google.com>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
From the Gif spec:
'The output codes are of variable length, starting at <code size>+1 bits per
code, up to 12 bits per code. This defines a maximum code value of 4095
(0xFFF).'
'Because the LZW compression used for GIF creates a series of variable length
codes, of between 3 and 12 bits each'
Bug: chromium:722115
Change-Id: Ic9cff99e6012195a6b5173693b029dc710285688
Reviewed-on: https://pdfium-review.googlesource.com/5490
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This Cl updates CPSOutput to inherit from IFX_WriteStream and converts
the CFX_PSRenderer to accept an IFX_WriteStream instead of a CPSOutput.
Change-Id: Ibde5c7da1c2f6df0a10cb6e9a470e18fbab167b8
Reviewed-on: https://pdfium-review.googlesource.com/5431
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl allows passing a CFX_ByteStringC to IFX_WriteStream along with the
buffer method. This makes it easier to pass C-style strings to the stream.
Change-Id: I1051eb3ba17c7fbd42984c14dc60cbce24d72f3f
Reviewed-on: https://pdfium-review.googlesource.com/5430
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I519d79b2b22d2b947c546c6285195b8ca52f4993
Reviewed-on: https://pdfium-review.googlesource.com/5471
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I7586194b59d2c8e28fc24b698ea93f4a2ab636e2
Reviewed-on: https://pdfium-review.googlesource.com/5474
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL fixes a leak that can be caused by a longjmp in ErrorData. The method
is renamed to express the fact that it includes such, and a followup should
remove the jmps altogether.
Bug: chromium:721488
Change-Id: Iefcc82a77a30ff77b7973b05611440a8d5bf275e
Reviewed-on: https://pdfium-review.googlesource.com/5450
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I60c9cbd83ff9e7a30a5a570a6ad1cf8f52360c07
Reviewed-on: https://pdfium-review.googlesource.com/5410
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: I9b7a1c101e3c73d0270f9216225e5a13d9937b97
Reviewed-on: https://pdfium-review.googlesource.com/5332
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
This Cl renames the CFX_RenderDevice subclasses to make their usage
clearer.
Change-Id: Ie820b57df9a3743ce8c6893fb483b398a1f1bdbe
Reviewed-on: https://pdfium-review.googlesource.com/5390
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The times we need the DC we call ::GetDC to retrieve it from the platform.
These methods are unused.
Change-Id: If83aa9b37ae2231d8029db6f2e6d8d17f1825611
Reviewed-on: https://pdfium-review.googlesource.com/5350
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The FPDF_LoadDocument call was missing the CheckUnSupportedError so, if
the document contained unsuppoted information the user would not be
notified. This brings the method in line with the other loading methods.
Change-Id: I308b25335a228eb02c51562f9caf91cda9193b73
Reviewed-on: https://pdfium-review.googlesource.com/5336
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Before, all pointers were being initialized to 0. After raw pointers were
changed to vectors, data() was used in some cases, but now no longer returns
nullptr when it is supposed to. This CL fixes that.
Bug: chromium:721417
Change-Id: Ia31b75b18dc17d7eed48538145fe5d0d59668843
Reviewed-on: https://pdfium-review.googlesource.com/5353
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This Cl consolidates the code to load maps and codecs into the
CPDF_ModuleMgr class instead of putting it directly into fpdfview.
Change-Id: Ia08f212f43a33e51ab1c7832051ee4f28eecb50d
Reviewed-on: https://pdfium-review.googlesource.com/5335
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: Ibd8d70264d79afc0baabaa5093aceb21ee777196
Reviewed-on: https://pdfium-review.googlesource.com/5334
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
In AGG, len is of type coord_type, which we have as int16_t, but we can add to
it large values, causing it to become negative. Stop the rendering when that
occurs.
Bug: chromium:719258
Change-Id: Ic7497666b01220a9cd3e7d749f1fc6ae4a210870
Reviewed-on: https://pdfium-review.googlesource.com/5370
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
bpno_plus_one is used as a parameter bpno for a bunch of methods that calculate
1 << bpno. Thus, use a reduced value when it's large enough to cause undefined
shift. bpno_plus_one itself remains unchanged so that the number of calls
remains the same
Bug: chromium:698526
Change-Id: I40431d41a04f3e2315bd3c80114cd0fcbd2815b4
Reviewed-on: https://pdfium-review.googlesource.com/5310
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
BUG=chromium:665087,chromium:718492
Change-Id: I09e93b4167ab2c0b3b53641243aa0cbeb5b98c4f
Reviewed-on: https://pdfium-review.googlesource.com/3114
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: Ia0ea49f0460fcb8e55542f237d321bb9207aa8e1
Reviewed-on: https://pdfium-review.googlesource.com/5250
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
member.
Change-Id: I51e30d298e87b9ae0d5aca83b2f1d6787efce70a
Reviewed-on: https://pdfium-review.googlesource.com/5290
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Remove not useful error parameter.
Change-Id: I6f49a51a47c9d7f45e75a585679e15f0414aac26
Reviewed-on: https://pdfium-review.googlesource.com/5254
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
This Cl moves the implementation of the archive buffer behind an
IFX_ArchiveStream interface. The buffer holds the current offset and the
offset parameter is removed from the CPDF_Creator and various other
methods.
Change-Id: Ia54e803b58bbfb6ef03fec4a940d2c056d541356
Reviewed-on: https://pdfium-review.googlesource.com/5255
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl conslidates if statements, converts int returns to bools where
possible and various other cleanups in fpdfapi/edit.
Change-Id: Ia31ecc69843117eb5ebfff449a6046a267d08e89
Reviewed-on: https://pdfium-review.googlesource.com/5190
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I9754da8d1bf54b328761ac9d83fcc4a3518b4a73
Reviewed-on: https://pdfium-review.googlesource.com/5230
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
pages, as the documentation explicitly allows this.
Bug:pdfium:710
Change-Id: I0535b45c16ae7a53609da3b09ff7d427c52567b5
Reviewed-on: https://pdfium-review.googlesource.com/5270
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: Ia0a78be3320c5d6c3d0c40d4199cae1473e0e8dc
Reviewed-on: https://pdfium-review.googlesource.com/5253
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I84cd8e91a296119ecf80b7a092b886f291bebb45
Reviewed-on: https://pdfium-review.googlesource.com/4953
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: Ic602126dc5407fcbb56dca5ec43e1824a5ca55b6
Reviewed-on: https://pdfium-review.googlesource.com/5251
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
They should each know what they are rather than having an
external ChildRecord struct to track the type.
Change-Id: Ic647ba45569764073e944d30af1a96dccdc29eb3
Reviewed-on: https://pdfium-review.googlesource.com/5210
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Callers should use FPDFPageObj_NewImageObj() instead.
Change-Id: If9f262af771344799a372645e466d3b8e64482ed
Reviewed-on: https://pdfium-review.googlesource.com/5153
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
The 38 value seems arbitrary, and the prec is used in OPJ_INT32 with 1 <<
(prec - 1). So limit it to be at most 31, and avoid undefined shifts.
Bug: chromium:698498
Change-Id: I840f2e65231ac7847ed26bcaea36471a53be49e8
Reviewed-on: https://pdfium-review.googlesource.com/5173
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Minor cleans in the fpdfapi/edit code.
Change-Id: I7bb2f4add7c6e84f072501035b1f77c218174cca
Reviewed-on: https://pdfium-review.googlesource.com/5152
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL changes the tag_gif_decompress_struct into CGifDecompressor. It cleans
up a bunch of unnecessary function pointers and starts cleaning up the members
of the new class.
Change-Id: Id49cd8f5377dc8daaa15118551dadad4ddde7931
Reviewed-on: https://pdfium-review.googlesource.com/5170
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This Cl moves the adapater out of the fpdfsave.cpp file into its own
h/cpp files. The adapter was renamed for clarity. The CPDF_Creator was
modified to take the adapter as a constructor param and the Create
methods consolidated.
Change-Id: Icb104f195ef532dda053c859aae356a8d4a7a54c
Reviewed-on: https://pdfium-review.googlesource.com/5151
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl renames the fpdf_edit_create file to better match the
cpdf_creator content. The CPDF_ObjectStream and CPDF_XRefStream code is
moved out to their own .cpp files. Needed anonymous classes are split
out as well.
Change-Id: Ic83fb319ce28c816db82a4286e22032dc68811bc
Reviewed-on: https://pdfium-review.googlesource.com/5171
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Layering prevents the (newly-moved) CFX_Char from knowing about
this class, so some casting is still required.
Change-Id: I5b7556fdfa80d09e5116b171b01ab5e707763bf0
Reviewed-on: https://pdfium-review.googlesource.com/5172
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I5bc24fb56adfa2ef9b46edd7409e6086093ccf8a
Reviewed-on: https://pdfium-review.googlesource.com/5150
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The cast is too strict for all of the objects to be processed,
however all of the fields in use are present in a parent class
to which these objects all belong.
Bug: 718498
Change-Id: Ibe1d800c73215c36550e54bf18de90cc9d295ef9
Reviewed-on: https://pdfium-review.googlesource.com/5130
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl creates a cpdf_objectstream and cpdf_xrefstream headers from the
editint header.
Change-Id: I857981fa055ee9296cbd344860e55c67acf200ce
Reviewed-on: https://pdfium-review.googlesource.com/5113
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
This CL removes the friend declarations from CPDF_Creator and adds
accessor methods instead.
Change-Id: I6d8f67b5944aed34af00ff6ea9d23fe7d17cec18
Reviewed-on: https://pdfium-review.googlesource.com/5112
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|