Age | Commit message (Collapse) | Author |
|
to fix bug 617135
617135 described an exploit against pdfium using a malformed gif.
This fix introduced a couple edge case handling lines to address
the OOB issue.
BUG= 617135
Review-Url: https://codereview.chromium.org/2230683002
|
|
Review-Url: https://codereview.chromium.org/2240863002
|
|
Analogous to getting the length of JS array, this result
should be a C++-side object only.
Also rename to FXJS_GetObjectProperty to match JS nomenclature.
Review-Url: https://codereview.chromium.org/2242593002
|
|
When the source bitmap's width and height are large,
the multiplication could easily overflow a signed integer.
Change to use 'long long' type for calculation to avoid that.
BUG=chromium:635663
Review-Url: https://codereview.chromium.org/2240723002
|
|
Review-Url: https://codereview.chromium.org/2236743002
|
|
Added methods to reduce duplicated code
Nit fixes
Review-Url: https://codereview.chromium.org/2239703003
|
|
The two methods in fgas_system also exist in core/fxcrt/include/fx_ext with the
FXSYS_ prefix instead of FX_. Remove the fgas_system files and use the
fx_ext versions instead.
Review-Url: https://codereview.chromium.org/2233133002
|
|
CPDF_HintTables::ReadSharedObjHintTable() unnecessarily constraints
a FX_FILESIZE value to an int32_t. Relax this check, since the result
will be stored in |m_szSharedObjOffsetArray| which is of FX_FILESIZE.
Bad values in |m_szSharedObjOffsetArray| will still cause hint table
loading to eventually fail.
BUG=635565
Review-Url: https://codereview.chromium.org/2230883003
|
|
This Cl fixes the CFDE_XMLSyntaxParser::ParseTextChar() to handle entities
where the value goes negative. Currently this could cause an undefined-shift
as due to the (ch << 4) calls. Instead, detect if the value has gone negative
and return a space character.
BUG=chromium:603489
Review-Url: https://codereview.chromium.org/2223823003
|
|
Use smart pointers instead of raw pointer to make memory management
easier for classes mainly under xfa/fxfa.
Also change the return type of IFGAS_FontMgr::Create() to smart
pointer type.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2227883002
|
|
Cleanup some dead code and c-style casts.
Review-Url: https://codereview.chromium.org/2235743003
|
|
As per the PDF specification in [1], page 103, the
'info' property of the Document object is readonly.
[1] http://partners.adobe.com/public/developer/en/acrobat/sdk/5186AcroJS.pdf
Review-Url: https://codereview.chromium.org/2235883003
|
|
... rather then doing c-style type cast.
CL also tweaks the method body a bit to have more early-returns
rather than too-nested-if blocks.
No behavior change is expected, so no new tests are being added.
Review-Url: https://codereview.chromium.org/2230983003
|
|
Use smart pointers instead of raw pointer to make memory management
easier for classes under xfa/fwl/theme.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2230813002
|
|
- Return earlier when possible.
- Fail rather than crash on invalid values.
Review-Url: https://codereview.chromium.org/2235843002
|
|
files.
This is the third CL to separate fx_ge into classes, one per file.
All fx_ge.h includes had to be replaced with new includes
The method definitions for CFX_FxgeDevice were not moved to a single file.
These methods are defined in two folders different from fxge/ge, so they were left untouched for now.
Review-Url: https://codereview.chromium.org/2223213002
|
|
Review-Url: https://codereview.chromium.org/2227673005
|
|
BUG=pdfium:545
Review-Url: https://codereview.chromium.org/2229103003
|
|
CPDFSDK_ActionHandler are unclear. It does not add encapsulation, nor
simplicity to the logic.
CL is a driven-by clean up that merges CPDFSDK_FormActionHandler into
CPDFSDK_ActionHandler.
It takes the opportunity to delete CPDFSDK_ActionHandler (now) empty
constructor and destructor, in favor of compiler-generated ones.
No behavior change is expected, so no new tests are being added.
Review-Url: https://codereview.chromium.org/2227173002
|
|
BUG=pdfium:545
Review-Url: https://codereview.chromium.org/2194393002
|
|
This patch generates a default AP stream for ink annotation so that ink
annotations without AP stream can be displayed.
Also, roll DEPS for testing/corpus to 4119f8e to test ink annotations.
BUG=62625
Review-Url: https://codereview.chromium.org/2232553002
|
|
For classes under xfa/fxbarcode, use smart pointers instead
of raw pointer to make memory management easier.
Also fix some styling issues along the changes.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2221023003
|
|
Review-Url: https://codereview.chromium.org/2226003003
|
|
This patch generates a default AP stream for circle annotation so that
circle annotations without AP stream can be displayed.
Also, roll DEPS for testing/corpus to 71d1f22 to test circle annotations.
BUG=62625
Review-Url: https://codereview.chromium.org/2228093002
|
|
For classes under xfa/fxfa/fm2js, and xfa/fxgraphics, use smart
pointers instead of raw pointer to make memory management easier.
Also fix some styling issues along the changes.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2222203002
|
|
This patch generates a default AP stream for square annotation so that square
annotations without AP stream can be displayed.
Also, roll DEPS for testing/corpus to 7f07c22 to test square annotations.
BUG=62625
Review-Url: https://codereview.chromium.org/2219683002
|
|
Review-Url: https://codereview.chromium.org/2224113003
|
|
There were several overflows detected by the PDF from the linked bug. This
Cl fixes up the base causes of each of them.
BUG=chromium:635473
Review-Url: https://codereview.chromium.org/2226023002
|
|
Use virtual function to return the actual interface type instead
of the base interface type to avoid a lot of casts.
Also tidy up CFWL_Widget by encapsulating variables, and use
smart pointers for class owned member variables.
Review-Url: https://codereview.chromium.org/2209153002
|
|
BUG=632622
Review-Url: https://codereview.chromium.org/2223303002
|
|
Patch implements the Document's API gotoNamedDest, which is
part of the PDF specification [1], page 129, with the following
(short) description:
"Use this method to go to a named destination within the
PDF document".
[1] http://partners.adobe.com/public/developer/en/acrobat/sdk/5186AcroJS.pdf
"Named destination" is a common concept in the PDF world.
It can be used together with PDF's Links, Annotations, Bookmarks
and OpenActions, as well as an action per se, in case "this.gotoNamedDest"
is called directly.
Note that the implementation makes use of the existing hook
CPDFDoc_Environment::FFI_DoGoToAction, which ends up calling
out the embedder to actually handle it.
In case of Chromium, for instance, it calls PDFiumEngine::Form_DoGoToAction
which only handles for now the "page" property of the "destination".
Other properties, including zoom level, and scroll position
are ignored for the moment.
BUG=pdfium:492
Review-Url: https://codereview.chromium.org/2221823003
|
|
Using IsEmpty() is more readable than using GetCount() == 0.
Review-Url: https://codereview.chromium.org/2226113002
|
|
They're only related to the |app| object, not all embed's.
Alert() itself unused.
Review-Url: https://codereview.chromium.org/2224073002
|
|
The CJS_Timer is fairly far removed from JS itself, the
wrapper objects are CJS_TimerObj and TimerObj. Make it
sound less like them.
Having moved the code to app.cpp, the GlobalTimer can now
refer directly to the app, rather than its superclass of
CJS_EmbedObj. Hence we can pull some app-only timer
related methods out of the superclass.
Review-Url: https://codereview.chromium.org/2222043002
|
|
If the width of the CJBig2_Image is set to 0 then the stride_pixels will be
zero and when we divide we'll get a floating point exception.
If the width or height are zero then we can exit early without proceeding with
the rest of the constructor.
BUG=chromium:635008
Review-Url: https://codereview.chromium.org/2222843004
|
|
As per the PDF specification at [1]
"
This property specifies the document's URL.
".
IE/Acrobat supports it, and getting it implemented
would be one step forward in order to support Acrobat JS
script as the one in [2].
[1] http://partners.adobe.com/public/developer/en/acrobat/sdk/5186AcroJS.pdf
[2] https://bugs.chromium.org/p/pdfium/issues/detail?id=492
BUG=492
Review-Url: https://codereview.chromium.org/2219183002
|
|
This is always available elsewhere, so save the bytes and ease
removal of CJS_Array since it now only contains a single v8 local.
Review-Url: https://codereview.chromium.org/2217253002
|
|
This is the second CL in an attempt to split up the classes in fxge/include/fx_ge.h into their own files. CFX_ClipRgn is moved to core/fxge/ge because it is only used in core/fxge. The header for CFX_PathData is left in core/fxge/include since it is used elsewhere.
Review-Url: https://codereview.chromium.org/2216853004
|
|
And use it where appropriate.
Review-Url: https://codereview.chromium.org/2224623002
|
|
Fix memory ownership model for PDFium timers.
The |app| class owns the CJS_Timer as part of its vector<unique_ptr>
to them.
The CJS_Timer "owns" its slot in the global ID to timer map, and
removes itself when it is destroyed. Nothing else deletes
from the global map. Deleting from the global map is
accompanied by a callback to the embedder to clear its
resources.
Next, the proper way to remove a CJS_Timer is by going
through the app, and having the app erase its unique ptr,
which then deletes the CJS_Timer, which in turn cleans up the
global map. Provide a CJS_Timer::Cancel static method to
do this conveniently.
There is a alternate path to the CJS_timer via JS and its
CJS_TimerObj. CJS_TimerObj owns a TimerObj that currently
points to the CJS_Timer. If the timer fires, and cleans
itself up, this can go stale.
Make the TimerObj maintain a weak reference via global
timer ID rather than a direct pointer to the CJS_Timer, so
that if the timer fires and is destroyed, future attempts
to cancel find nothing.
There is another path, where if the JS timer object is GC'd, then we
just clean up its CJS_TimerObj without touching
the actual CJS_Timers. We could make this match the spec
by calling into the new cancel routine as described above,
but it seems weird to have a timer depend on whether a gc
happened or not.
A subsequent CL will rename these objects to more closely
match the conventions used by the other JS wrappers.
BUG=634716
Review-Url: https://codereview.chromium.org/2221513002
|
|
Also get rid of FXJS_ValueCopy() while we're at it.
BUG=pdfium:556
Review-Url: https://codereview.chromium.org/2215093002
|
|
BUG=628304
R=thestig@chromium.org, ochang@chromium.org
Review-Url: https://codereview.chromium.org/2218783002
|
|
This is the first CL in an attempt to split up the classes in fxge/include/fx_ge.h into their own files.
Review-Url: https://codereview.chromium.org/2217663002
|
|
|l_nb_code_blocks_size|
BUG=628890
R=ochang@chromium.org
Review-Url: https://codereview.chromium.org/2212973002
|
|
For classes under xfa/fgas, xfa/fwl/basewidget, and xfa/fwl/core,
use smart pointers instead of raw pointer to make memory management
easier.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2207093005
|
|
Since CFX_BinaryBuf::GetBuffer() returns uint8_t*, casting to uint8_t*
is unnecessary.
Review-Url: https://codereview.chromium.org/2218633002
|
|
Use smart pointer to replace raw pointer type for class
owned member variables so that memory management will
be easier.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2208423002
|
|
We must look the timer up a second time since the callback
may have released it.
BUG=634394
Review-Url: https://codereview.chromium.org/2214003003
|
|
Adds more questionable invocations of ClearTimeOut().
Also, checking that nothing happened is fragile. Log at least
one thing to show that the code ran.
Review-Url: https://codereview.chromium.org/2218473002
|
|
Fix a file name to be consistent with its class name and header file
name.
Review-Url: https://codereview.chromium.org/2215813003
|