summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-07-25Disable submit in XFA forms.Henrique Nakashima
Bug: chromium:842503 Change-Id: If411815d8324929f482e3cad0fda54f24d370c2a Reviewed-on: https://pdfium-review.googlesource.com/37830 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2018-07-25Introduce ToXMLElement() checked downcast helper functionTom Sepez
And use it in place of ASSERT() that the type was correct. Since we can check it, doing so at runtime may help avoid type confusion, and we'll get a nice safe SEGV if the asserted condition ever fails. Change-Id: I46b65a4b70e819a670d7cad7966e0d100f0d9a63 Reviewed-on: https://pdfium-review.googlesource.com/38810 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-25Move CXFA_ThisProxy helper to CXFA_Object.Tom Sepez
Because the other helpers are declared here. Rename VariablesThis to ThisProxy in a few places; VariablesThis is a slightly different concept (see GetVariablesThis()). Then introduce helper for CXFA_List subclass as well. Remove unused const version of some helpers. Change-Id: Ia328d8cd170a8b97015e98c1c770fa8a44810455 Reviewed-on: https://pdfium-review.googlesource.com/38670 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-25Fix hint tables parsing.Artem Strygin
Sample PDF: https://yadi.sk/d/oWLtAEfy3YbEb3 For offsets, equal to the hint stream offset, added hint stream length to determine the actual offset, because linearization inserted the hint stream at the original location of the object. Also the number of bits needed to represent the numerator of the fractional position for each shared object reference may be zero, if each shared group contains only one object with obj num, incremented on 1. Change-Id: I4754d603f388354821e8d0cac97ad99a7578fe4b Reviewed-on: https://pdfium-review.googlesource.com/36610 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-25Use document size instead of file size while parsing.Artem Strygin
We should use document size instead of File size, because all offsets and sizes was read from document should take into account of header offset. Added some tests of parsing of documents with header offset. Also drop friendship of CPDF_SyntaxParser with CPDF_Parser. Change-Id: Iebec75ab2ee07fb644a6c653b4ef5c2e09af09fe Reviewed-on: https://pdfium-review.googlesource.com/35830 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-24Fix UAF in CPDFSDK_Widget::GetMixXFAWidget().chromium/3502Henrique Nakashima
Do not allow instanceManager methods to run in Foreground XFA forms. They are static, and their widgets should not be inserted or removed. See "XML Forms Architecture (XFA) Specification Version 3.3", page 272. Bug: chromium:860697 Change-Id: Ia96834e085ee508618ca4dcb2bd5271466369ede Reviewed-on: https://pdfium-review.googlesource.com/38751 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2018-07-24Rename JS_{METHOD,PROP} to JSE_{METHOD,PROP}Tom Sepez
Because they are too easily confused with non-XFA JS_STATIC_PROP despite being on the XFA side. The JSE_ prefix mirrors the fxjs/fxjse split ("e" presumably standing for "extension" or some such) between the non-xfa/xfa V8 adapter layer. Rename fxjs/{cjx_define.h => jse_define.h}, since there aren't any symbols starting with |CJX| in it. Fix some IWYU for jse_define.h No functional changes. Change-Id: I6a0b2b6fe6ef1b564b0bfa2fa7ba317a0cea0953 Reviewed-on: https://pdfium-review.googlesource.com/38730 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-24Remove lpClass argument from FXJSE_RetrieveObjectBinding()Tom Sepez
In turn, it too is always nullptr. This shows that the V8 side check for hasInstance() was never being applied. We will augment this with C++ side checks down the road, since we don't want to trust V8 anyways. Change-Id: Iee38f32af9561783dbf253d798bd975029f3a4a2 Reviewed-on: https://pdfium-review.googlesource.com/38594 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-24Fix encryption dictionary owning.Artem Strygin
Return encryption dictionary as const reference from CPDF_Parser. Create a copy in CPDF_Creator if needed. Change-Id: I270f71d307d818fba7f65ebe379f5942ae816934 Reviewed-on: https://pdfium-review.googlesource.com/38390 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
2018-07-23Tighten up ThisProxy casts.Tom Sepez
Previous CLs have shown that the "lpClass" checks aren't sufficient here, so ensure we are always checking C++ enum value before downcasting this type. Change-Id: I418127c5e7131e0a3363363a60d1976719d6837c Reviewed-on: https://pdfium-review.googlesource.com/38550 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-23Remove unused CFXJSE_Arguments::GetObject()chromium/3501Tom Sepez
Insert another unowned ptr along the way. Change-Id: I953baa3448282fd4f655bb99524f131f66b7ed86 Reviewed-on: https://pdfium-review.googlesource.com/38593 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-23Remove argument from CFXJSE_Value::ToHostObject()Tom Sepez
Like the other cases, it is always nullptr. Change-Id: I280f25899ffbe5e35f4ef3342aec7896edf3e1f2 Reviewed-on: https://pdfium-review.googlesource.com/38592 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-23Rework of CPDF_Object writing.Artem Strygin
Move writing logic into implementation of related clases. Change-Id: If70dc418b352b562ee681ea34fa6595d6f52eee3 Reviewed-on: https://pdfium-review.googlesource.com/36350 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2018-07-23Remove second argument to CFXJSE_Engine::ToObject()Tom Sepez
It, too, is always passed as nullptr. Change-Id: I2573bea4cc33f48c13979026ea8ae42b368ce8a5 Reviewed-on: https://pdfium-review.googlesource.com/38590 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-23Add support of rebuilding crossrefs with compressed objects.Artem Strygin
Change-Id: I0743c34f0206f85828570430edb9f62b6b0cdbb5 Reviewed-on: https://pdfium-review.googlesource.com/37315 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
2018-07-23Remove unused CScript_DataWindow::JSDataWindow().Tom Sepez
Do the same thing for N other similar files. Change-Id: If9bb7f6335287441206083c3512fc8a788e9d39b Reviewed-on: https://pdfium-review.googlesource.com/38532 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-23Replace CFXJSE_HostObject::type_ with polymorphic conversion methodsTom Sepez
More foolproof technique, and saves one word in every instance at a cost of two pointers in every subclass vtable. Change-Id: Ied4f91d4d203b5e6d83abe751159eb7e55489bb5 Reviewed-on: https://pdfium-review.googlesource.com/38530 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-23Remove second argument to ToJSContext().Tom Sepez
It's always passsed as nullptr. Rename function to ToFormCalcContext() for clarity while we're at it. Change-Id: I96581c6b86b7ac7b48b60429e2144f16af7e46ca Reviewed-on: https://pdfium-review.googlesource.com/38570 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-20Roll buildtools/ 893eb86b0..4ae75c1f8 (10 commits)chromium/3500chromium/3499Lei Zhang
https://chromium.googlesource.com/chromium/buildtools.git/+log/893eb86b02b2..4ae75c1f8188 Created with: roll-dep buildtools TBR=rharrison@chromium.org Change-Id: If395903298495f5131cb9a22b16db4c1c81fbd51 Reviewed-on: https://pdfium-review.googlesource.com/38490 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-07-20Replace downcasts in cxfa_node to checked conversion methods.Tom Sepez
Part of the effort to not trust downcasts in the CFXA_Node hierarchy. The number of subclasses is small enough here that the O(n^2) space overhead for the vtables is not significant. Put all sub-classes in same top-level namespace as the parent, just because we avoid jumping in and out of anonymous namespace. Change-Id: I32b80a93c75f8a09eb17c01fe1e29d04b4053fa1 Reviewed-on: https://pdfium-review.googlesource.com/38510 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-20Rework of CPDF_Parser::RebuildCrossRef.chromium/3498Artem Strygin
Use CPDF_SyntaxParser logic to rebuild crossref. Change-Id: I394f64e76294b97c6a7c2b8984a880712fd193a7 Reviewed-on: https://pdfium-review.googlesource.com/37314 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
2018-07-19Remove some unused default values in cfxjse_context.h.Tom Sepez
Callers already explicitly pass nullptr as needed. Change-Id: I8cf9d4951ec1b75cf90dccc1b53bfcd6fb6a42e6 Reviewed-on: https://pdfium-review.googlesource.com/38450 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-19Change some ASSERTS() to early returns in cfxjse_class.cppTom Sepez
Given the issues we've seen on the non-XFA side, be more careful about using V8-provided data on the XFA side. Change-Id: I13b7fa9ac852be74c8135410734445b2c9a23c97 Reviewed-on: https://pdfium-review.googlesource.com/38430 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-19Make FX stream internal details more private to .cpp files.Tom Sepez
Makes the generic fx_streams.h header pull in lots less OS-specific cluter. Combine and de-virtualize the windows struct. Change-Id: I836b9efb00b25dbd1b8f814645dd31a0f04bb4f4 Reviewed-on: https://pdfium-review.googlesource.com/38330 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-19Fix unbalanced endobj keyword in rectangles_multi_pages.pdf.Lei Zhang
Also add stream lengths. Change-Id: I7a1f565f941f9100058fab0f1ddde5471318f4d3 Reviewed-on: https://pdfium-review.googlesource.com/38350 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-07-19Use pdfium::as_writable_bytes() in cxfa_xmllocale_unittest.cppTom Sepez
This is a cleaner way of getting the required argument. Add helper function and anonymous namespace as misc. cleanups along the way. Change-Id: I600074b7f6597ffd9b451a21ee374f937a8e9940 Reviewed-on: https://pdfium-review.googlesource.com/38310 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-18Roll third_party/skia/ af7700265..588f87967 (1391 commits; 41 trivial rolls)Lei Zhang
https://chromium.googlesource.com/skia.git/+log/af7700265b74..588f879677d4 Created with: roll-dep third_party/skia Change-Id: Ic7c47ae9057b05eeb0f0eafa739401d881c0332d Reviewed-on: https://pdfium-review.googlesource.com/38290 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-07-18Handle wrong tag element count in littlecms.Lei Zhang
BUG=chromium:864932 Change-Id: I7e87ba6e0fc6e2bdefcee29cbc0b60cb9ec9e316 Reviewed-on: https://pdfium-review.googlesource.com/38270 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-07-18Add pdfium::span::as_bytes() and as_writable_bytes().Tom Sepez
Picks up some enhancements from base/span.h. In turn, also adds the size_bytes() helper. Differs from base version in that it works around C++14 enable_if_t<>, and avoids the dynamic_extent template specialization tricks. Use it in a few places where appropriate. Change-Id: I86f72cf0023f2d4317a7afa351fddee601c8f86c Reviewed-on: https://pdfium-review.googlesource.com/38251 Reviewed-by: Daniel Cheng <dcheng@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-18Use casts to deduplicate implementation of const/non-const methods.Henrique Nakashima
Change-Id: Ia5a4e89bff8a1dbc46246f5a734170765b7ee74e Reviewed-on: https://pdfium-review.googlesource.com/38250 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2018-07-18Fix skia_paths build.Henrique Nakashima
The SkColorSetARGBInline alias was removed, use simply SkColorSetARGB instead. Bug: pdfium:11 Change-Id: I8636e305cf938df9427d01a6ca63b3d492a087f3 Reviewed-on: https://pdfium-review.googlesource.com/38252 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2018-07-18Do not add invalid objects to the cross reference table.chromium/3496Lei Zhang
BUG=chromium:851994 Change-Id: I2e14401271c70afa204221e0f3d469f0b82ce8cf Reviewed-on: https://pdfium-review.googlesource.com/37871 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Art Snake <art-snake@yandex-team.ru>
2018-07-18Avoid writing const/non-const versions of the same function.Lei Zhang
Use const_cast for the non-const version to call the const version. Change-Id: Ibdf5fe53255ee6e983555080336f5d63e683afd1 Reviewed-on: https://pdfium-review.googlesource.com/37490 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-07-18Use CPDF_CrossRefTable within CPDF_ParserArtem Strygin
Change-Id: I354e8bed12606abdc67427bbc7928e3b1f11e243 Reviewed-on: https://pdfium-review.googlesource.com/35433 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-18Make CPDF_Parser::GetTrailer const method.Artem Strygin
Use own copy of encryption dictionary within CPDF_Parser, to prevent modification of original trailer. Change-Id: I6246b872d431b94411fcec694c5176f8d85dfe26 Reviewed-on: https://pdfium-review.googlesource.com/35450 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-18Improve image size validation in CPDF_ScaledRenderBuffer.Lei Zhang
In CPDF_ScaledRenderBuffer::Initialize(), use the existing CFX_DIBitmap::CalculatePitchAndSize() function to figure out the pitch and size. Unlike the existing code, CalculatePitchAndSize() does a better job of checking for integer overflows. BUG=pdfium:1123 Change-Id: Ic8fe7226bc56fed0456486d88e02a7af2928bc94 Reviewed-on: https://pdfium-review.googlesource.com/38010 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2018-07-18Simplify CPDF_Creator::InitID().Lei Zhang
Remove checks for impossible conditions. Change-Id: I7a6607675899bfde6179e93da0c9139dfec19984 Reviewed-on: https://pdfium-review.googlesource.com/38070 Reviewed-by: Art Snake <art-snake@yandex-team.ru> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-07-17Add Deleter and Scoper for FPDF_PAGELINK.chromium/3495Andrew Weintraub
Change-Id: Ie997bfa5437d4222a381be3fc2b4334d6c8e2d5b Reviewed-on: https://pdfium-review.googlesource.com/38190 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-17Limit recursion depth for CXFA_DocumentParser::NormalLoader().Henrique Nakashima
Bug: chromium:849143 Change-Id: I973bb3be6151ac3afad850533cb735c03e9f3d2c Reviewed-on: https://pdfium-review.googlesource.com/38210 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2018-07-17Cleanup SetSavedCalled APIRyan Harrison
Fix a couple of post submit comments on the originally version of this API. BUG=pdfium:953 Change-Id: Id5b7480c5791821340366371b4ab861e78d47e8b Reviewed-on: https://pdfium-review.googlesource.com/38150 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-07-17Reserve space for result in ::FilterContentsRyan Harrison
This changes the implementation for the specific bug listed and proactively fixes it in the other overrides. The general bug here is that if you concat a WideString in a tight loop without first reserving space, each call will cause an allocation size change and memcpy. This is very expensive and causes ClusterFuzz cases to timeout. BUG=chromium:863295 Change-Id: I6c1d900a31b98cd9ddcf91d1ec0f3973c9cdfa26 Reviewed-on: https://pdfium-review.googlesource.com/38110 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-07-17Check for global flag on global proxy objects.Tom Sepez
Second line of defense for issue in the associated bug. Bug: chromium:862059 Change-Id: I58ba890dfe02c89dd6bcfa23e2e116e107f9adbc Reviewed-on: https://pdfium-review.googlesource.com/37991 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-16Make JSGetObject<C>() return UnownedPtr<C>.Tom Sepez
This a convenient place to assert that the callback that is about to be invoked on the object doesn't destroy the object at any point during its execution. Change-Id: Iacb9d4e01603cc6bf316b00fdd062955c903ca5c Reviewed-on: https://pdfium-review.googlesource.com/37970 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-16Use UnownedPtr/Optional in cfxa_layoutcontext.cppTom Sepez
Introduce cfxa_layoutcontext.cpp to satisfy chromium style ctor check. Fix typo in class forward declaration in cfxa_layoutcontext.h Change-Id: I2b29bf61a21be0f895faf8984897c5655a4f0e89 Reviewed-on: https://pdfium-review.googlesource.com/37950 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-07-16Use UnownedPtr<> to v8::Isolates.Tom Sepez
Isolates are long-lived, but this may catch a few things. Introduce CFX_V8IsolateDeleter for unique_ptr<v8::Isolate> usage. Fix Dispose()/SetIsolate(nullptr) ordering in cjs_runtime.cpp Remove one unused isolate member. Flip protected -> private in one place. Change-Id: I26cdd120f799192e93b0d9d04dcde8f348dc21f3 Reviewed-on: https://pdfium-review.googlesource.com/37931 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-07-16Fix crash when typing letters into an XFA datetime field.Henrique Nakashima
The root of the issue is that CXFA_FFDateTimeEdit inherits from CXFA_FFTextEdit and methods in the former treat its widget as a CFWL_Edit, while it can be a CFWL_DateTimePicker. Bug: chromium:857521 Change-Id: I764b6c03095b16f6a9cf72ff36768ca4c57c4070 Reviewed-on: https://pdfium-review.googlesource.com/37910 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2018-07-16Alert embedder when attempting to save XFA formRyan Harrison
This CL adds an experimental callback to the form fill API that allows PDFium to signal to the embedder that an attempt call save occurred. The embedder is responsible for showing an appropriate UI when this occurs. When PDF saving is implemented the API can be removed. BUG=pdfium:953 Change-Id: Iba30f4d0547fe773b793e499995be426626092a0 Reviewed-on: https://pdfium-review.googlesource.com/35870 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2018-07-16Fix some nits in CPDF_Document.Lei Zhang
Change-Id: I57f89b9f2a8ef3f351e7574a76d6064ffde150d3 Reviewed-on: https://pdfium-review.googlesource.com/37870 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-07-16Add FPDFFormObj_GetObject() APIMiklos Vajna
To be used together with the existing FPDFFormObj_CountObjects() function. Change-Id: I8ed69624e967708c8db7e8f135e28fbe6a52752f Reviewed-on: https://pdfium-review.googlesource.com/37890 Reviewed-by: Nicolás Peña Moreno <npm@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2018-07-16Process data changes regardless if they can be formattedRyan Harrison
UI elements in XFA can have two different <picture> clauses with different meanings. One is a formatting statement that dictates the format the underlying data should appear in. The other <picture> occurs within an <validate> block and specificies what format the underlying should be. If it doesn't fit this <picture> the <validate> block indicates what should occur. In the existing code actually running the second <picture> type was being conditionally guarded on whether of not the formatting of the first type succeeded. This CL moves the calls related to data changing earlier, to before the formatting and UI updating occurs. BUG=pdfium:1065 Change-Id: Ib525c490074187c3272f4263ab451bf347b74f9c Reviewed-on: https://pdfium-review.googlesource.com/37250 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>