Age | Commit message (Collapse) | Author |
|
It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.
The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.
Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.
Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.
Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.
Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.
TEST=look for absence of -11 in XFA corpus test logs, bots not
currently noticing the segv. Argh.
Review-Url: https://codereview.chromium.org/2631703003
|
|
This Cl converts the names to FDE_CSSRect and FDE_CSSLength to better match
other parts of the code base.
Change-Id: I33367ae3d93d912755671486d6d5317cddbc4f62
Reviewed-on: https://pdfium-review.googlesource.com/2179
Commit-Queue: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
We can get into a loop when gif_img_row_bytes is 0 since Decode will
return 3 when the second parameter is 0, and there is a while(ret!=0).
BUG=681170
Change-Id: I63502a8487c07030fce2373f74cec6b4f0c98297
Reviewed-on: https://pdfium-review.googlesource.com/2211
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
If the values are going to overflow, return error code, which seems to
be 2.
BUG=668822
Change-Id: I89b3fcf277e98d65b8c3438e6d9bb84fe62a8de9
Reviewed-on: https://pdfium-review.googlesource.com/2213
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This Cl moves IFDE_CSSValue and IFDE_CSSRule to concrete classes and moves the
holding of the type into the base class.
Change-Id: Iea29cc55256dd2183b60ca8711367d5dc8daaa24
Reviewed-on: https://pdfium-review.googlesource.com/2178
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL cleans up some interface classes from FDE CSS.
Change-Id: I975e5d63f8ae6a0bc7bb849b6f11f0ae43092e4d
Reviewed-on: https://pdfium-review.googlesource.com/2177
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
BUG=680062
Change-Id: I9e2fd960915cd1de5e0cc15aeabf9ccf27e5a795
Reviewed-on: https://pdfium-review.googlesource.com/2212
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
BUG=669893
Change-Id: I0977c031d5b272ce5182da6b3020ac092e30aef4
Reviewed-on: https://pdfium-review.googlesource.com/2210
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
It already has a sizeof() and a cast built into the macro,
so we don't need to do sizeof() and cast on each usage.
Review-Url: https://codereview.chromium.org/2625133009
|
|
This will land after this CL
https://chromium-review.googlesource.com/c/424575/
as a way of making sure it works as intended.
TBR=borenet
BUG=skia:5973
Review-Url: https://codereview.chromium.org/2629943002
|
|
This Cl cleans up the property and property value definitions which are never
used in the FDE CSS parser code. A few other unused methods are also removed.
Change-Id: Ib5a316d9c877d87f1d5e0003de4d85d59eab087a
Reviewed-on: https://pdfium-review.googlesource.com/2175
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
A return of ID == 0 from the embedder means the timer was not
created (see public/fpdf_formfill.h), although few embedders
actually conform to this convention.
Firing a timer with ID == 0 will thus do nothing since there can't
be such a timer in the map.
BUG=679649
Review-Url: https://codereview.chromium.org/2626863003
|
|
In this case, we observe the destruction of the object, but have
unfortunately saved a pointer to it in a local variable.
BUG=679643
Review-Url: https://codereview.chromium.org/2628233002
|
|
If rb is allocated memory but p != q, then it will not be assigned to
sp->actable[m], so it will leak.
BUG=680520
Change-Id: Ib0b178b043b2a9821fb289d033ca0ab52e4cbe48
Reviewed-on: https://pdfium-review.googlesource.com/2176
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This patch adds the additional functions required to make postscript
printing functional. The most significant additions are are two added
compression functions and a new API for setting the postscript level.
Not currently called from Chromium, Chromium patch to come.
BUG=
Review-Url: https://codereview.chromium.org/2612243005
|
|
Patch has been accepted upstream, see:
http://bugzilla.maptools.org/show_bug.cgi?id=2658
BUG=655008
Change-Id: I7ef69e6f71e66bd7e0a4d334c4f8e60ed02213d2
Reviewed-on: https://pdfium-review.googlesource.com/2174
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
All the work happens in the virtual dtors like it should.
Review-Url: https://codereview.chromium.org/2628843003
|
|
PDFium doesn't have any flaky tests, so re-running the tests on failure just
cause the failure to happen again. The only time re-run is useful is if the
bot goes away which is fairly exceptional.
Change-Id: Id7b615cf91b502fdfdc2882fc85df0cdcaa512a1
Reviewed-on: https://pdfium-review.googlesource.com/2173
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Rename to CPDFSDK_AnnotIteration, as it is now an ordered set of
annots, and not the iterator itself.
Review-Url: https://codereview.chromium.org/2626073005
|
|
The return value is used to determine whether TIFFReadFile fails. If we
return just the length, libtiff will try reading uninitilized values
afterwards, on corrupted files.
BUG=679230, 670928
Change-Id: I579adc9d8a00e8cafab45dbdb728f1cb702da051
Reviewed-on: https://pdfium-review.googlesource.com/2172
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL updates the possible FDE CSS enums to enum classes and fixes up any
instances of incorrect values being used. A few other cleanups and changes
were needed to complete the conversion.
Change-Id: Ibcca5229a9ca8de1f4beb6462535f61705fd4f8c
Reviewed-on: https://pdfium-review.googlesource.com/2170
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
My previous attempt did not follow precisely the way m_nb_mcc_records
is increased in opj_j2k_read_mcc.
Previous: https://pdfium-review.googlesource.com/c/2165/
BUG=678461, 680102
Change-Id: I3e14c440e3a49b714f8cd82d44992fe647200336
Reviewed-on: https://pdfium-review.googlesource.com/2171
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Widgets as returned from GetWidgets() can pop out of existence
unexpectedly, so always return observed pointers. This extends
the same pattern used elsewhere in the file to all occurrences.
BUG=679642
Review-Url: https://codereview.chromium.org/2624933002
|
|
This CL removes the use of FX_Alloc and any remaining new'd CFXJSE_Value objects
from CXFA_FM2JSContext and replaces them with unique_ptrs and vectors.
Change-Id: I30ba697d65ee326d2faa895c3217bdc407419298
Reviewed-on: https://pdfium-review.googlesource.com/2157
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
I also made the call to set the flags occur before the Initialize()
call, as this appears to be the pattern elsewhere in our codebase.
Review-Url: https://codereview.chromium.org/2627563003
|
|
Now we update m_nb_mct_records only when there was a new mct record, and
l_mct_data computations all went through. In previous version, the
++l_tcp->m_nb_mcc_records was in the end, without the if. Notice that
this is similar to the analoguous in opj_j2k_read_mcc.
CL that changed the calculation:
https://github.com/uclouvain/openjpeg/commit/7a8cdc4bb071494fccf4714413191a52eb924b60
BUG=678461
Change-Id: I9a9e7eb03d1da085f8eb15a221a6bc0a91736662
Reviewed-on: https://pdfium-review.googlesource.com/2165
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This Cl replaces the custom IFX_MemoryAllocator code with new/delete as needed.
Change-Id: Ie786f607c9e0b3035ffd87733bc3e29a4b6426d9
Reviewed-on: https://pdfium-review.googlesource.com/2164
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL splits the xfa_texlayout.{cpp|h} files into individual class files.
Minor reformatting was done in the new clasess.
Change-Id: Id79ffcb8dca3fcf287a2e6dec78fd2b1f990a542
Reviewed-on: https://pdfium-review.googlesource.com/2162
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL removes the custom allocator from CFDE_TxtEdtBuf and uses
std::vector<std::unique_ptr>> instead.
The Iterator code has been made an inner class of the buffer and rename to
CFDE_TxtEdtBuf::Iterator instead of CFDE_TxtEdtBufIter.
Change-Id: Ied8e844dea700e0ef37087f0d3fad4882d9eada1
Reviewed-on: https://pdfium-review.googlesource.com/2159
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Use unique_ptr while we're at it.
Review-Url: https://codereview.chromium.org/2618373003
|
|
The code_size variable is the number of bits. We should make sure that
the size is at most 31 to avoid having undefined shifts etc.
BUG=620661
Change-Id: Ia533386d01de93a55048cfd63d63989b2731a210
Reviewed-on: https://pdfium-review.googlesource.com/2161
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Also use unique_ptr in one spot while we're at it.
Review-Url: https://codereview.chromium.org/2625483002
|
|
Code is much clearer when we use the actual types
rather than this convention.
Review-Url: https://codereview.chromium.org/2618993002
|
|
This CL adds a set of unit tests for the text edit buffer. It fixes up a few
bugs found adding the tests and removes the unused ::Optimize method.
Review-Url: https://codereview.chromium.org/2614383003
|
|
We are using pdfium::base::checked_cast to get the width and height,
but we may overflow and abort. Therefore, we should instead early
return if the obtained width and height are not valid int32_t's.
BUG=655056
Change-Id: Ic0c6b88a16dc3d547fe82736bb14ed3122cd356a
Reviewed-on: https://pdfium-review.googlesource.com/2160
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
CAgg_PathData::BuildPath already HardClips x, y. We need to do this to
any other points used, otherwise we risk having huge numbers, and when
calling agg methods on these we'll be super slow.
BUG=670524, 678767
Change-Id: I35c1cee7bd6481ea57e0df27b2c5202d1cca3301
Reviewed-on: https://pdfium-review.googlesource.com/2158
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
We should not have valid objects where the object number is
CPDF_Object::kInvalidObjNum.
BUG=pdfium:609
Review-Url: https://codereview.chromium.org/2610393004
|
|
The td_refblackwhite value is currently assigned without validation. This
may pose an issue as the image can specify the value as nan. This will cause
problems later when we use the nan in calcluations.
This CL validates each of the float values are not nan and if they are sets
them to the default provided by the TIFF spec v6.
BUG=chromium:632883
Change-Id: I17b01f744d3f5247c4bd3f42765a27b611dc7d8c
Reviewed-on: https://pdfium-review.googlesource.com/2151
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2619673002
|
|
Remove unused m_Segments.
Review-Url: https://codereview.chromium.org/2618863004
|
|
Review-Url: https://codereview.chromium.org/2611413002
|
|
Review-Url: https://codereview.chromium.org/2610813010
|
|
All usage is now replaced with stl equivalents.
Move one definition from fx_basic.h to where it's actually needed.
Review-Url: https://codereview.chromium.org/2612773007
|
|
Review-Url: https://codereview.chromium.org/2616623005
|
|
Revert CL http://crrev.com/2608663003 in preparation for adding
postscript generation to Pdfium.
Note postscript generation code will not be called until additional
patches land. These patches will also include modifications needed to
make this code functional (currently missing a few compression functions).
BUG=
Review-Url: https://codereview.chromium.org/2615703002
|
|
Review-Url: https://codereview.chromium.org/2617483005
|
|
Review-Url: https://codereview.chromium.org/2617683003
|
|
This CL updates the unique_ptrs to use MakeUnique instead of new. The types
are updated to be auto.
Change-Id: I2a82a4ec6659e5c343cc03d4840b3046ecb6934e
Reviewed-on: https://pdfium-review.googlesource.com/2156
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL initializes the raw tif data to guard against unitialized memory access.
BUG=chromium:677377
Change-Id: If272fafacd996c2e93a41fb6e477661dc0c5492c
Reviewed-on: https://pdfium-review.googlesource.com/2150
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL removes the size arrays and variables and uses the vector to get the
size directly.
Change-Id: I0f7b5f48e53ff1ec379ad34a23807d70b02a538a
Reviewed-on: https://pdfium-review.googlesource.com/2155
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|