summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-05-17Gif: Detect string decoding errorsNicolas Pena
This CL adds some checks to make sure the DecodeString method does not go out out control: If code is equal to code_table[code].prefix, it will try to loop forever. Even if that's not the case, avoid reading a negative position from the stack. Bug: chromium:722672 Change-Id: I638f91542ba21f3a9915198fef853cc3cf94f4f1 Reviewed-on: https://pdfium-review.googlesource.com/5513 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-17Revert "Small fix in CPDF_TrueTypeFont load"Nicolás Peña
This reverts commit dde95d8be9bc2817e34429fc38ee6d89d6d5ab75. Reason for revert: the test added is flaky Original change's description: > Small fix in CPDF_TrueTypeFont load > > The ToUnicode map should not be ignored when it exists. Doing so can cause a > charcode to be assigned an incorrect glyph index, and will result in garbled > text. > > Bug: chromium:665467 > Change-Id: I21c1bf560a0731d974191d4189ea730ef9868334 > Reviewed-on: https://pdfium-review.googlesource.com/5512 > Reviewed-by: Lei Zhang <thestig@chromium.org> > Commit-Queue: Nicolás Peña <npm@chromium.org> > TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org,npm@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Bug: chromium:665467 Change-Id: I704a34f326d31018061bcfd857fb25f7e4ee4cc2 Reviewed-on: https://pdfium-review.googlesource.com/5493 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-16Be skeptical of bare |new|s.Tom Sepez
In particular, prefer an explicit .release() call when handing ownership of an object to a caller across a C-API. Change-Id: Ic3784e9d0b2d378a08d388989eaea7c9166bacd1 Reviewed-on: https://pdfium-review.googlesource.com/5470 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-16CFDE_RenderDevice::m_bOwnerDevice is always falseTom Sepez
So remove it. But they probably wanted it to be true in one place, because it looks like a leak. So find a better way to own the object. Change-Id: I15937e29da5ce8b380f82cb20ee3ecc3f49b8ca3 Reviewed-on: https://pdfium-review.googlesource.com/5473 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-16Small fix in CPDF_TrueTypeFont loadNicolas Pena
The ToUnicode map should not be ignored when it exists. Doing so can cause a charcode to be assigned an incorrect glyph index, and will result in garbled text. Bug: chromium:665467 Change-Id: I21c1bf560a0731d974191d4189ea730ef9868334 Reviewed-on: https://pdfium-review.googlesource.com/5512 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-16Properly ref-count CPDFXFA_PageTom Sepez
Change-Id: Ibd1ebe4191f61e20d815de7f1a1094d78b72e6a7 Reviewed-on: https://pdfium-review.googlesource.com/5391 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-16Introduce CFX_UnownedPtr to detect lifetime inversion issues.Tom Sepez
There are places where an object "child" has a raw pointer back to object "owner" with the understanding that owner will always outlive child. Violating this constraint can lead to use after free, but this requires finding two paths: one that frees the objects in the wrong order, and one that uses the object after the free. The purpose of this patch is to detect the constraint violation even when the second path is not hit. We create a template that is used in place of TYPE*. It's dtor, when a memory tool is present, goes out and probes the first byte of the object to which it points. Used in "child", this allows the memory tool to prove that the "owner" is still alive at the time the child is destroyed, and hence the constraint is never violated. Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417 Reviewed-on: https://pdfium-review.googlesource.com/5475 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-16Handle when XFA parser error handlers cannot format error messages.Lei Zhang
Limit the length of error messages to avoid string formatting failure. Simplify some CXFA_FMParse error handling code too. BUG=chromium:708428 Change-Id: I2f5fdb61349a90b3ba681dcc04a26ce0d7f2bdda Reviewed-on: https://pdfium-review.googlesource.com/5331 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-16Add formcalc lexer tests.Dan Sinclair
This CL adds tests for CXFA_FMLexer. Change-Id: I4cb7000212dda6d2b32211005a1c22deabb813ae Reviewed-on: https://pdfium-review.googlesource.com/5554 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-16Update formcalc return typesDan Sinclair
Update return types to be bools instead of ints. Make some methods private. Change-Id: I5d55c48a861f90e9bd116ef835c11cdb515002a6 Reviewed-on: https://pdfium-review.googlesource.com/5553 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-16Do not walk off end of formcalc stringDan Sinclair
The fm2js code takes a pointer to the input string and then walks along that pointer. There are currently no checks to verify we haven't walked off the end of the pointer into random memory. If this happens, we can end up allocating large chunks of memory and copying random bits. BUG=chromium:721533 Change-Id: Ia61fe96c1ff9eb9ded63cf8326b7be44986bd9e1 Reviewed-on: https://pdfium-review.googlesource.com/5550 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-16Minor xfa_lexer.cpp cleanupDan Sinclair
Remove the inc/dec/get methods that aren't helpful. Change methods to return void instead of uint32_t and make sure they set the proper error messages. Change-Id: I741316e7990a776d528625f34fd941316c524c15 Reviewed-on: https://pdfium-review.googlesource.com/5530 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-16Simplify ContrastAdjust().chromium/3102Lei Zhang
Add a few constants in the process. Change-Id: Id69b939e4ea6a3de879e0a1f29d1453e95c838db Reviewed-on: https://pdfium-review.googlesource.com/5552 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-15Remove gamma codeDan Sinclair
The gamma value is always 2.2, which means the table entries all point to themselves. Remove the usage of the gamma table. Change-Id: Idbb06015e8acd9f106f4bd1da5ef06563fb26296 Reviewed-on: https://pdfium-review.googlesource.com/5352 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-15Remove unused flags from CPDF_CreatorNicolas Pena
The only user of CPDF_Creator is FPDF_Doc_Save, and it only uses flags 1 or 2 when calling Create. Thus, the other two flags will never be set. Change-Id: Ib2eb0ce5585469c7749f0ab350855f1c6a2bba08 Reviewed-on: https://pdfium-review.googlesource.com/5491 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-15Libtiff: upstream fix for heap buffer overflowNicolas Pena
Upstream patch: https://github.com/vadz/libtiff/commit/5a4eceed8d2f28d05f49add9ce647684d59d461a Bug: chromium:722071 Change-Id: Idef412edbeb3255375ab18c68721dbaf7c601119 Reviewed-on: https://pdfium-review.googlesource.com/5511 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-15Check correctness of PDF Skia argsNicolas Pena
Users get confused when they set both Skia args to true and their code does not compile. This CL adds a check for this when generating gn args. Bug: pdfium:722 Change-Id: I0fb6f6a3fa64b094b674c602f38c736ee7b7fd65 Reviewed-on: https://pdfium-review.googlesource.com/5510 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Cary Clark <caryclark@google.com> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-15Gif: error out on invalid code sizeschromium/3101Nicolas Pena
From the Gif spec: 'The output codes are of variable length, starting at <code size>+1 bits per code, up to 12 bits per code. This defines a maximum code value of 4095 (0xFFF).' 'Because the LZW compression used for GIF creates a series of variable length codes, of between 3 and 12 bits each' Bug: chromium:722115 Change-Id: Ic9cff99e6012195a6b5173693b029dc710285688 Reviewed-on: https://pdfium-review.googlesource.com/5490 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-15Convert CPSOutput to an IFX_WriteStreamdan sinclair
This Cl updates CPSOutput to inherit from IFX_WriteStream and converts the CFX_PSRenderer to accept an IFX_WriteStream instead of a CPSOutput. Change-Id: Ibde5c7da1c2f6df0a10cb6e9a470e18fbab167b8 Reviewed-on: https://pdfium-review.googlesource.com/5431 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-15Add a WriteString method to IFX_WriteStreamdan sinclair
This Cl allows passing a CFX_ByteStringC to IFX_WriteStream along with the buffer method. This makes it easier to pass C-style strings to the stream. Change-Id: I1051eb3ba17c7fbd42984c14dc60cbce24d72f3f Reviewed-on: https://pdfium-review.googlesource.com/5430 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-15Smells like a leak in PWL_ComboBox.cppTom Sepez
Change-Id: I519d79b2b22d2b947c546c6285195b8ca52f4993 Reviewed-on: https://pdfium-review.googlesource.com/5471 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-15Return unique_ptr from xfa lexer Scan() methodTom Sepez
Change-Id: I7586194b59d2c8e28fc24b698ea93f4a2ab636e2 Reviewed-on: https://pdfium-review.googlesource.com/5474 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-12Rename ErrorData and fix potential leakchromium/3100chromium/3099Nicolas Pena
This CL fixes a leak that can be caused by a longjmp in ErrorData. The method is renamed to express the fact that it includes such, and a followup should remove the jmps altogether. Bug: chromium:721488 Change-Id: Iefcc82a77a30ff77b7973b05611440a8d5bf275e Reviewed-on: https://pdfium-review.googlesource.com/5450 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-12Merge FXGIF_Context and CGifDecompressor into CGifContextchromium/3098Nicolas Pena
Change-Id: I60c9cbd83ff9e7a30a5a570a6ad1cf8f52360c07 Reviewed-on: https://pdfium-review.googlesource.com/5410 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-11Use clamp() in a couple more places.Lei Zhang
Change-Id: I9b7a1c101e3c73d0270f9216225e5a13d9937b97 Reviewed-on: https://pdfium-review.googlesource.com/5332 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-11Rename render device classesDan Sinclair
This Cl renames the CFX_RenderDevice subclasses to make their usage clearer. Change-Id: Ie820b57df9a3743ce8c6893fb483b398a1f1bdbe Reviewed-on: https://pdfium-review.googlesource.com/5390 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Remove unused GetPlatformSurface and GetDC methodsdan sinclair
The times we need the DC we call ::GetDC to retrieve it from the platform. These methods are unused. Change-Id: If83aa9b37ae2231d8029db6f2e6d8d17f1825611 Reviewed-on: https://pdfium-review.googlesource.com/5350 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Add missing CheckUnsupportedErrorDan Sinclair
The FPDF_LoadDocument call was missing the CheckUnSupportedError so, if the document contained unsuppoted information the user would not be notified. This brings the method in line with the other loading methods. Change-Id: I308b25335a228eb02c51562f9caf91cda9193b73 Reviewed-on: https://pdfium-review.googlesource.com/5336 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Do not use vector data() when it is emptyNicolas Pena
Before, all pointers were being initialized to 0. After raw pointers were changed to vectors, data() was used in some cases, but now no longer returns nullptr when it is supposed to. This CL fixes that. Bug: chromium:721417 Change-Id: Ia31b75b18dc17d7eed48538145fe5d0d59668843 Reviewed-on: https://pdfium-review.googlesource.com/5353 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-11Move map and codec loading into managerDan Sinclair
This Cl consolidates the code to load maps and codecs into the CPDF_ModuleMgr class instead of putting it directly into fpdfview. Change-Id: Ia08f212f43a33e51ab1c7832051ee4f28eecb50d Reviewed-on: https://pdfium-review.googlesource.com/5335 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-11Fixup Initialize spellingchromium/3097Dan Sinclair
Change-Id: Ibd8d70264d79afc0baabaa5093aceb21ee777196 Reviewed-on: https://pdfium-review.googlesource.com/5334 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Stop rendering if a span length overflowed in AGGNicolas Pena
In AGG, len is of type coord_type, which we have as int16_t, but we can add to it large values, causing it to become negative. Stop the rendering when that occurs. Bug: chromium:719258 Change-Id: Ic7497666b01220a9cd3e7d749f1fc6ae4a210870 Reviewed-on: https://pdfium-review.googlesource.com/5370 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-11LibOpenJPEG: undefined shift in opj_t1_dec_clnpassNicolas Pena
bpno_plus_one is used as a parameter bpno for a bunch of methods that calculate 1 << bpno. Thus, use a reduced value when it's large enough to cause undefined shift. bpno_plus_one itself remains unchanged so that the number of calls remains the same Bug: chromium:698526 Change-Id: I40431d41a04f3e2315bd3c80114cd0fcbd2815b4 Reviewed-on: https://pdfium-review.googlesource.com/5310 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-11Limit XFA FormCalc program translation size.Lei Zhang
BUG=chromium:665087,chromium:718492 Change-Id: I09e93b4167ab2c0b3b53641243aa0cbeb5b98c4f Reviewed-on: https://pdfium-review.googlesource.com/3114 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-10Split DCT decoder creation from CPDF_DIBSource::CreateDecoder().Lei Zhang
Change-Id: Ia0ea49f0460fcb8e55542f237d321bb9207aa8e1 Reviewed-on: https://pdfium-review.googlesource.com/5250 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-10Replace operator bool with HasRef() in classes with a CFX_SharedCopyOnWrite ↵Lei Zhang
member. Change-Id: I51e30d298e87b9ae0d5aca83b2f1d6787efce70a Reviewed-on: https://pdfium-review.googlesource.com/5290 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-10Check CXFA_FM2JSContext::Translate() return value.Lei Zhang
Remove not useful error parameter. Change-Id: I6f49a51a47c9d7f45e75a585679e15f0414aac26 Reviewed-on: https://pdfium-review.googlesource.com/5254 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-10Store the offset in the archive bufferDan Sinclair
This Cl moves the implementation of the archive buffer behind an IFX_ArchiveStream interface. The buffer holds the current offset and the offset parameter is removed from the CPDF_Creator and various other methods. Change-Id: Ia54e803b58bbfb6ef03fec4a940d2c056d541356 Reviewed-on: https://pdfium-review.googlesource.com/5255 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-10Cleaning up Edit codeDan Sinclair
This Cl conslidates if statements, converts int returns to bools where possible and various other cleanups in fpdfapi/edit. Change-Id: Ia31ecc69843117eb5ebfff449a6046a267d08e89 Reviewed-on: https://pdfium-review.googlesource.com/5190 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-10Cleanup CGifDecompressor part 2Nicolas Pena
Change-Id: I9754da8d1bf54b328761ac9d83fcc4a3518b4a73 Reviewed-on: https://pdfium-review.googlesource.com/5230 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-10Fix FPDFImageObj_LoadJpegFile(Inline) to allow NULL to be passed in for ↵chromium/3096Andrew Weintraub
pages, as the documentation explicitly allows this. Bug:pdfium:710 Change-Id: I0535b45c16ae7a53609da3b09ff7d427c52567b5 Reviewed-on: https://pdfium-review.googlesource.com/5270 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-10Simplify CPDF_ImageRenderer::StartRenderDIBSource().Lei Zhang
Change-Id: Ia0a78be3320c5d6c3d0c40d4199cae1473e0e8dc Reviewed-on: https://pdfium-review.googlesource.com/5253 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-10Use FXSYS_IntToTwoHexChars() in more places.Lei Zhang
Change-Id: I84cd8e91a296119ecf80b7a092b886f291bebb45 Reviewed-on: https://pdfium-review.googlesource.com/4953 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-10Fix typos for the word start.Lei Zhang
Change-Id: Ic602126dc5407fcbb56dca5ec43e1824a5ca55b6 Reviewed-on: https://pdfium-review.googlesource.com/5251 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-09Create common CXML_Object base class for CXML_Content and CXML_Element.Tom Sepez
They should each know what they are rather than having an external ChildRecord struct to track the type. Change-Id: Ic647ba45569764073e944d30af1a96dccdc29eb3 Reviewed-on: https://pdfium-review.googlesource.com/5210 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-09Remove FPDFPageObj_NewImgeObj().Lei Zhang
Callers should use FPDFPageObj_NewImageObj() instead. Change-Id: If9f262af771344799a372645e466d3b8e64482ed Reviewed-on: https://pdfium-review.googlesource.com/5153 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-09LibOpenJPEG: restrict l_img_comp->prec to avoid undefined shiftNicolas Pena
The 38 value seems arbitrary, and the prec is used in OPJ_INT32 with 1 << (prec - 1). So limit it to be at most 31, and avoid undefined shifts. Bug: chromium:698498 Change-Id: I840f2e65231ac7847ed26bcaea36471a53be49e8 Reviewed-on: https://pdfium-review.googlesource.com/5173 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-09Edit code cleanupDan Sinclair
Minor cleans in the fpdfapi/edit code. Change-Id: I7bb2f4add7c6e84f072501035b1f77c218174cca Reviewed-on: https://pdfium-review.googlesource.com/5152 Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-09Cleanup of CGifDecompressor part 1Nicolas Pena
This CL changes the tag_gif_decompress_struct into CGifDecompressor. It cleans up a bunch of unnecessary function pointers and starts cleaning up the members of the new class. Change-Id: Id49cd8f5377dc8daaa15118551dadad4ddde7931 Reviewed-on: https://pdfium-review.googlesource.com/5170 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-09Move FPDF_FILEWRITE adapter to own fileDan Sinclair
This Cl moves the adapater out of the fpdfsave.cpp file into its own h/cpp files. The adapter was renamed for clarity. The CPDF_Creator was modified to take the adapter as a constructor param and the Create methods consolidated. Change-Id: Icb104f195ef532dda053c859aae356a8d4a7a54c Reviewed-on: https://pdfium-review.googlesource.com/5151 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>