summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-11-24Merge to M47: Add a missing setjmp() to CCodec_JpegDecoder::v_GetNextLine().chromium/2526Oliver Chang
If jpeg_read_scanlines() ends up calling the error callback, we longjmp into some undefined state. BUG=558840 TBR=thestig@chromium.org Original Review URL: https://codereview.chromium.org/1463563003 . (cherry picked from commit 06e33aec03f13c76d9eff5c09cb03e142b0c5ef1) Review URL: https://codereview.chromium.org/1471913005 .
2015-11-24Merge to M47: Change |CCodec_ScanlineDecoder::m_Pitch| to FX_DWORDOliver Chang
This matches the type of the corresponding |CFX_DIBSource::m_Pitch|, where integer overflow is checked for FX_DWORD. This change is propagated to many other places. Also, check for integer overflow in |CCodec_RLScanlineDecoder::Create| during the calculation of |m_Pitch| since it aligns to 4 bytes while overflow was was previously checked without this alignment. TBR=thestig@chromium.org BUG=555784 Original Review URL: https://codereview.chromium.org/1460033002 . (cherry picked from commit e7950df70a2fd658f466751b29483436cb31e829) Review URL: https://codereview.chromium.org/1473143003 .
2015-11-13Merge to M47: Fix extraction of colour components in ↵Oliver Chang
CPDF_DIBSource::DownSampleScanline32Bit Previously, if |m_bpc| was < 8 (e.g. 4), this function may still try to access the source components as if |m_bpc| == 8. Even when it fell into the codepath that tried to do the right thing in this case, it was wrong. BUG=554151 Review URL: https://codereview.chromium.org/1433423002 . (cherry picked from commit e21fe98d5b5da7da01503b985b07b90c8e811689) R=thestig@chromium.org Review URL: https://codereview.chromium.org/1441973002 .
2015-11-13Merge to M47: Clear decoders after the image decoder in the /Filter array.Oliver Chang
During decoding, when an image decoder is encountered, any subsequent decoders are ignored, but remain in the array. However, later on CPDF_DIBSource::ValidateDictParam expects the image decoder to be the last in the array, causing issues. A check is also added in CPDF_DIBSource::GetScanline to ensure that the calculated pitch value is <= the (4-aligned) pitch value in the cached bitmap to prevent future issues. Also cleans up some NULL usages. BUG=552046 Review URL: https://codereview.chromium.org/1406943005 . (cherry picked from commit 182d129bcee8f7731b9bbfde0064295ad3b37271) R=thestig@chromium.org Review URL: https://codereview.chromium.org/1444503002 .
2015-11-11Merge to M47: Prevent buffer underflow in CPDF_TextObject::CalcPositionDataOliver Chang
TBR=thestig@chromium.org BUG=554115 Review URL: https://codereview.chromium.org/1435473004 . (cherry picked from commit 46d2e278f62454ed2392630b6d18d33d380a20eb) Review URL: https://codereview.chromium.org/1438733004 .
2015-11-11Merge to M47: Make JS app.setTimeOut() work again.Lei Zhang
This regressed in commit 794c9b6. Also fix the build after that commit. BUG=551248 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1424743006 . (cherry picked from commit 8cadf995e9a0fec8da19f69edac9d10fccca7eed) (cherry picked from commit 955930dce7e4b5c764cdd34b134baea4207de523) Review URL: https://codereview.chromium.org/1435553006 .
2015-11-06Merge to M47: Update bundled freetype to 2.6.1Oliver Chang
Also adds a README.pdfium and 0000-include.patch that details the local modifications made. Also rolls testing/corpus to 45f88c6914fcac26ad930bb0ebbfa468c21db0a5 which includes regenerated corpus expectations. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1413673003 . (cherry picked from commit 87ee069d05ca06f60d6cfacd9e426739d8f2053d) Review URL: https://codereview.chromium.org/1414493009 .
2015-11-05Merge to M47: Enforce input and output dimensionalities for CPDF_StitchFunc.Lei Zhang
Also cleans up some places in the relevant functions since we're here. BUG=551460 TBR=ochang@chromium.org Review URL: https://codereview.chromium.org/1421783004 . (cherry picked from commit 4f85605cbc652a17bc833f883186e0a68af6006d) Review URL: https://codereview.chromium.org/1433533003 .
2015-11-02Merge to M47: Rip out the KillFocusAnnot call from CPDFSDK_PageView's destructorLei Zhang
Previously, blur event actions could potentially touch deleted PageViews as CPDFSDK_Document deletes the PageViews one by one. This also fixes a related issue: CPDFSDK_Document::SetFocusAnnot no longer does anything if the document is being destroyed. Otherwise, it eventually tries to use m_pEnv->GetSDKDocument() at which point has already been set to NULL by FPDFDOC_ExitFormFillEnvironment. R=ochang@chromium.org BUG=512445 Review URL: https://codereview.chromium.org/1414353007 . (cherry picked from commit a548b1d3e2444f256bcbf6c2fa2165798e33ba8d) Review URL: https://codereview.chromium.org/1417033009 .
2015-10-20Merge to M47: Remove dead code that was reactivated when fixing overrides.Lei Zhang
BUG=pdfium:205 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1409743004 . (cherry picked from commit 9ddafc82bddb984ae46ee0df801ba20b446d5158) Review URL: https://codereview.chromium.org/1406113005 .
2015-10-17Merge to M47: Loosen checking on the bytes following 'stream'Lei Zhang
PDF specs say that end of line markers shall follow the keyword "stream". But a white space before end of line markers follows this keyword in the test pdf files. BUG=543018 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1401923005 . (cherry picked from commit b5cbfb4cd12b6499912367f9a1e11c666157acb8) Review URL: https://codereview.chromium.org/1410613004 .
2015-10-15Merge to M47: upgrade openjpeg to commit# cf352afLei Zhang
BUG=457480,497355 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1338973005 . (cherry picked from commit c212b684cb028a5d98e57f711c9eed931b853a44) Review URL: https://codereview.chromium.org/1413543002 .
2015-10-13Merge to M47: Sanitize CJBig2_SymbolDict's memory usage.Lei Zhang
- Use std::vector<JBig2ArithCtx> instead of storing pointers to arrays. - Make CJBig2_SymbolDict's members private with accessors. - Use std::vector<JBig2ArithCtx> in related places. - Steal Chromium's vector_as_array() and use it as an adaptor as needed. BUG=514891 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1388203003 . (cherry picked from commit 3acb1ef909a22368507ed13817c4988c818e3aee) Review URL: https://codereview.chromium.org/1399243003 .
2015-10-13Merge to M47: Put CJBig2_SymbolDict's images in a CJBig2_List container.Lei Zhang
Also mark it private. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1395613003 . (cherry picked from commit 8793b4a071fad51a770b93838e0752505b020e43) Review URL: https://codereview.chromium.org/1396013005 .
2015-10-12Merge to M47: Fix a compiling error on MacLei Zhang
BUG=497357 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1395493003 . (cherry picked from commit 3ea79bbba24a1c0918ea42368e746097dab40663) Review URL: https://codereview.chromium.org/1404553002 .
2015-10-12Merge to M47: Fix heap-buffer-overflow in color_sycc_to_rgbLei Zhang
It's a bug existing in the conversion from YUV420 to RGB. For YUV 420 format, four pixels have 4 Y but only one U and one V. In some cases, there are odd columns or lines in some images. The pixels on last line or column may have Y but no U or V data. For this case, We shall extend U or V using the data on previous column or line. BUG=497357 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1342683002 . (cherry picked from commit f1f19f1fff801c9970af627e050becc2f13f82e7) Review URL: https://codereview.chromium.org/1405463002 .
2015-10-08Merge to M47: Relax the check on 0 length streams.Lei Zhang
CPDF_SyntaxParser::ReadStream() originally created stream objects when the length is 0. Commit 2526930 tightened the constraint and returned NULL. This has some adverse affects, as seen in Chromium's print preview of PDFs. Instead, relax the constraint a little so when the length is 0, return a CPDF_Stream with NULL data and size 0. BUG=531835 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1394743002 . (cherry picked from commit 4fa0e27ba39f49ba92fb4c160ab836a6f1dd2893) Review URL: https://codereview.chromium.org/1391183005 .
2015-10-08Merge to M47: Fix regression in JBIG2 decoding from commit ce37d73.Lei Zhang
many callers can tolerate CJBig2_ArithIntDecoder::decode() OOB failure. BUG=539749, pdfium:209 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1384663007 . (cherry picked from commit 35902e725aa6cc83a317c3b6fdd1926b81b8e44b) Review URL: https://codereview.chromium.org/1394953002 .
2015-10-06Merge to M47: Only call DefineJSObjects() once for the global V8 isolate.Lei Zhang
BUG=539106 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1386823002 . (cherry picked from commit 7dfe5929282cb6d78d7b5e32e1d72e9db99d3066) Review URL: https://codereview.chromium.org/1391753002 .
2015-10-06Merge to M47: CJS_Timer should observe CJS_Runtime destruction.Lei Zhang
Also remove dead CJS_EmbedObj::{Begin,End}Timer code. BUG=539107 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1384883002 . (cherry picked from commit 794c9b67d3d519342aa7e15052766f7d4a99f551) Review URL: https://codereview.chromium.org/1385373002 .
2015-10-06Merge to M47: Refcount external V8 isolate initialization / release.Lei Zhang
BUG=531339 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1377463005 . (cherry picked from commit 9b6735445f20ae17b883b5739bf79a7c1f99e139) Review URL: https://codereview.chromium.org/1393643002 .
2015-10-06Merge to M47: Pass v8::Isolate to PDFium at init time.Lei Zhang
Move the external isolate and embedder slot from the IPDF_JSPlatforms struct supplied at the FPDFDOC_InitFormFillEnvironment() call time to arguments to the FPDF_InitLibraryWithConfig() call. This has several benefits: -- Avoids the crash that could happen if multiple FPDFDOC_InitFormFillEnvironmen() calls should happen to be made by an embedder with different slot values. -- Down the road, for XFA, there may be XFA but no FormFill environment. We support both forms for the time being, until the chrome side catches up, at which point we will deprecate the old way. TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1367033002 . (cherry picked from commit 3dedace9623fef6161a8666e53a4ab2b9be61e4c) Review URL: https://codereview.chromium.org/1392723002 .
2015-10-06Merge to M47: Do not call into formfiller code with a NULL PageView.Lei Zhang
BUG=537173 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1376093002 . (cherry picked from commit ac67d4765a8ac36cd00c9fc8b6f2b80a3e1cff72) Review URL: https://codereview.chromium.org/1386273003 .
2015-10-02Get rid of gotos in CPDF_SyntaxParser and FlateUncompress().Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1360103002 .
2015-10-02Prevent divide by zeros in CJBig2_GSIDProc::decode_MMR().Lei Zhang
Check the image size before attempting to decode. BUG=538103 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1377493005 .
2015-10-02Fix a leak in PDF_DataDecode() on failure.Lei Zhang
Found using the test examples from https://crbug.com/537780 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1376413003 .
2015-10-02Turn a couple functions that always return true to return void.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1386463003 .
2015-10-02Fix PNG decoding divide by zero error due to zero row count.Lei Zhang
BUG=537790 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1379243002 .
2015-10-02Correct mistakes in test case for 507316Tom Sepez
Original patch by chamalsl. Trailer size in bug_507316 was wrong. embedder_test.cpp's GetPageTrampoline passed null parameter. It will affect future test cases even if it does not affect this. BUG=507316 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1377403003 .
2015-10-01Fix static initializer in fxjs_v8.cppTom Sepez
R=thestig@chromium.org Review URL: https://codereview.chromium.org/1372103004 .
2015-10-01Disable JBIG2 cache; prevent data corruptionLei Zhang
BUG=pdfium:207 Original author: jbreiden@google.com Original CL: http://codereview.chromium.org/1362133003/ R=jbreiden@google.com Review URL: https://codereview.chromium.org/1382073002 .
2015-10-01Clean up some image decoder classes:Lei Zhang
- Use std::vector<uint8_t> instead of raw uint8_t* - Make ICodec_ScanlineDecoder::GetScanline() return const uint8_t* - Add FxFreeDeleter, use it in CCodec_ImageDataCache. - Make CCodec_ImageDataCache encapsulate its data members. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1361053002 .
2015-10-01Cleanup JBig2_ArithIntDecoder.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1359013003 .
2015-10-01Revert "Leak per-isolate data in pdfium"Raymes Khoury
This reverts commit 3e144b8c23d7c52ed36329e87f0cb01f38ec1ed7. This may be causing the failures seen in crbug.com/537799. BUG=537799 Review URL: https://codereview.chromium.org/1382433003 .
2015-09-30Add signatures to FXJS_V8.Tom Sepez
BUG=chromium:529012 R=jochen@chromium.org, krasin@google.com Review URL: https://codereview.chromium.org/1353193004 .
2015-09-30Leak per-isolate data in pdfiumchromium/2525chromium/2524Raymes Khoury
Right now we're freeing per-isolate data everytime a document is destroyed even though it may be in use by other documents. For now we leak the per-isolate data until crbug.com/531339 is fixed. BUG=531339 R=jochen@chromium.org Review URL: https://codereview.chromium.org/1372353002 . Patch from Raymes Khoury <raymes@chromium.org>.
2015-09-29Cleanup CJBig2_ArithDecoder.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1368153003 .
2015-09-29Roll DEPS for v8 to d7f813b.Lei Zhang
TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1380663003 .
2015-09-29Refactor some common code for bounding boxes.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1373333002 .
2015-09-29Fix blank page issue caused by too strict correction on bpcchromium/2523Jun Fang
For bit per component (bpc), PDF spec mentions that a RunLengthDecode or DCTDecode filter shall always deliver 8-bit samples. However, some PDF files don't follow this rule. We can find that filter is RunLengthDecode but bpc is 1 in the provided test file. In this case, pdfium will correct bpc to 8 but the actual bpc is 1. It causes a failure because the data is much more than the expected. To handle this case, pdfium doesn't correct bpc to 8 when the original bpc is 1. BUG=512557 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1328213002 .
2015-09-28Cleanup some fx_codec_fax.cpp code.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1367633005 .
2015-09-28Fix test diff caused by v8 version updateTom Sepez
Also changes DEPS to specify a specific v8 version, this will require us to manually update this version from time to time, but also solves a longstanding problem where going back to an older version (say for bisecting) wouldn't always work. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1372963003 .
2015-09-28Introduce kPerIsolateDataIndex and tidy JS_Define.hTom Sepez
Follow-up from https://codereview.chromium.org/1366053003/ - use kPerIsolateDataIndex rather than magic constant 1. - make a helper function for common code in JS_Define.h - remove dead prototypes missed in earlier CL. - fxjs_v8 can't include generic fpdfsdk includes (layering). R=jochen@chromium.org Review URL: https://codereview.chromium.org/1367813003 .
2015-09-25Add Mac-specific pixel test expectations.chromium/2522chromium/2521Lei Zhang
The font is slightly different from Linux/Windows. BUG=524043 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1366363002 .
2015-09-25Revert "Revert "Fix the issue that pdfium swallows 'fi' or 'ff' in some pdf ↵Jun Fang
files"" This reverts commit fa9756f77ad6145940d3dc697814b84f5755ae17. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1307353005/
2015-09-25Revert "Fix the issue that pdfium swallows 'fi' or 'ff' in some pdf files"Jun Fang
This reverts commit 9bd18183ba8210c91d71c3060146235750a4c71c.
2015-09-25Fix the issue that pdfium swallows 'fi' or 'ff' in some pdf filesJun Fang
Pdfium swallows 'fi' or 'ff' in some tested files because it doesn't load the embedded font file correctly. The root cause is that there is incorrect keyword like 'ngendstream' in the stream of the embedded font file. Pdfium tries to find another correct keyword but uses wrong offset rather than accumulated offset. BUG=524043 R=thestig@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1307353005 .
2015-09-25Revert "Revert "Merge to master: contention over isolate data slots""Tom Sepez
This reverts commit 3b4382a847b5a7439a3107512dbe54c317108579. The difference between this CL and the one that failed is fxjs_v8.cpp:271. In master, we pass the runtime information as: v8::isolate -> v8::Context -> FXJS Runtime, but in XFA: V8::Isolate -> PerIsolate struct -> FXJS Runtime. The master way is more correct, in that FXJS_Runtime is 1:1 with v8 contexts and many:1 (in theory) with isolates. It looks like the XFA branch missed a patch along the way. I'll do that next. Having made this change, the only data in the per-isolate struct will be the ptr array (on master); it will also include the XFA context (on XFA). I've kept the struct on master for the sake of similarity. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1365733003 .
2015-09-24Fix a leak in CJBig2_Context.chromium/2520Lei Zhang
- Remove dead code - Use unique_ptr BUG=pdfium:202 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1365903002 .
2015-09-24Split up JBig2_GeneralDecoder.cpp.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1359233002 .
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 09:46:55 +0000