Age | Commit message (Collapse) | Author |
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2383543002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2379033002
|
|
BUG=pdfium:597
Review-Url: https://codereview.chromium.org/2345063002
|
|
We remove the indirect object holder argument and check that
call sites pass ownable objects, adding a reference in one
place that always was passing an indirect object.
Also check that the invariant isn't violated, we need to fail
here in the wild and investigate -- these are existing UAFs.
Review-Url: https://codereview.chromium.org/2355083002
|
|
Upon indirect object holder destruction, all indirect
objects are destroyed -- currently by order of increasing
object number -- but ideally without ordering constraints.
So currently, we can get away with a dictionary pointing
directly at an indirect object with a higher number. It
gets destroyed first, invoking Release() on its subordinates,
which skips destroying them if they are indirect objects. But
we don't want to rely on this artifact of destruction
order. Should it happen to be reversed, the dictionary
would invoke Release() on freed memory.
Interestingly, CPDF_Array skirts the issue by replacing
any indirect objects it is given with references. Not
clear whether we should do the same thing for dictionaries,
or remove it from arrays. The technique certainly
complicates understanding ownership.
The one violation found is in the unittest that broke the
previous CL which tried to use unique_ptrs in indirect
object holder.
Review-Url: https://codereview.chromium.org/2353093002
|
|
This Cl makes the Get and Set methods consistenly use {G|S}et<Type>For.
BUG=pdfium:596
Review-Url: https://codereview.chromium.org/2334323005
|
|
BUG=597440
Review-Url: https://codereview.chromium.org/2273293003
|
|
For some complex objects such as CPDF_Dictionary, CPDF_Array,
CPDF_Stream, and CPDF_Reference, Clone() could be executed with
infinite recursion to cause the stack overflow. Fix this by
checking already cloned objects to avoid recursion.
BUG=pdfium:513
Review-Url: https://codereview.chromium.org/2250533002
|
|
The definitions of CPDF_Dictionary::SetAtReference and
CPDF_Dictionary::AddReference are identical, and AddReference is only used
once. So remove CPDF_Dictionary::AddReference method and use
CPDF_Dictionary::SetAtReference instead.
Review-Url: https://codereview.chromium.org/2161453002
|
|
Review-Url: https://codereview.chromium.org/1999313002
|
|
This will help avoid duplicate allocation of CFX_ByteStrings
when the caller already has one. It may seem counter-intuitive
that requiring the caller to pass an allocated CFX_ByteString
rather than a static CFX_ByteStringC would improve the situation,
but due to the idiosyncrasies of std::map, the CPDF_Dictionary
methods must always do an allocation under the covers which
can't be avoided.
The changed callers in this CL are places where we would
previously demote to CFX_ByteStringC and then allocate a
a duplicate CFX_ByteString in the dictionary method.
Review URL: https://codereview.chromium.org/1889863002
|
|
GetConstString() has sharp edges in that when applied to
a CPDF_Number, it must return null whereas GetString() returns
a the stringified number, because of the inability to
control the lifetime of the underlying allocated string.
Deleting this method showed several places where we
actually wanted a *String, not a *StringC, so we were
re-allocating a string we already had.
Review URL: https://codereview.chromium.org/1879683002
|
|
Every time I read this code, I have to make the mental substituion
that "Element value" means "de-ref indirect object", so it might
as well just say so.
BUG=
Review URL: https://codereview.chromium.org/1841173002
|
|
Review URL: https://codereview.chromium.org/1832173003
|
|
This Cl moves a bunch of the files from core/include/fpdfapi to their correct
location outside the core/include tree.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1805603002 .
|
|
This CL moves the core/src/ files up to core/ and fixes up the include guards,
includes and build files.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1800523005 .
|