summaryrefslogtreecommitdiff
path: root/core/fpdfapi
AgeCommit message (Collapse)Author
2016-10-04Use FX_SAFE_UINT32 on CPDF_ToUnicodeMap::Loadnpm
m_Map maps to unsigned integer, but m_MultiCharBuf.GetLength() returns an integer. There will be integer overflow if the length is big, and UBSAN will complain. Thus, using FX_SAFE_UINT32. Replacing with uint32 would work as well: the point is to consider the length as uint instead of int. BUG=chromium:652232 Review-Url: https://codereview.chromium.org/2393573002
2016-10-03Revert of Assert that only 0-numbered objects are Released() (patchset #7 ↵thestig
id:120001 of https://codereview.chromium.org/2375343004/ ) Reason for revert: Broke PDFExtensionTest when rolling DEPS in Chromium. Original issue's description: > Assert that only 0-numbered objects are Released() > > This condition holds because numbered objects are brute-force > deleted by the indirect object holder, rather than being > released. > > Be careful about recursive deletion, check before advancing, > since we no longer count on Release() doing this for us. > Fix a few tests where the test was violating ownership rules. > > This should be the last step before completely removing Release() > in favor of direct delete everywhere. > > Committed: https://pdfium.googlesource.com/pdfium/+/aba528a362248a54b27a7e9e046e2b65ab83f624 TBR=tsepez@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2387193003
2016-10-03Assert that only 0-numbered objects are Released()tsepez
This condition holds because numbered objects are brute-force deleted by the indirect object holder, rather than being released. Be careful about recursive deletion, check before advancing, since we no longer count on Release() doing this for us. Fix a few tests where the test was violating ownership rules. This should be the last step before completely removing Release() in favor of direct delete everywhere. Review-Url: https://codereview.chromium.org/2375343004
2016-10-03Add ptr_util.h from base until std::make_unique<> availabletsepez
Review-Url: https://codereview.chromium.org/2386273004
2016-10-03Rename CFX_WeakPtr::Clear() to DestroyObject()tsepez
|Clear| is too easily mistaken for "clear this pointer only." Review-Url: https://codereview.chromium.org/2385303002
2016-10-03Detect resursive loading of type3 font char to avoid infinite loopweili
The original way of detecting loops was passing a level parameter through various functions. This missed some cases which also lead to load type3 font char, for example, FindFont() may call CheckType3FontMetrics() which may eventually lead to LoadChar(). The new way is to store the char loading depth, and abort when the depth exceeds the max. BUG=chromium:651304 Review-Url: https://codereview.chromium.org/2384853002
2016-09-30Move CPDF_Reference::SafeGetDirect() out of the header.chromium/2879chromium/2878thestig
Review-Url: https://codereview.chromium.org/2386433002
2016-09-30Fix build of pdf_hint_table_fuzzer.chromium/2877tsepez
Restore CPDF_Dictionary default constructor. Use it in places where reasonable in the code. TBR=dsinclair@chromium.org TBR=thestig@chromium.org Review-Url: https://codereview.chromium.org/2383843002
2016-09-29Move core/fxge/include to core/fxgedsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2377393002
2016-09-29Move core/fxcrt/include to core/fxcrtdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2382723003
2016-09-29Move core/fxcodec/codec/include and core/fxcodec/include files updsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2381063002
2016-09-29Move core/fpdfdoc/include to core/fpdfdocdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2374383003
2016-09-29Move core/fpdfapi/include to core/fpdfapidsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2376153004
2016-09-29Move core/fpdfapi/fpdf_render/include to core/fpdfapi/fpdf_renderdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2382763002
2016-09-29Move core/fpdfapi/fpdf_parser/include to core/fpdfapi/fpdf_parserdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2383543002
2016-09-29Move core/fpdfapi/fpdf_page/include to core/fpdfapi/fpdf_pagedsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2379033002
2016-09-29Move core/fpdfapi/fpdf_font/include to core/fpdfapi/fpdf_fontdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2375283003
2016-09-29Move core/fpdfapi/fpdf_edit/include to core/fpdfapi/fpdf_editdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2381863003
2016-09-29Move core/fdrm/crypto/include to core/fdrm/cryptodsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2374413002
2016-09-29Remove FX_BOOL from font_int.hnpm
It is not necessary. For some methods, bool can be used instead. For some other methods, the returned boolean is never used, so they can be void. Review-Url: https://codereview.chromium.org/2382803002
2016-09-29Remove unused CFX_AutoFontCachethestig
All usage were refactored in commit 9972ff99. Review-Url: https://codereview.chromium.org/2377203002
2016-09-28Replace a few more std::unique_ptr.reset() with WrapUnique assignments.thestig
And fix a typo. TBR=tsepez@chromium.org Review-Url: https://codereview.chromium.org/2382443004
2016-09-28Use string pools in some dictionaries, names, and strings.tsepez
BUG=pdfium:597 Review-Url: https://codereview.chromium.org/2345063002
2016-09-28Revert "Rename CPDF_CountedObject to CFX_WeakPtr::Handle"tsepez
This reverts commit fe0179ded8202939ea4f2b92a879b8dede7821ea. This is blocking incremental revision, will try again. Review-Url: https://codereview.chromium.org/2377033003
2016-09-27Remove unused cpdf_generalstatedata.htsepez
File was left behind when CPDF_GeneralStateData became CPDF_GeneralState::StateData internal class. Review-Url: https://codereview.chromium.org/2377843002
2016-09-26Clean up fx_codec_fax.cpp.thestig
Review-Url: https://codereview.chromium.org/2357173005
2016-09-26Fix memory leak in cmap parsingkcwu
found by libfuzzer Review-Url: https://codereview.chromium.org/2366143002
2016-09-23Remove FX_BOOL from cpdf_fontchromium/2872chromium/2871chromium/2870npm
In all cases, bool can be used instead without problems. Review-Url: https://codereview.chromium.org/2368693002
2016-09-23Clean CPDF_CIDFont a littlenpm
Remove C-casts, nits. Review-Url: https://codereview.chromium.org/2367743003
2016-09-23Avoid collisions in CPDF_IndirectObjectHolder::AddIndirectObject()tsepez
The change at 5b7c9bb differed from the original code in that a pre-existing object would now be freed, which showed that a collision could be possible if m_LastObjNum overflowed. BUG=649206 Review-Url: https://codereview.chromium.org/2361303002
2016-09-23Bail out on bad width and height in CCodec_FaxDecoder::CreateDecoderkcwu
BUG=648935,649436 Review-Url: https://codereview.chromium.org/2360283004
2016-09-23Make CPDF_Font::Create() return a std::unique_ptr.tsepez
Review-Url: https://codereview.chromium.org/2364643003
2016-09-22Make CPDF_ColorSpace::Load() return a unique_ptrtsepez
Specialize default_delete to avoid having to say ReleaseDeleter<CPDF_ColorSpace> throughout the code. Review-Url: https://codereview.chromium.org/2368433003
2016-09-22Rename CPDF_CountedObject to CFX_WeakPtr::Handlechromium/2869tsepez
This better describes its purpose, and reduces confusion with the CFX_CountRef class, which is unrelated. The WeakPtr class itself that manipulates handles is NYI. Review-Url: https://codereview.chromium.org/2366673003
2016-09-22Null CPDF_CountedObj::m_pObj prior to deletiontsepez
This gives additional protection in case of re-entry. Also make CFX_CountRef more robust in face of errors. BUG=649229 Review-Url: https://codereview.chromium.org/2364673002
2016-09-21Remove some objnum locals with AddIndirectObjecttsepez
Also, it's idempotent, so simplify some logic in callers to not care if objnum is zero. The alternate forms are rarely used, using the objnum form makes it clear that SetReferenceFor() can't possibly register the object as a side-effect. Review-Url: https://codereview.chromium.org/2361713002
2016-09-21Use unique_ptr<CPDF_Object, ReleaseDeleter<>> in more placeschromium/2868tsepez
Review-Url: https://codereview.chromium.org/2358243002
2016-09-21Make ownership explicit in CPDF_ContentMarkItem.tsepez
The old SetParam() method had "maybe take ownership" semanitcs based upon the type argument. Make GetParam() handle the None case and simplify callers based upon that behaviour. Review-Url: https://codereview.chromium.org/2358043003
2016-09-21Check for overflow in CMap_GetCode.dsinclair
Given a large enough value for the character code it's possible to overflow the conversion to an int. This Cl updates the code to guard against overflow. BUG=chromium:648739 Review-Url: https://codereview.chromium.org/2358023002
2016-09-21Delete unused methods in CPDF_Parsernpm
Review-Url: https://codereview.chromium.org/2353383002
2016-09-20Change protected to private in CPDF_CID2UnicodeMap and CPDF_ToUnicodeMapchromium/2867npm
Review-Url: https://codereview.chromium.org/2356603003
2016-09-20Delete unused methods and variables in CPDF_CMapManagernpm
and in CPDF_CMapParser Review-Url: https://codereview.chromium.org/2353963003
2016-09-20Make CPDF_Array not do indirect object creation.tsepez
We remove the indirect object holder argument and check that call sites pass ownable objects, adding a reference in one place that always was passing an indirect object. Also check that the invariant isn't violated, we need to fail here in the wild and investigate -- these are existing UAFs. Review-Url: https://codereview.chromium.org/2355083002
2016-09-20CPDF_Document friend cleanupdsinclair
Remove CPDF_Creator and CPDF_Parser as friends of CPDF_Document. Move all member variables to the private section, and add CPDF_TestDocument as a private friend. Review-Url: https://codereview.chromium.org/2349353003
2016-09-20CPDF_OCContext and CPDF_Document are no longer friendsdsinclair
Remove friendship as there doesn't appear to be anything protected that is being accessed by CPDF_OCContext. Review-Url: https://codereview.chromium.org/2355823002
2016-09-20CPDF_Document and CPDF_DataAvail are no longer friendsdsinclair
Remove the friendship between these two classes and replace with accessor methods. Review-Url: https://codereview.chromium.org/2355813002
2016-09-20Cleanup CPDFXFA and CPDF document methodsdsinclair
This CL renames and cleans up some methods that are similar between CPDF_Document and CPDFXFA_Document. Review-Url: https://codereview.chromium.org/2351673004
2016-09-20Re-land "Make CPDF_IndirectObjectHolder use unique_ptr to objects""tsepez
This reverts commit 81e1e3fd2d33478733e47bd007b76fac1a663e74. Review-Url: https://codereview.chromium.org/2353013003
2016-09-20Fix memory leaking on ClosePage.art-snake
BUG=79367, 48791 The fonts was not cleared after unloading pages. Test pdf: http://www.nasa.gov/pdf/750614main_NASA_FY_2014_Budget_Estimates-508.pdf For this file, we have ~5 fonts per page, which equal ~1 Mb per page. In this PDF we have 670 pages, as result after slow scrolling(reading) full document we have ~600 Mb fonts data in memory. Memory usage of PDF Plugin: before this CL: ~660 Mb after this CL: ~100 Mb This is last part of reverted CL: Original CL: https://codereview.chromium.org/2158023002 Revert reason: BUG=647612 Fix bug CL: https://codereview.chromium.org/2350193003 Previous CL: https://codereview.chromium.org/2350243002 Review-Url: https://codereview.chromium.org/2351193002
2016-09-20Assert that dictionary can own the objects it is given.tsepez
Upon indirect object holder destruction, all indirect objects are destroyed -- currently by order of increasing object number -- but ideally without ordering constraints. So currently, we can get away with a dictionary pointing directly at an indirect object with a higher number. It gets destroyed first, invoking Release() on its subordinates, which skips destroying them if they are indirect objects. But we don't want to rely on this artifact of destruction order. Should it happen to be reversed, the dictionary would invoke Release() on freed memory. Interestingly, CPDF_Array skirts the issue by replacing any indirect objects it is given with references. Not clear whether we should do the same thing for dictionaries, or remove it from arrays. The technique certainly complicates understanding ownership. The one violation found is in the unittest that broke the previous CL which tried to use unique_ptrs in indirect object holder. Review-Url: https://codereview.chromium.org/2353093002