Age | Commit message (Collapse) | Author |
|
Now considering anything not representable by a 32-bit signed int
as OOB rather than decoding some arbitrary overflowed value.
Bug: chromium:761666
Change-Id: I00f5a3abadca51f9bedc5e5d78f7f184040c2f33
Reviewed-on: https://pdfium-review.googlesource.com/14010
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
|
|
This CL removes the fx_basic.h header and fixes up includes as needed.
Change-Id: I49af32a8327bdbcda40c50a61ffbd75d06609040
Reviewed-on: https://pdfium-review.googlesource.com/12670
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: Ic54e0491d9b33a06b5f85963f8127bfa4263f4d6
Reviewed-on: https://pdfium-review.googlesource.com/12450
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL moves IFX_Pause out to its own class from fx_basic and updates
includes as needed.
Change-Id: Iebdd183d8c85aa17570f190f1a7d1602c0af3c8b
Reviewed-on: https://pdfium-review.googlesource.com/12491
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Bug: chromium:755532
Change-Id: Ib04426fab52d0ca1d2544a21fd2ce4faaa57123f
Reviewed-on: https://pdfium-review.googlesource.com/12430
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Refactor identical code used in decode_Template0_unopt() into their own
methods.
Change-Id: I37348a280ecc66d91fdcd3c9aabe49d2a8065417
Reviewed-on: https://pdfium-review.googlesource.com/11950
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
BUG=chromium:749610.
Change-Id: I4de7855aec552e6c143e7a8be6b90e44945a0fcb
Reviewed-on: https://pdfium-review.googlesource.com/11930
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL creates CJBig2_HTRDProc::decode_image to reduce duplicated code
in the class.
Change-Id: Ie348179c96ff534f95cba401c4b9bd46e1c4e6ac
Reviewed-on: https://pdfium-review.googlesource.com/8410
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL removes the JBig2_GsidProc since it is only used as a single
instance in each of the methods in CJBig2_HTRDProc, so it is completely
unnecessary.
Change-Id: I69d0a4a059b9eb6ebcbbb79b92ea1cd6c22cb1cb
Reviewed-on: https://pdfium-review.googlesource.com/7930
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL removes duplicate huffman_assign_code()s and changes some
return values and members to std::vector.
Change-Id: I47a1e0e2e88ff54ec799c97e92ec9ff5ca87c6c7
Reviewed-on: https://pdfium-review.googlesource.com/7910
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I874c537454bda024224a01c905b7ba01a90a6970
Reviewed-on: https://pdfium-review.googlesource.com/7732
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL makes HDPATS in CJBig2_PatternDict be a vector of unique_ptr.
Change-Id: Ib23aed6323d4a988b2eedc4bfe95f2098d32c188
Reviewed-on: https://pdfium-review.googlesource.com/7871
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL makes CJBig2_Segment own the results: symbol, pattern, huffman,
and huffman. This causes a lot more unique_ptr usage in JBig2 code.
Change-Id: I1f0a5bfaaf85053658b467bef5325c72d1f496c7
Reviewed-on: https://pdfium-review.googlesource.com/7690
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Avoids the possibility of having a stale pointer in the context.
Bug: 726653
Change-Id: I8b41d2ab04e7ab07e694431b53491b3d0861e4ee
Reviewed-on: https://pdfium-review.googlesource.com/6074
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Avoid holding a stale pointer to it in CJBig2_GRDProc.
Bug: 726732
Change-Id: Ia3797a3e087f61bd2126f867fd5a282e873de5bc
Reviewed-on: https://pdfium-review.googlesource.com/6050
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3
Reviewed-on: https://pdfium-review.googlesource.com/5970
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Sed + minimal conversions to compile, including moving some
constructors into the .cpp file. Any that caused ASAN issues
during the tests were omitted rather than trying to resolve
the underlying issue.
Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335
Reviewed-on: https://pdfium-review.googlesource.com/5891
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Remove IFX_Pause parameters which are passed but not used.
Change-Id: I51a491c7f9a429676d114a387390fac3ae65e187
Reviewed-on: https://pdfium-review.googlesource.com/4950
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The IFX_Pause param is stored but never used. Remove.
Change-Id: I9e5298fc05c6d408873b7bee307a76dcf3d2d4da
Reviewed-on: https://pdfium-review.googlesource.com/4931
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
It's possible for the nVal to become negative as it is shifted. This Cl
changes nVal to be a checked_numeric and bails out if the shift is invalid.
Bug: chromium:708504
Change-Id: Ia2ebbc828ece7f7d443432542784b39defe6a897
Reviewed-on: https://pdfium-review.googlesource.com/4010
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
It's possible for the RANGELEN[NTEMP] value to be larger then 32. This
will make the shift invalid if the 1 is an int. This CL changes to 1L
and uses the CheckedNumeric to validate that the result is inside the
needed range for an int.
Bug: chromium:708439
Change-Id: I1f0359985c2d7769367bd0edcf5e081f5bb58816
Reviewed-on: https://pdfium-review.googlesource.com/3991
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Depending on the code table, it's possible to have the largest PREFLEN
value in the huffman table to be > 32. This will, potentially, cause the
calcuation of ((FIRSTCODE[i - 1] + LENCOUNT[i - 1]) << 1 to overflow the
int value and cause a negative shift.
This Cl checks the shift value and failes the initialization if we would
shift a negative value.
Bug: chromium:709781
Change-Id: Ia165a01ba9412e31c5e5a43717d415fcb42eafe5
Reviewed-on: https://pdfium-review.googlesource.com/3990
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Combine some common CCodec_Jbig2Module code.
Change-Id: I9a046314bc0e9dddc9a8c1a06b37764e9f3cc4b6
Reviewed-on: https://pdfium-review.googlesource.com/3713
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Pass stream argument to constructor; it feels like a
stream accessor should always be made from a stream rather
than passing one in after the fact.
Change-Id: Iaa46cb37677b81f0170f5d39bab76ad38ea4af44
Reviewed-on: https://pdfium-review.googlesource.com/3620
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This Cl drops the FXSYS_ from mem methods which are the same on all
platforms.
Bug: pdfium:694
Change-Id: I9d5ae905997dbaaec5aa0b2ae4c07358ed9c6236
Reviewed-on: https://pdfium-review.googlesource.com/3613
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL replaces some new's with pdfium::MakeUnique.
Change-Id: I50faf3ed55e7730b094c14a7989a9dd51cf33cbb
Reviewed-on: https://pdfium-review.googlesource.com/3430
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
- Used unique_ptr and vector to avoid FX_Free usage.
- Removed goto's.
Bug: chromium:655535
Change-Id: Iec17b9fd2432551bc41606f93837617d82085bf2
Reviewed-on: https://pdfium-review.googlesource.com/3290
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Bug: chromium:655535
Change-Id: I114a9447a9af107e6056e6056e7514ba789e282b
Reviewed-on: https://pdfium-review.googlesource.com/3294
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Currently when the BitStream runs out of bits it pretends that it
still has content and will continue to return the last byte over and
over again. This Cl updates the jbig decoder to detect that the bit
stream is complete and returns a decode error.
Bug: chromium:665056
Change-Id: I61ca75713e677a2c280e80374b8dcfd48bee67d8
Reviewed-on: https://pdfium-review.googlesource.com/3244
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Add test for reading past end of buffer and successful read of bits.
Bug: chromium:672176
Change-Id: Ibe2d818185cdb2260011d3fc8cad94ebb16984b7
Reviewed-on: https://pdfium-review.googlesource.com/3233
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl converts some new calls into pdfium::MakeUnique calls.
Change-Id: Ifa4a67e305ffa75e2be560447ece21ccfa70bf3f
Reviewed-on: https://pdfium-review.googlesource.com/3232
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The methods to read n bits from the huffman stream are not correctly
checking that the bits are available. This means, we'll end up reading
0 bits due to the checks below and pretend like the read worked.
This Cl adds the check that we are not at the end of the bit buffer
before attempting the bit read.
Bug: chromium:672176
Change-Id: I206f2d54da31c344cf649ca024644d1cce762fe7
Reviewed-on: https://pdfium-review.googlesource.com/3231
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL updates the Huffman decoder in the JBig2 codex to check the low field
does not overflow.
BUG=chromium:675236
Change-Id: I7f5f6fe8329df4ece6f317fac521fe2373686479
Reviewed-on: https://pdfium-review.googlesource.com/2131
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2578663002
|
|
Be suspicious of |new|. This removes some of the
easy cases.
Review-Url: https://codereview.chromium.org/2571913002
|
|
While decoding among instances, variable "FIRSTS" should hold its
value, not be reset. This was accidently changed by earlier
refactoring.
BUG=chromium:625848,pdfium:636
Review-Url: https://codereview.chromium.org/2569023002
|
|
None of the decodes in the method are currently being checked. This is
causing pdfium to take a long time rendering corrupted files. Thus, I
added a couple of early returns to help prevent this from happening.
BUG=450971
Review-Url: https://codereview.chromium.org/2493633002
|
|
Review-Url: https://codereview.chromium.org/2477443002
|
|
Review-Url: https://codereview.chromium.org/2450393004
|
|
Review-Url: https://codereview.chromium.org/2457943002
|
|
Review-Url: https://codereview.chromium.org/2461543002
|
|
Replace most of these with ints since the are used in integer
operations. If it walks like a duck, and quacks like a duck
... despite what the hungarian notation might say.
Review-Url: https://codereview.chromium.org/2455523005
|
|
Currently the JBig2 decoder can leak subimages in the case where we mark
more items in EXFLAGS then we have SDNUMEXSYMS. This Cl checks for this
condition and fails the decode if it happens.
BUG=chromium:654365
Review-Url: https://codereview.chromium.org/2419553002
|
|
BUG=chromium:653044
Review-Url: https://codereview.chromium.org/2397783002
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2392603004
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2382723003
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2381063002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2383543002
|
|
If the width of the CJBig2_Image is set to 0 then the stride_pixels will be
zero and when we divide we'll get a floating point exception.
If the width or height are zero then we can exit early without proceeding with
the rest of the constructor.
BUG=chromium:635008
Review-Url: https://codereview.chromium.org/2222843004
|
|
Also make these private to ensure they aren't modified so as to
violate the bounds checks applied at creation time.
BUG=633002
Review-Url: https://codereview.chromium.org/2202013002
|