summaryrefslogtreecommitdiff
path: root/core/fxcodec/jbig2
AgeCommit message (Collapse)Author
2017-09-14Fix decoding of JBIG2 integers for values with large magnitude.Henrique Nakashima
Now considering anything not representable by a 32-bit signed int as OOB rather than decoding some arbitrary overflowed value. Bug: chromium:761666 Change-Id: I00f5a3abadca51f9bedc5e5d78f7f184040c2f33 Reviewed-on: https://pdfium-review.googlesource.com/14010 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2017-08-31Remove fx_basic.hDan Sinclair
This CL removes the fx_basic.h header and fixes up includes as needed. Change-Id: I49af32a8327bdbcda40c50a61ffbd75d06609040 Reviewed-on: https://pdfium-review.googlesource.com/12670 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-31Use vector instead of pointer in CJBig2_SegmentNicolas Pena
Change-Id: Ic54e0491d9b33a06b5f85963f8127bfa4263f4d6 Reviewed-on: https://pdfium-review.googlesource.com/12450 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-31Split IFX_Pause out of fx_basicDan Sinclair
This CL moves IFX_Pause out to its own class from fx_basic and updates includes as needed. Change-Id: Iebdd183d8c85aa17570f190f1a7d1602c0af3c8b Reviewed-on: https://pdfium-review.googlesource.com/12491 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-30Fix undefined shift in CJBig2_Context::decodeSymbolIDHuffmanTableNicolas Pena
Bug: chromium:755532 Change-Id: Ib04426fab52d0ca1d2544a21fd2ce4faaa57123f Reviewed-on: https://pdfium-review.googlesource.com/12430 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-28Add helper methods in CJBig2_GRRDProc.Lei Zhang
Refactor identical code used in decode_Template0_unopt() into their own methods. Change-Id: I37348a280ecc66d91fdcd3c9aabe49d2a8065417 Reviewed-on: https://pdfium-review.googlesource.com/11950 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-28Skip decoding of excessively large JBIG2 images.Lei Zhang
BUG=chromium:749610. Change-Id: I4de7855aec552e6c143e7a8be6b90e44945a0fcb Reviewed-on: https://pdfium-review.googlesource.com/11930 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-20Create helper method in CJBig2_HTRDProcNicolas Pena
This CL creates CJBig2_HTRDProc::decode_image to reduce duplicated code in the class. Change-Id: Ie348179c96ff534f95cba401c4b9bd46e1c4e6ac Reviewed-on: https://pdfium-review.googlesource.com/8410 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-19Remove JBig2_GsidProc classNicolas Pena
This CL removes the JBig2_GsidProc since it is only used as a single instance in each of the methods in CJBig2_HTRDProc, so it is completely unnecessary. Change-Id: I69d0a4a059b9eb6ebcbbb79b92ea1cd6c22cb1cb Reviewed-on: https://pdfium-review.googlesource.com/7930 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-07-17Simplify CJBig2_Context::huffman_assign_codeNicolas Pena
This CL removes duplicate huffman_assign_code()s and changes some return values and members to std::vector. Change-Id: I47a1e0e2e88ff54ec799c97e92ec9ff5ca87c6c7 Reviewed-on: https://pdfium-review.googlesource.com/7910 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-14Use CFX_MaybeOwned in CJBig2_TRDProcNicolas Pena
Change-Id: I874c537454bda024224a01c905b7ba01a90a6970 Reviewed-on: https://pdfium-review.googlesource.com/7732 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-14More unique_ptrs in JBIG2 code part 2Nicolas Pena
This CL makes HDPATS in CJBig2_PatternDict be a vector of unique_ptr. Change-Id: Ib23aed6323d4a988b2eedc4bfe95f2098d32c188 Reviewed-on: https://pdfium-review.googlesource.com/7871 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-13More unique_ptrs in JBig2 codeNicolas Pena
This CL makes CJBig2_Segment own the results: symbol, pattern, huffman, and huffman. This causes a lot more unique_ptr usage in JBig2 code. Change-Id: I1f0a5bfaaf85053658b467bef5325c72d1f496c7 Reviewed-on: https://pdfium-review.googlesource.com/7690 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-26IFX_Pause is passed to CJBig2_Context, no need to store.chromium/3113Tom Sepez
Avoids the possibility of having a stale pointer in the context. Bug: 726653 Change-Id: I8b41d2ab04e7ab07e694431b53491b3d0861e4ee Reviewed-on: https://pdfium-review.googlesource.com/6074 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-26Pass CJBig2_ArithDecoder to CJBig2_GRDProc as needed.Tom Sepez
Avoid holding a stale pointer to it in CJBig2_GRDProc. Bug: 726732 Change-Id: Ia3797a3e087f61bd2126f867fd5a282e873de5bc Reviewed-on: https://pdfium-review.googlesource.com/6050 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-25Mass conversion of remaining class members (non-xfa)Tom Sepez
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3 Reviewed-on: https://pdfium-review.googlesource.com/5970 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Mass conversion of all const-lifetime class membersTom Sepez
Sed + minimal conversions to compile, including moving some constructors into the .cpp file. Any that caused ASAN issues during the tests were omitted rather than trying to resolve the underlying issue. Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335 Reviewed-on: https://pdfium-review.googlesource.com/5891 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-05More unused IFX_Pause parameters removedchromium/3091Dan Sinclair
Remove IFX_Pause parameters which are passed but not used. Change-Id: I51a491c7f9a429676d114a387390fac3ae65e187 Reviewed-on: https://pdfium-review.googlesource.com/4950 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-04Remove unused IFX_Pause memberDan Sinclair
The IFX_Pause param is stored but never used. Remove. Change-Id: I9e5298fc05c6d408873b7bee307a76dcf3d2d4da Reviewed-on: https://pdfium-review.googlesource.com/4931 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-10Guard against negative shift in nVal calculationDan Sinclair
It's possible for the nVal to become negative as it is shifted. This Cl changes nVal to be a checked_numeric and bails out if the shift is invalid. Bug: chromium:708504 Change-Id: Ia2ebbc828ece7f7d443432542784b39defe6a897 Reviewed-on: https://pdfium-review.googlesource.com/4010 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-10Use checked_numeric to guard shiftDan Sinclair
It's possible for the RANGELEN[NTEMP] value to be larger then 32. This will make the shift invalid if the 1 is an int. This CL changes to 1L and uses the CheckedNumeric to validate that the result is inside the needed range for an int. Bug: chromium:708439 Change-Id: I1f0359985c2d7769367bd0edcf5e081f5bb58816 Reviewed-on: https://pdfium-review.googlesource.com/3991 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-10Guard against negative shift in jbig2 huffman initializationDan Sinclair
Depending on the code table, it's possible to have the largest PREFLEN value in the huffman table to be > 32. This will, potentially, cause the calcuation of ((FIRSTCODE[i - 1] + LENCOUNT[i - 1]) << 1 to overflow the int value and cause a negative shift. This Cl checks the shift value and failes the initialization if we would shift a negative value. Bug: chromium:709781 Change-Id: Ia165a01ba9412e31c5e5a43717d415fcb42eafe5 Reviewed-on: https://pdfium-review.googlesource.com/3990 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-04Remove a couple checks for MakeUnique failures.Lei Zhang
Combine some common CCodec_Jbig2Module code. Change-Id: I9a046314bc0e9dddc9a8c1a06b37764e9f3cc4b6 Reviewed-on: https://pdfium-review.googlesource.com/3713 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-04RefCount CPDF_StreamAcc all the time.Tom Sepez
Pass stream argument to constructor; it feels like a stream accessor should always be made from a stream rather than passing one in after the fact. Change-Id: Iaa46cb37677b81f0170f5d39bab76ad38ea4af44 Reviewed-on: https://pdfium-review.googlesource.com/3620 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-04-03Drop FXSYS_ from mem methodsDan Sinclair
This Cl drops the FXSYS_ from mem methods which are the same on all platforms. Bug: pdfium:694 Change-Id: I9d5ae905997dbaaec5aa0b2ae4c07358ed9c6236 Reviewed-on: https://pdfium-review.googlesource.com/3613 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-03-30Add some calls to MakeUniqueDan Sinclair
This CL replaces some new's with pdfium::MakeUnique. Change-Id: I50faf3ed55e7730b094c14a7989a9dd51cf33cbb Reviewed-on: https://pdfium-review.googlesource.com/3430 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-03-30Use more unique_ptr and std::vector in JBig2_SddProcNicolas Pena
- Used unique_ptr and vector to avoid FX_Free usage. - Removed goto's. Bug: chromium:655535 Change-Id: Iec17b9fd2432551bc41606f93837617d82085bf2 Reviewed-on: https://pdfium-review.googlesource.com/3290 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-03-29Fix undefined shift in JBig2_SddProcNicolas Pena
Bug: chromium:655535 Change-Id: I114a9447a9af107e6056e6056e7514ba789e282b Reviewed-on: https://pdfium-review.googlesource.com/3294 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-03-28Add bounds check into JBIG2 Arith decoder.Dan Sinclair
Currently when the BitStream runs out of bits it pretends that it still has content and will continue to return the last byte over and over again. This Cl updates the jbig decoder to detect that the bit stream is complete and returns a decode error. Bug: chromium:665056 Change-Id: I61ca75713e677a2c280e80374b8dcfd48bee67d8 Reviewed-on: https://pdfium-review.googlesource.com/3244 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-03-28Add JBig2_BitStream ReadNBits unittestsDan Sinclair
Add test for reading past end of buffer and successful read of bits. Bug: chromium:672176 Change-Id: Ibe2d818185cdb2260011d3fc8cad94ebb16984b7 Reviewed-on: https://pdfium-review.googlesource.com/3233 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-03-27Convert new into MakeUniqueDan Sinclair
This Cl converts some new calls into pdfium::MakeUnique calls. Change-Id: Ifa4a67e305ffa75e2be560447ece21ccfa70bf3f Reviewed-on: https://pdfium-review.googlesource.com/3232 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-03-27Verify available bits in bit streamDan Sinclair
The methods to read n bits from the huffman stream are not correctly checking that the bits are available. This means, we'll end up reading 0 bits due to the checks below and pretend like the read worked. This Cl adds the check that we are not at the end of the bit buffer before attempting the bit read. Bug: chromium:672176 Change-Id: I206f2d54da31c344cf649ca024644d1cce762fe7 Reviewed-on: https://pdfium-review.googlesource.com/3231 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-03Check for overflow in JBig2 Huffman decoderDan Sinclair
This CL updates the Huffman decoder in the JBig2 codex to check the low field does not overflow. BUG=chromium:675236 Change-Id: I7f5f6fe8329df4ece6f317fac521fe2373686479 Reviewed-on: https://pdfium-review.googlesource.com/2131 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2016-12-14Remove CJBig2_List in favor of std::vector<std::unique_ptr<>>tsepez
Review-Url: https://codereview.chromium.org/2578663002
2016-12-14Avoid the ptr.reset(new XXX()) anti-patterntsepez
Be suspicious of |new|. This removes some of the easy cases. Review-Url: https://codereview.chromium.org/2571913002
2016-12-12Fix JBig2 decoding logicweili
While decoding among instances, variable "FIRSTS" should hold its value, not be reset. This was accidently changed by earlier refactoring. BUG=chromium:625848,pdfium:636 Review-Url: https://codereview.chromium.org/2569023002
2016-11-09Add early returns in CJBig2_TRDProc::decode_Arith when decode fails.npm
None of the decodes in the method are currently being checked. This is causing pdfium to take a long time rendering corrupted files. Thus, I added a couple of early returns to help prevent this from happening. BUG=450971 Review-Url: https://codereview.chromium.org/2493633002
2016-11-02Remove FX_BOOL from coretsepez
Review-Url: https://codereview.chromium.org/2477443002
2016-10-28Change some ints to bools in JBIG2 code.thestig
Review-Url: https://codereview.chromium.org/2450393004
2016-10-27Fix FX_BOOL / int noise in JBig2, pass 3tsepez
Review-Url: https://codereview.chromium.org/2457943002
2016-10-27Fix FX_BOOL / int noise in JBig2, pass 2tsepez
Review-Url: https://codereview.chromium.org/2461543002
2016-10-27Fix FX_BOOL / int noise in JBig2_Grd*Proctsepez
Replace most of these with ints since the are used in integer operations. If it walks like a duck, and quacks like a duck ... despite what the hungarian notation might say. Review-Url: https://codereview.chromium.org/2455523005
2016-10-13Verify number of ex flags matches number of ex items.dsinclair
Currently the JBig2 decoder can leak subimages in the case where we mark more items in EXFLAGS then we have SDNUMEXSYMS. This Cl checks for this condition and fails the decode if it happens. BUG=chromium:654365 Review-Url: https://codereview.chromium.org/2419553002
2016-10-06Reject JBig2 Huffman table with too large shift valuekcwu
BUG=chromium:653044 Review-Url: https://codereview.chromium.org/2397783002
2016-10-04Move core/fpdfapi/fpdf_parser to core/fpdfapi/parserdsinclair
BUG=pdfium:603 Review-Url: https://codereview.chromium.org/2392603004
2016-09-29Move core/fxcrt/include to core/fxcrtdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2382723003
2016-09-29Move core/fxcodec/codec/include and core/fxcodec/include files updsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2381063002
2016-09-29Move core/fpdfapi/fpdf_parser/include to core/fpdfapi/fpdf_parserdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2383543002
2016-08-08Check if image width or height are zero before proceeding.dsinclair
If the width of the CJBig2_Image is set to 0 then the stride_pixels will be zero and when we divide we'll get a floating point exception. If the width or height are zero then we can exit early without proceeding with the rest of the constructor. BUG=chromium:635008 Review-Url: https://codereview.chromium.org/2222843004
2016-08-02Bound total pixels in JBig2 images to avoid overflows later.tsepez
Also make these private to ensure they aren't modified so as to violate the bounds checks applied at creation time. BUG=633002 Review-Url: https://codereview.chromium.org/2202013002