Age | Commit message (Collapse) | Author |
|
It's possible for the nVal to become negative as it is shifted. This Cl
changes nVal to be a checked_numeric and bails out if the shift is invalid.
Bug: chromium:708504
Change-Id: Ia2ebbc828ece7f7d443432542784b39defe6a897
Reviewed-on: https://pdfium-review.googlesource.com/4010
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
It's possible for the RANGELEN[NTEMP] value to be larger then 32. This
will make the shift invalid if the 1 is an int. This CL changes to 1L
and uses the CheckedNumeric to validate that the result is inside the
needed range for an int.
Bug: chromium:708439
Change-Id: I1f0359985c2d7769367bd0edcf5e081f5bb58816
Reviewed-on: https://pdfium-review.googlesource.com/3991
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Depending on the code table, it's possible to have the largest PREFLEN
value in the huffman table to be > 32. This will, potentially, cause the
calcuation of ((FIRSTCODE[i - 1] + LENCOUNT[i - 1]) << 1 to overflow the
int value and cause a negative shift.
This Cl checks the shift value and failes the initialization if we would
shift a negative value.
Bug: chromium:709781
Change-Id: Ia165a01ba9412e31c5e5a43717d415fcb42eafe5
Reviewed-on: https://pdfium-review.googlesource.com/3990
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Combine some common CCodec_Jbig2Module code.
Change-Id: I9a046314bc0e9dddc9a8c1a06b37764e9f3cc4b6
Reviewed-on: https://pdfium-review.googlesource.com/3713
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Pass stream argument to constructor; it feels like a
stream accessor should always be made from a stream rather
than passing one in after the fact.
Change-Id: Iaa46cb37677b81f0170f5d39bab76ad38ea4af44
Reviewed-on: https://pdfium-review.googlesource.com/3620
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This Cl drops the FXSYS_ from mem methods which are the same on all
platforms.
Bug: pdfium:694
Change-Id: I9d5ae905997dbaaec5aa0b2ae4c07358ed9c6236
Reviewed-on: https://pdfium-review.googlesource.com/3613
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL replaces some new's with pdfium::MakeUnique.
Change-Id: I50faf3ed55e7730b094c14a7989a9dd51cf33cbb
Reviewed-on: https://pdfium-review.googlesource.com/3430
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
- Used unique_ptr and vector to avoid FX_Free usage.
- Removed goto's.
Bug: chromium:655535
Change-Id: Iec17b9fd2432551bc41606f93837617d82085bf2
Reviewed-on: https://pdfium-review.googlesource.com/3290
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Bug: chromium:655535
Change-Id: I114a9447a9af107e6056e6056e7514ba789e282b
Reviewed-on: https://pdfium-review.googlesource.com/3294
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Currently when the BitStream runs out of bits it pretends that it
still has content and will continue to return the last byte over and
over again. This Cl updates the jbig decoder to detect that the bit
stream is complete and returns a decode error.
Bug: chromium:665056
Change-Id: I61ca75713e677a2c280e80374b8dcfd48bee67d8
Reviewed-on: https://pdfium-review.googlesource.com/3244
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Add test for reading past end of buffer and successful read of bits.
Bug: chromium:672176
Change-Id: Ibe2d818185cdb2260011d3fc8cad94ebb16984b7
Reviewed-on: https://pdfium-review.googlesource.com/3233
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl converts some new calls into pdfium::MakeUnique calls.
Change-Id: Ifa4a67e305ffa75e2be560447ece21ccfa70bf3f
Reviewed-on: https://pdfium-review.googlesource.com/3232
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The methods to read n bits from the huffman stream are not correctly
checking that the bits are available. This means, we'll end up reading
0 bits due to the checks below and pretend like the read worked.
This Cl adds the check that we are not at the end of the bit buffer
before attempting the bit read.
Bug: chromium:672176
Change-Id: I206f2d54da31c344cf649ca024644d1cce762fe7
Reviewed-on: https://pdfium-review.googlesource.com/3231
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL updates the Huffman decoder in the JBig2 codex to check the low field
does not overflow.
BUG=chromium:675236
Change-Id: I7f5f6fe8329df4ece6f317fac521fe2373686479
Reviewed-on: https://pdfium-review.googlesource.com/2131
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2578663002
|
|
Be suspicious of |new|. This removes some of the
easy cases.
Review-Url: https://codereview.chromium.org/2571913002
|
|
While decoding among instances, variable "FIRSTS" should hold its
value, not be reset. This was accidently changed by earlier
refactoring.
BUG=chromium:625848,pdfium:636
Review-Url: https://codereview.chromium.org/2569023002
|
|
None of the decodes in the method are currently being checked. This is
causing pdfium to take a long time rendering corrupted files. Thus, I
added a couple of early returns to help prevent this from happening.
BUG=450971
Review-Url: https://codereview.chromium.org/2493633002
|
|
Review-Url: https://codereview.chromium.org/2477443002
|
|
Review-Url: https://codereview.chromium.org/2450393004
|
|
Review-Url: https://codereview.chromium.org/2457943002
|
|
Review-Url: https://codereview.chromium.org/2461543002
|
|
Replace most of these with ints since the are used in integer
operations. If it walks like a duck, and quacks like a duck
... despite what the hungarian notation might say.
Review-Url: https://codereview.chromium.org/2455523005
|
|
Currently the JBig2 decoder can leak subimages in the case where we mark
more items in EXFLAGS then we have SDNUMEXSYMS. This Cl checks for this
condition and fails the decode if it happens.
BUG=chromium:654365
Review-Url: https://codereview.chromium.org/2419553002
|
|
BUG=chromium:653044
Review-Url: https://codereview.chromium.org/2397783002
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2392603004
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2382723003
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2381063002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2383543002
|
|
If the width of the CJBig2_Image is set to 0 then the stride_pixels will be
zero and when we divide we'll get a floating point exception.
If the width or height are zero then we can exit early without proceeding with
the rest of the constructor.
BUG=chromium:635008
Review-Url: https://codereview.chromium.org/2222843004
|
|
Also make these private to ensure they aren't modified so as to
violate the bounds checks applied at creation time.
BUG=633002
Review-Url: https://codereview.chromium.org/2202013002
|
|
Change the last use of CFX_Deletable to its actual type and remove
the use of CFX_Deletable.
Review-Url: https://codereview.chromium.org/2178613002
|
|
Use unique_ptr for class owned member variables, and remove unnecessary
or unused functions and member variable.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2149903002
|
|
The code has local variables that shadow struct or class member
variables. Also, when this happens, different variable names should be
used instead of namespaces.
These were discovered by /Wshadow warning flag in Clang.
Review-Url: https://codereview.chromium.org/2034253003
|
|
Review-Url: https://codereview.chromium.org/2032613003
|
|
In CJBig2_SDDProc::decode_Arith we will set a SDNEWSYMS value to nullptr if the
height or width are 0. With the PDF from the bug, all of the decoders are set
to nullptr. Then, we call into CJBig2_TRDProc::decode_Arith and pull out
one of the nullptr decoders and attempt to use it, crashing.
This CL adds a check that we have a non-null decoder before attempting to use
the decoder.
BUG=pdfium:511
Review-Url: https://codereview.chromium.org/2048683002
|
|
The code may not cause error conditions, but can be improved. These
warnings include uninitialized variables, signed/unsigned mismatch,
redundant condition, and using bool in arithmetic operations.
Also remove a chunk of unused code.
BUG=chromium:613623, chromium:427616
Review-Url: https://codereview.chromium.org/2036203004
|
|
When the condition is "status == FXCODEC_STATUS_DECODE_TOBECONTINUE"
while |status| never gets updated in the loop, it would enter infinite
loop.
Also, since Start_decode_MMR() never returns
FXCODEC_STATUS_DECODE_TOBECONTINUE, there is no point to check on the
return value for that.
Review-Url: https://codereview.chromium.org/2013263002
|
|
Clean up three 4701 warnings (use potientially uninitialized variable)
which are the only ones left;
Re-enable warning 4701 for GN build;
Remove an unused data structure;
BUG=pdfium:29
Review URL: https://codereview.chromium.org/1885093002
|
|
Review URL: https://codereview.chromium.org/1864153002
|
|
We removed the FX_DWORD typedef in favour of uint32_t. This CL cleans up the
FX_SAFE_DWORD naming to match.
BUG=pdfium:81, pdfium:470
Review URL: https://codereview.chromium.org/1861403002
|
|
VS 2015 has a new or louder warning about 32-bit shifts that are then
assigned to a 64-bit target. This type of code triggers it:
int64_t size = 1 << shift_amount;
Because the '1' being shifted is a 32-bit int the result of the shift
will be a 32-bit result, so assigning it to a 64-bit variable is just
misleading.
In this case the code that triggers it is this:
m_IAID.resize(1 << SBSYMCODELEN);
The destination is a size_t so the warning only shows up on 64-bit
builds and doesn't indicate a real bug. But, casting the '1' constant
to size_t makes the behavior/intent more obvious and consistent and
allows enabling C4334 in Chromium.
BUG=593448
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1843253002 .
|
|
The warnings generated by Clang. This is part 1 for some simple cases.
BUG=pdfium:29
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1840483003 .
|
|
Review URL: https://codereview.chromium.org/1832173003
|
|
This CL moves the fxcrt code into the core/fxcrt directory. The only exception
was fx_bidi.h which was moved into core/fxcrt as it is not used outside of
core/.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1825953002 .
|
|
BUG=pdfium:29
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1821423002 .
|
|
It isn't buying us anthing, and it looks strange in
a struct when other uint types are already present.
R=dsinclair@chromium.org
Review URL: https://codereview.chromium.org/1821043003 .
|
|
Remove some tables from .h file (risk of duplication).
R=ochang@chromium.org
Review URL: https://codereview.chromium.org/1814233005 .
|
|
Re-enable the following warnings:
4245: signed/unsigned conversion mismatch;
4310: cast may truncate data;
4389: operator on signed/unsigned mismatch;
4701: use potentially uninitialized local variable;
4706: assignment within conditional expression
Clean up the code to avoid those warnings.
BUG=pdfium:29
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1801383002 .
|
|
This Cl moves a bunch of the files from core/include/fpdfapi to their correct
location outside the core/include tree.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1805603002 .
|