summaryrefslogtreecommitdiff
path: root/core/fxcodec/lgif/fx_gif.cpp
AgeCommit message (Collapse)Author
2017-01-25Calculate code_store safely in CGifLZWDecoder::DecodeNicolas Pena
BUG=682628 Change-Id: I8e88cc0c8392b078afb73f9549ea4dea9a5717fd Reviewed-on: https://pdfium-review.googlesource.com/2390 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-16Return early when gif_img_row_bytes is 0chromium/2984Nicolas Pena
We can get into a loop when gif_img_row_bytes is 0 since Decode will return 3 when the second parameter is 0, and there is a while(ret!=0). BUG=681170 Change-Id: I63502a8487c07030fce2373f74cec6b4f0c98297 Reviewed-on: https://pdfium-review.googlesource.com/2211 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-16Return error when bits_left is too bigNicolas Pena
BUG=680062 Change-Id: I9e2fd960915cd1de5e0cc15aeabf9ccf27e5a795 Reviewed-on: https://pdfium-review.googlesource.com/2212 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-16Use FX_Alloc() properly in fxcodec.tsepez
It already has a sizeof() and a cast built into the macro, so we don't need to do sizeof() and cast on each usage. Review-Url: https://codereview.chromium.org/2625133009
2017-01-10Restrict code size in CGifLZWDecoderchromium/2978Nicolas Pena
The code_size variable is the number of bits. We should make sure that the size is at most 31 to avoid having undefined shifts etc. BUG=620661 Change-Id: Ia533386d01de93a55048cfd63d63989b2731a210 Reviewed-on: https://pdfium-review.googlesource.com/2161 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-09Remove CFX_ArrayTemplate from fpdftext and fxcodec.tsepez
Remove unused m_Segments. Review-Url: https://codereview.chromium.org/2618863004
2016-12-01Improve early return in CGifLZWDecoder::Decodenpm
|code_size_cur| could be larger than |code_size|, so |code| could be larger than |code_end|. If this happens, early return, since the Decode has failed. BUG=659417 Review-Url: https://codereview.chromium.org/2542673004
2016-11-02Remove FX_BOOL from coretsepez
Review-Url: https://codereview.chromium.org/2477443002
2016-08-31Free the GifPlainText object when complete.dsinclair
We allocate the GifPlainText object on line ~685 inside GIF_D_STATUS_EXT_PTE. We cleanup the internal pointers in the gif_destroy_decompress() but we failed to cleanup the pointer itself. This CL frees the allocated pointer once the data is cleaned up. BUG=chromium:638499 Review-Url: https://codereview.chromium.org/2291143003
2016-08-12fix 617135hong_zhang
to fix bug 617135 617135 described an exploit against pdfium using a malformed gif. This fix introduced a couple edge case handling lines to address the OOB issue. BUG= 617135 Review-Url: https://codereview.chromium.org/2230683002
2016-06-14Make code compile with clang_use_chrome_plugin (part II)weili
This change contains files in core directory which were not covered in part I. This is part of the efforts to make PDFium code compilable by Clang chromium style plugins. The changes are mainly the following: -- move inline constructor/destructor of complex class/struct out-of-line; -- add constructor/destructor of complex class/struct if not explicitly defined; -- add explicit out-of-line copy constructor when needed; -- move inline virtual functions out-of-line; -- Properly mark virtual functions with 'override'; -- some minor cleanups; BUG=pdfium:469 Review-Url: https://codereview.chromium.org/2060913003
2016-06-07Fix more code which has shadow variablesweili
The code has local variables that shadow struct or class member variables. Also, when this happens, different variable names should be used instead of namespaces. These were discovered by /Wshadow warning flag in Clang. Review-Url: https://codereview.chromium.org/2034253003
2016-06-07Get rid of NULLs in core/thestig
Review-Url: https://codereview.chromium.org/2032613003
2016-04-14Replace calls to deprecated CFX_{Wide,Byte}String::Empty()tsepez
Use the more standard name "clear()" instead. Review URL: https://codereview.chromium.org/1888103002
2016-03-25Remove FX_DWORD from core/ and delete definitionchromium/2695chromium/2694chromium/2693chromium/2692tsepez
Review URL: https://codereview.chromium.org/1832173003
2016-03-21Remove FX_WORD in favor of uint16_t.Tom Sepez
It isn't buying us anthing, and it looks strange in a struct when other uint types are already present. R=dsinclair@chromium.org Review URL: https://codereview.chromium.org/1821043003 .
2016-03-14Move core/src/ up to core/.Dan Sinclair
This CL moves the core/src/ files up to core/ and fixes up the include guards, includes and build files. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1800523005 .