| Age | Commit message (Collapse) | Author |
|---|
|
This CL adds some checks to make sure the DecodeString method does not go out
out control:
If code is equal to code_table[code].prefix, it will try to loop forever.
Even if that's not the case, avoid reading a negative position from the stack.
Bug: chromium:722672
Change-Id: I638f91542ba21f3a9915198fef853cc3cf94f4f1
Reviewed-on: https://pdfium-review.googlesource.com/5513
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
From the Gif spec:
'The output codes are of variable length, starting at <code size>+1 bits per
code, up to 12 bits per code. This defines a maximum code value of 4095
(0xFFF).'
'Because the LZW compression used for GIF creates a series of variable length
codes, of between 3 and 12 bits each'
Bug: chromium:722115
Change-Id: Ic9cff99e6012195a6b5173693b029dc710285688
Reviewed-on: https://pdfium-review.googlesource.com/5490
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL fixes a leak that can be caused by a longjmp in ErrorData. The method
is renamed to express the fact that it includes such, and a followup should
remove the jmps altogether.
Bug: chromium:721488
Change-Id: Iefcc82a77a30ff77b7973b05611440a8d5bf275e
Reviewed-on: https://pdfium-review.googlesource.com/5450
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I60c9cbd83ff9e7a30a5a570a6ad1cf8f52360c07
Reviewed-on: https://pdfium-review.googlesource.com/5410
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Before, all pointers were being initialized to 0. After raw pointers were
changed to vectors, data() was used in some cases, but now no longer returns
nullptr when it is supposed to. This CL fixes that.
Bug: chromium:721417
Change-Id: Ia31b75b18dc17d7eed48538145fe5d0d59668843
Reviewed-on: https://pdfium-review.googlesource.com/5353
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: I9754da8d1bf54b328761ac9d83fcc4a3518b4a73
Reviewed-on: https://pdfium-review.googlesource.com/5230
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL changes the tag_gif_decompress_struct into CGifDecompressor. It cleans
up a bunch of unnecessary function pointers and starts cleaning up the members
of the new class.
Change-Id: Id49cd8f5377dc8daaa15118551dadad4ddde7931
Reviewed-on: https://pdfium-review.googlesource.com/5170
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: If37147f513a87bafb3299a493393a6bc44165dbe
Reviewed-on: https://pdfium-review.googlesource.com/4811
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: I7d2d731b8b18d315b5587e1d0d9737c08cbcdead
Reviewed-on: https://pdfium-review.googlesource.com/4710
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Only use code_end to finish the decoding. Remove ASSERT from DecodeString since
it may be triggered. The following if statement handles that case anyways.
Bug: pdfium:707
Change-Id: Id6ec3c66d0e43c46308b4c3416da6c482ceafc69
Reviewed-on: https://pdfium-review.googlesource.com/4670
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This Cl drops the FXSYS_ from mem methods which are the same on all
platforms.
Bug: pdfium:694
Change-Id: I9d5ae905997dbaaec5aa0b2ae4c07358ed9c6236
Reviewed-on: https://pdfium-review.googlesource.com/3613
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl drops the FXSYS_ from string methods which are the same on
all platforms.
Bug: pdfium:694
Change-Id: I1698aafd84f40474997549ae91ce35603377e303
Reviewed-on: https://pdfium-review.googlesource.com/3597
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Avoid writing |Type| in CollectionSize<Type>() so that index
type can change without rewriting conditions.
Change-Id: I40c94ca39148b379908760ba9b861114b88af7bb
Reviewed-on: https://pdfium-review.googlesource.com/3056
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I96e0a20d66b9184d22f64d8e4ce0dadd5a78c1e8
Reviewed-on: https://pdfium-review.googlesource.com/2967
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
BUG=682628
Change-Id: I8e88cc0c8392b078afb73f9549ea4dea9a5717fd
Reviewed-on: https://pdfium-review.googlesource.com/2390
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
We can get into a loop when gif_img_row_bytes is 0 since Decode will
return 3 when the second parameter is 0, and there is a while(ret!=0).
BUG=681170
Change-Id: I63502a8487c07030fce2373f74cec6b4f0c98297
Reviewed-on: https://pdfium-review.googlesource.com/2211
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
BUG=680062
Change-Id: I9e2fd960915cd1de5e0cc15aeabf9ccf27e5a795
Reviewed-on: https://pdfium-review.googlesource.com/2212
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
It already has a sizeof() and a cast built into the macro,
so we don't need to do sizeof() and cast on each usage.
Review-Url: https://codereview.chromium.org/2625133009
|
|
The code_size variable is the number of bits. We should make sure that
the size is at most 31 to avoid having undefined shifts etc.
BUG=620661
Change-Id: Ia533386d01de93a55048cfd63d63989b2731a210
Reviewed-on: https://pdfium-review.googlesource.com/2161
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Remove unused m_Segments.
Review-Url: https://codereview.chromium.org/2618863004
|
|
|code_size_cur| could be larger than |code_size|, so |code| could be
larger than |code_end|. If this happens, early return, since the Decode
has failed.
BUG=659417
Review-Url: https://codereview.chromium.org/2542673004
|
|
Review-Url: https://codereview.chromium.org/2477443002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2382723003
|
|
We allocate the GifPlainText object on line ~685 inside GIF_D_STATUS_EXT_PTE.
We cleanup the internal pointers in the gif_destroy_decompress() but we
failed to cleanup the pointer itself.
This CL frees the allocated pointer once the data is cleaned up.
BUG=chromium:638499
Review-Url: https://codereview.chromium.org/2291143003
|
|
to fix bug 617135
617135 described an exploit against pdfium using a malformed gif.
This fix introduced a couple edge case handling lines to address
the OOB issue.
BUG= 617135
Review-Url: https://codereview.chromium.org/2230683002
|
|
This change contains files in core directory which were not covered
in part I. This is part of the efforts to make PDFium code compilable
by Clang chromium style plugins.
The changes are mainly the following:
-- move inline constructor/destructor of complex class/struct out-of-line;
-- add constructor/destructor of complex class/struct if not
explicitly defined;
-- add explicit out-of-line copy constructor when needed;
-- move inline virtual functions out-of-line;
-- Properly mark virtual functions with 'override';
-- some minor cleanups;
BUG=pdfium:469
Review-Url: https://codereview.chromium.org/2060913003
|
|
The code has local variables that shadow struct or class member
variables. Also, when this happens, different variable names should be
used instead of namespaces.
These were discovered by /Wshadow warning flag in Clang.
Review-Url: https://codereview.chromium.org/2034253003
|
|
Review-Url: https://codereview.chromium.org/2032613003
|
|
Use the more standard name "clear()" instead.
Review URL: https://codereview.chromium.org/1888103002
|
|
Review URL: https://codereview.chromium.org/1832173003
|
|
This CL moves the fxcrt code into the core/fxcrt directory. The only exception
was fx_bidi.h which was moved into core/fxcrt as it is not used outside of
core/.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1825953002 .
|
|
It isn't buying us anthing, and it looks strange in
a struct when other uint types are already present.
R=dsinclair@chromium.org
Review URL: https://codereview.chromium.org/1821043003 .
|
|
This CL moves the core/src/ files up to core/ and fixes up the include guards,
includes and build files.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1800523005 .
|
