Age | Commit message (Collapse) | Author |
|
Upstream commit:
https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
Bug: chromium:711638
Change-Id: I46de1a00f9bb8d5de8df64ec78a9d62dcb4352ed
Reviewed-on: https://pdfium-review.googlesource.com/4310
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
In a way similar to the existing USE_SYSTEM_LIBJPEG. The default is of
course still the DEPS-based zlib checkout.
Change-Id: I649e75beb1a19c4cf7abda42fa10ebe5babfe946
Reviewed-on: https://pdfium-review.googlesource.com/4070
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
It's possible for the nVal to become negative as it is shifted. This Cl
changes nVal to be a checked_numeric and bails out if the shift is invalid.
Bug: chromium:708504
Change-Id: Ia2ebbc828ece7f7d443432542784b39defe6a897
Reviewed-on: https://pdfium-review.googlesource.com/4010
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
It's possible for the RANGELEN[NTEMP] value to be larger then 32. This
will make the shift invalid if the 1 is an int. This CL changes to 1L
and uses the CheckedNumeric to validate that the result is inside the
needed range for an int.
Bug: chromium:708439
Change-Id: I1f0359985c2d7769367bd0edcf5e081f5bb58816
Reviewed-on: https://pdfium-review.googlesource.com/3991
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Depending on the code table, it's possible to have the largest PREFLEN
value in the huffman table to be > 32. This will, potentially, cause the
calcuation of ((FIRSTCODE[i - 1] + LENCOUNT[i - 1]) << 1 to overflow the
int value and cause a negative shift.
This Cl checks the shift value and failes the initialization if we would
shift a negative value.
Bug: chromium:709781
Change-Id: Ia165a01ba9412e31c5e5a43717d415fcb42eafe5
Reviewed-on: https://pdfium-review.googlesource.com/3990
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
- All callers of CFX_DIBitmap methods use nullptr as the ICC Transform.
- The CFX_ScanlineCompositor is always initialized with a null ICC transform.
Many of its methods call TranslateScanline from the ICC module. This method
casts just uses ((CLcmsCmm*)pTransform)->m_hTransform, and this should not be
done when pTransform is nullptr.
Change-Id: I1b846d1f20699fa017cb9a276be3214eb8fabd4b
Reviewed-on: https://pdfium-review.googlesource.com/3931
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Repeated looping over Realloc() with a linearly increasing buffer
size is going to be O(N^2) which is why it was limited to small
cases. But it's wrong to do it anyways, and it kicks out a
lurking issue in PartitionAlloc as it turns out.
See https://crbug.com/709271, but this doesn't actually fix that
issue, it just avoids it.
Change-Id: I39d8f8df0d5fc358b7b9caa15c507a8f57e45004
Reviewed-on: https://pdfium-review.googlesource.com/3910
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Combine some common CCodec_Jbig2Module code.
Change-Id: I9a046314bc0e9dddc9a8c1a06b37764e9f3cc4b6
Reviewed-on: https://pdfium-review.googlesource.com/3713
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Pass stream argument to constructor; it feels like a
stream accessor should always be made from a stream rather
than passing one in after the fact.
Change-Id: Iaa46cb37677b81f0170f5d39bab76ad38ea4af44
Reviewed-on: https://pdfium-review.googlesource.com/3620
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
After this CL, fx_dib.h only has some definitions used in multiple places.
Definitions that were of restricted usage were moved out to the corresponding
place. Includes in fx_dib were reduced, thus revealing other needed includes.
Change-Id: I3607da0af81c491256d64c0aa085225631efbdcc
Reviewed-on: https://pdfium-review.googlesource.com/3594
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: Icf6b0ec88dfc8dc707b18ca4ad25dd77610b4c91
Reviewed-on: https://pdfium-review.googlesource.com/3622
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This Cl drops the FXSYS_ from mem methods which are the same on all
platforms.
Bug: pdfium:694
Change-Id: I9d5ae905997dbaaec5aa0b2ae4c07358ed9c6236
Reviewed-on: https://pdfium-review.googlesource.com/3613
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl drops the FXSYS_ from math methods which are the same on all
platforms.
Bug: pdfium:694
Change-Id: I85c9ff841fd9095b1434f67319847ba0cd9df7ac
Reviewed-on: https://pdfium-review.googlesource.com/3598
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This Cl drops the FXSYS_ from string methods which are the same on
all platforms.
Bug: pdfium:694
Change-Id: I1698aafd84f40474997549ae91ce35603377e303
Reviewed-on: https://pdfium-review.googlesource.com/3597
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
BUG=chromium:541704
Change-Id: I313d8853450ff5940b3baa4054ff441b342c46b7
Reviewed-on: https://pdfium-review.googlesource.com/3350
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
This CL replaces some new's with pdfium::MakeUnique.
Change-Id: I50faf3ed55e7730b094c14a7989a9dd51cf33cbb
Reviewed-on: https://pdfium-review.googlesource.com/3430
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
- Used unique_ptr and vector to avoid FX_Free usage.
- Removed goto's.
Bug: chromium:655535
Change-Id: Iec17b9fd2432551bc41606f93837617d82085bf2
Reviewed-on: https://pdfium-review.googlesource.com/3290
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Bug: chromium:655535
Change-Id: I114a9447a9af107e6056e6056e7514ba789e282b
Reviewed-on: https://pdfium-review.googlesource.com/3294
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Currently when the BitStream runs out of bits it pretends that it
still has content and will continue to return the last byte over and
over again. This Cl updates the jbig decoder to detect that the bit
stream is complete and returns a decode error.
Bug: chromium:665056
Change-Id: I61ca75713e677a2c280e80374b8dcfd48bee67d8
Reviewed-on: https://pdfium-review.googlesource.com/3244
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Add test for reading past end of buffer and successful read of bits.
Bug: chromium:672176
Change-Id: Ibe2d818185cdb2260011d3fc8cad94ebb16984b7
Reviewed-on: https://pdfium-review.googlesource.com/3233
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This reverts commit 31b08d4cdaa17d7a03f35e087096a77036af98ec.
Re-landing the patch after fixing skia build issue.
Change-Id: Ie7039890088b803a6ec5ce365d70f57277459b48
Reviewed-on: https://pdfium-review.googlesource.com/3245
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This reverts commit 0004f29bf6ee3c6060a272c79f14993e92e053c7.
Reason for revert: Breaks build with skia_paths enabled (which will break the chrome roll).
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:1858:38: error: no member named 'get' in 'CFX_RetainPtr<CFX_DIBitmap>'
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:1861:42: error: no member named 'get' in 'CFX_RetainPtr<CFX_DIBitmap>'
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2987:15: error: no viable overloaded '='
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2991:18: error: no viable overloaded '='
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2999:17: error: no viable overloaded '='
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:3001:43: error: no member named 'GetObject' in 'CFX_RetainPtr<CFX_DIBitmap>'
Original change's description:
> Refcount all CFX_DIBSources (and subclasses) all the time.
>
> There are currently several ownership models for these objects,
> including ad-hoc logic for sharing and deletion, and the
> now-redundant CFX_DIBitmapRef externally-counted handle to the DIBs.
>
> Replace them all with the internal refcount scheme.
>
> Change-Id: I2db399dfc19219eda384f94cc989353b78ce2872
> Reviewed-on: https://pdfium-review.googlesource.com/3166
> Reviewed-by: dsinclair <dsinclair@chromium.org>
> Commit-Queue: dsinclair <dsinclair@chromium.org>
>
TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org,pdfium-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: I678b1fbc5e666cf7a19372ebaff3270fb115ba5e
Reviewed-on: https://pdfium-review.googlesource.com/3243
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
There are currently several ownership models for these objects,
including ad-hoc logic for sharing and deletion, and the
now-redundant CFX_DIBitmapRef externally-counted handle to the DIBs.
Replace them all with the internal refcount scheme.
Change-Id: I2db399dfc19219eda384f94cc989353b78ce2872
Reviewed-on: https://pdfium-review.googlesource.com/3166
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl converts some new calls into pdfium::MakeUnique calls.
Change-Id: Ifa4a67e305ffa75e2be560447ece21ccfa70bf3f
Reviewed-on: https://pdfium-review.googlesource.com/3232
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The methods to read n bits from the huffman stream are not correctly
checking that the bits are available. This means, we'll end up reading
0 bits due to the checks below and pretend like the read worked.
This Cl adds the check that we are not at the end of the bit buffer
before attempting the bit read.
Bug: chromium:672176
Change-Id: I206f2d54da31c344cf649ca024644d1cce762fe7
Reviewed-on: https://pdfium-review.googlesource.com/3231
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This is the same version used by Chromium (as
also the latest release of zlib).
BUG=687631
Change-Id: Ia4bcdee3c36443ba01914d157ea795d7fb881a45
Reviewed-on: https://pdfium-review.googlesource.com/3096
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This reverts commit 55d1d0191ea8316df32858d8cc62fb7c620e8613.
Reason for revert: Slowing down corpus tests by a lot on Mac/Win
Original change's description:
> Remove CFX_FixedBufGrow
>
> This Cl replaces the CFX_FixedBufGrow class with std::vector.
>
> Change-Id: I85c85b7a8de4794840b561e09841bb464cfa9dfe
> Reviewed-on: https://pdfium-review.googlesource.com/3138
> Reviewed-by: Tom Sepez <tsepez@chromium.org>
> Commit-Queue: dsinclair <dsinclair@chromium.org>
>
TBR=tsepez@chromium.org,dsinclair@chromium.org,pdfium-reviews@googlegroups.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: Iaee27570f140b2033b5d8fb8f3077fc839558d64
Reviewed-on: https://pdfium-review.googlesource.com/3158
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This Cl replaces the CFX_FixedBufGrow class with std::vector.
Change-Id: I85c85b7a8de4794840b561e09841bb464cfa9dfe
Reviewed-on: https://pdfium-review.googlesource.com/3138
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Ue it to fix a typo as well.
BUG=pdfium:634
Change-Id: I2d686242ffb841aedc2fae6a3cf7a00bea667404
Reviewed-on: https://pdfium-review.googlesource.com/3113
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I1e30d68dae3bf70cf3c426f6126d593b7f1c3ba4
Reviewed-on: https://pdfium-review.googlesource.com/2991
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Make RLE error handling more consistent.
BUG=chromium:700576
Change-Id: I37290ede666ba3e0a697d9d6eb209f869a07293d
Reviewed-on: https://pdfium-review.googlesource.com/2990
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Avoid writing |Type| in CollectionSize<Type>() so that index
type can change without rewriting conditions.
Change-Id: I40c94ca39148b379908760ba9b861114b88af7bb
Reviewed-on: https://pdfium-review.googlesource.com/3056
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I158b7d80b0ec28b742a9f2d5a96f3dde7fb3ab56
Reviewed-on: https://pdfium-review.googlesource.com/3031
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: I96e0a20d66b9184d22f64d8e4ce0dadd5a78c1e8
Reviewed-on: https://pdfium-review.googlesource.com/2967
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2071693002
|
|
When the value read is equal to -INT_MIN, we cannot negate it since it will
be out of bounds, so return error in this case.
BUG=chromium:628559
Change-Id: I7e47a71ef0d35cfb2d1fddc0ba644f9aac79ec3f
Reviewed-on: https://pdfium-review.googlesource.com/2965
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: I16acba7b3eda26b4edfbfe0cb356267bd536fee8
Reviewed-on: https://pdfium-review.googlesource.com/2964
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
The spec says a1 is to the right of a0, a2 to the right of a1. I think that
means that the run lengths have to be positive, but that certainly means that
they cannot be negative.
BUG=chromium:699340
Change-Id: Ic07a272e63610f7a66c5073179cdb2768f80e2b8
Reviewed-on: https://pdfium-review.googlesource.com/2963
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL cleans up the namespacing along with some type confusion in the flate
codec class.
Change-Id: I4772ee571bcd78f1c839b5cefc370860aca06bb3
Reviewed-on: https://pdfium-review.googlesource.com/2917
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
BMP_WIDTHBYTES starts with: (width * bitCount) + 31. Since bitCount can be as
large as 32, to avoid this overflowing we need width <= 67108863.
BUG=chromium:628559
Change-Id: I4fd33b65da76225c8200a22380f2bfc4523c5c8d
Reviewed-on: https://pdfium-review.googlesource.com/2934
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Before writting to the stream buffer make sure that we won't walk off the end
of the allocated size.
In this specific case the dest_size of the buffer is 0, so we're basically just
looping over to free the temp results.
BUG=chromium:697847
Change-Id: I229eea96179692216cb2685facbb7d5379c501c7
Reviewed-on: https://pdfium-review.googlesource.com/2903
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
The one step to make an actual concrete class is conditionalized
in fpdfview and is unconditional in the fuzzer.
Also replace the clumsy C-style callbacks with a delegate
interface as long as we are making new interfaces.
Change-Id: I733a437483ce5e0c34211cfbbda05105336f55b5
Reviewed-on: https://pdfium-review.googlesource.com/2887
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
- Constify test data
- ASSERT_EQ() buffer size
- EXPECT_EQ() arguments are reversed
- Fix typos in comments
Change-Id: I846bfcc29bbf43d0a8b333250d1cce1aae5a8d59
Reviewed-on: https://pdfium-review.googlesource.com/2841
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
This is something we'd like to try for initial XFA launches
adding in codecs as justified by results in the wild.
Adding statistics for the unsupported cases is a follow-up
exercise once this builds correctly.
We always build all the additional libraries, to allow
fuzzers to link against them even if we are not shipping
them. The linker will sort it out for the actual code.
Rename some files to match the classes contained within.
That the existing tests seem to pass with the codecs
disabled warrants further investigation.
Change-Id: Iad269db91289f12dc9f5dda8f48121d27a0c4367
Reviewed-on: https://pdfium-review.googlesource.com/2836
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
In CCodec_ProgressiveDecoder::GifInputRecordPositionBufCallback, m_pSrcPalette
can be allocated size pal_num. So if pal_index >= pal_num, then bail out.
BUG=691278
Change-Id: Ib0157cf51cbf52ecd5d60b027e5fc32898a906ed
Reviewed-on: https://pdfium-review.googlesource.com/2699
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
BUG=682628
Change-Id: I8e88cc0c8392b078afb73f9549ea4dea9a5717fd
Reviewed-on: https://pdfium-review.googlesource.com/2390
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
A85 encoder is not called yet; fix before adding
calls to this code in Chromium.
BUG=682550
Review-Url: https://codereview.chromium.org/2649263002
|
|
We can get into a loop when gif_img_row_bytes is 0 since Decode will
return 3 when the second parameter is 0, and there is a while(ret!=0).
BUG=681170
Change-Id: I63502a8487c07030fce2373f74cec6b4f0c98297
Reviewed-on: https://pdfium-review.googlesource.com/2211
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
If the values are going to overflow, return error code, which seems to
be 2.
BUG=668822
Change-Id: I89b3fcf277e98d65b8c3438e6d9bb84fe62a8de9
Reviewed-on: https://pdfium-review.googlesource.com/2213
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
BUG=680062
Change-Id: I9e2fd960915cd1de5e0cc15aeabf9ccf27e5a795
Reviewed-on: https://pdfium-review.googlesource.com/2212
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|