| Age | Commit message (Collapse) | Author |
|---|
|
Now considering anything not representable by a 32-bit signed int
as OOB rather than decoding some arbitrary overflowed value.
Bug: chromium:761666
Change-Id: I00f5a3abadca51f9bedc5e5d78f7f184040c2f33
Reviewed-on: https://pdfium-review.googlesource.com/14010
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
|
|
Due to some of the size parameters for allocating space in Decode()
depending on the values produced by opj_decode(), this change was
causing misallocation of space, which in turn was causing illegal
reads/writes.
The issue with excessive memory usage that the original CL was trying
to change is less significant than the above mentioned problems, so
reverting this fix and looking for another solution to the
problem. This will re-open bugs https://crbug.com/754423 and
https://crbug.com/761005.
BUG=chromium:764177,chromium:754423,chromium:761005
Change-Id: I1cafac8a8117ec1e3bc32b31196bdec719d46477
Reviewed-on: https://pdfium-review.googlesource.com/13950
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
|
|
BUG=chromium:761005
Change-Id: I538e49f1eeb32891b33677d8587d2bed110b1fc1
Reviewed-on: https://pdfium-review.googlesource.com/13692
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
This patch was authored by Ke Liu of Tencent's Xuanwu Lab.
BUG=762374
Change-Id: Icb3ee98fb4c399b871ccf11e9920af7caf51be11
Reviewed-on: https://pdfium-review.googlesource.com/13610
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Chris Palmer <palmer@chromium.org>
|
|
BUG=chromium:762106
Change-Id: I714d69320cc4fb81d535f811c18d4ef91fec44d3
Reviewed-on: https://pdfium-review.googlesource.com/13212
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
In the existing implementation of the JPX decoder, Init extracts the
header from the image and then immediately decompresses it. This is
problematic if it is a very large image that we won't be able to
allocate a bitmap for. The code has been changed to instead delay
decompression until the Decode method, since things like dest Bitmap
generation can be performed using just the header information.
There is also a bit of renaming/casting cleanup, because I was having
a hard time parsing what was a local vs member variable.
BUG=chromium:761005
Change-Id: I55a55c0be2f88a5352a6ca056c2a816137d7c749
Reviewed-on: https://pdfium-review.googlesource.com/13550
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
This CL removes the fx_basic.h header and fixes up includes as needed.
Change-Id: I49af32a8327bdbcda40c50a61ffbd75d06609040
Reviewed-on: https://pdfium-review.googlesource.com/12670
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: Ic54e0491d9b33a06b5f85963f8127bfa4263f4d6
Reviewed-on: https://pdfium-review.googlesource.com/12450
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL moves IFX_Pause out to its own class from fx_basic and updates
includes as needed.
Change-Id: Iebdd183d8c85aa17570f190f1a7d1602c0af3c8b
Reviewed-on: https://pdfium-review.googlesource.com/12491
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL moves CFX_FixedBufGrow to its own files and updates includes as
needed.
Change-Id: Ia0cb70569b30acdb3ba9f23d8937ab8f9c17d6e6
Reviewed-on: https://pdfium-review.googlesource.com/12490
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL splits the CFX_BinaryBuf out of fx_basic into its own files. The
various includes have been updated.
Change-Id: I0fa616eeb4df6dd229c02dc3a0597b3dced59425
Reviewed-on: https://pdfium-review.googlesource.com/12412
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Bug: chromium:755532
Change-Id: Ib04426fab52d0ca1d2544a21fd2ce4faaa57123f
Reviewed-on: https://pdfium-review.googlesource.com/12430
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Refactor identical code used in decode_Template0_unopt() into their own
methods.
Change-Id: I37348a280ecc66d91fdcd3c9aabe49d2a8065417
Reviewed-on: https://pdfium-review.googlesource.com/11950
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
BUG=chromium:749610.
Change-Id: I4de7855aec552e6c143e7a8be6b90e44945a0fcb
Reviewed-on: https://pdfium-review.googlesource.com/11930
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I5f240cb0779648dc5427fecb5561086e7c0fb16a
Reviewed-on: https://pdfium-review.googlesource.com/10650
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Single no-op callback.
pdfium::clamp() where appropriate.
Use post-increment where appropriate.
Add helper functions for image type.
Change-Id: I1584a1c90b46bd87f6ee983b78b6a2119212d0fb
Reviewed-on: https://pdfium-review.googlesource.com/10270
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Mechanical change to bring into conformance with style guide.
Change-Id: I80d06708ed5c40af7e797ea5dc6279a0b4f3cf6a
Reviewed-on: https://pdfium-review.googlesource.com/10250
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Apply patch suggestions from reporter. Move all FX_Alloc'd memory
into unique_ptrs so that no bare FX_Alloc/Free_Free calls remain.
Fix a realloc / opj_realloc mismatch. Remove unused functions
color_apply_icc_profile() and color_apply_conversion(). Tidy along
the way, add some missing statics, and fix a confusing (but not quite
member shadowing) local name.
Bug: 752829
Change-Id: Ibf2d108a857e3de39e752c2c553a31e002a07caf
Reviewed-on: https://pdfium-review.googlesource.com/10230
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Chris Palmer <palmer@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
This CL creates CJBig2_HTRDProc::decode_image to reduce duplicated code
in the class.
Change-Id: Ie348179c96ff534f95cba401c4b9bd46e1c4e6ac
Reviewed-on: https://pdfium-review.googlesource.com/8410
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL removes the JBig2_GsidProc since it is only used as a single
instance in each of the methods in CJBig2_HTRDProc, so it is completely
unnecessary.
Change-Id: I69d0a4a059b9eb6ebcbbb79b92ea1cd6c22cb1cb
Reviewed-on: https://pdfium-review.googlesource.com/7930
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL removes duplicate huffman_assign_code()s and changes some
return values and members to std::vector.
Change-Id: I47a1e0e2e88ff54ec799c97e92ec9ff5ca87c6c7
Reviewed-on: https://pdfium-review.googlesource.com/7910
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I874c537454bda024224a01c905b7ba01a90a6970
Reviewed-on: https://pdfium-review.googlesource.com/7732
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL makes HDPATS in CJBig2_PatternDict be a vector of unique_ptr.
Change-Id: Ib23aed6323d4a988b2eedc4bfe95f2098d32c188
Reviewed-on: https://pdfium-review.googlesource.com/7871
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL makes CJBig2_Segment own the results: symbol, pattern, huffman,
and huffman. This causes a lot more unique_ptr usage in JBig2 code.
Change-Id: I1f0a5bfaaf85053658b467bef5325c72d1f496c7
Reviewed-on: https://pdfium-review.googlesource.com/7690
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This CL moves CMYKtoRGB methods to fx_codec. It also cleans them up a
bit, including allowing them to return tuples instead of having
non-const refs in their parameters.
Change-Id: Ib3ec45102ec7eff623cd07a624e852d39bf335e4
Reviewed-on: https://pdfium-review.googlesource.com/7591
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL switches void* to CLcmsCmm*, simplifies the ownership and
destruction of CLcmsCmm, and reduces unnecessary function calling in
fx_codec_icc.cpp.
Change-Id: Ifdbf59dcdaede497d1684b161dd066726cf08ee3
Reviewed-on: https://pdfium-review.googlesource.com/7590
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
When reading in a BMP, after processing the header, make sure that
there is enough data remaining in the source before proceeding. If not
signal that the BMP is improperly formatted.
BUG=chromium:738635
Change-Id: I506bc0e6db7dcd4b5984fd91a1f39516320a2037
Reviewed-on: https://pdfium-review.googlesource.com/7280
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
They are allocated with |opj_malloc| (which is just |malloc|), but we were
freeing them with |FX_Free|. But |FX_Free| recently changed to be
|PartitionFree|.
This is probably not the right ultimate fix, but it should solve the
high-occurence crash we're seeing in the short term.
BUG=chromium:737033
Change-Id: Ia162fe4e39731bd774d3eccb2357d9add26aa079
Reviewed-on: https://pdfium-review.googlesource.com/7230
Commit-Queue: Chris Palmer <palmer@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This is unused except for being a pathway for indirect deps.
Change-Id: I717290235ccbc59429ad24231033382958e2a086
Reviewed-on: https://pdfium-review.googlesource.com/6910
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
|
|
This CL replaces raw pointers with vector and unique_ptr. It also fixes
other nits.
Change-Id: I45c99c9aa658681ec3f0b48fc4f407b278b250f5
Reviewed-on: https://pdfium-review.googlesource.com/6830
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This CL fixes some nits in fpdf_parser_decode, especially avoiding non-const
reference parameters.
Change-Id: Ibb914850afd924bb398f886ac862f7589519ef7e
Reviewed-on: https://pdfium-review.googlesource.com/6750
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I8a17739538a9ecd63d713007550177579c0b72f0
Reviewed-on: https://pdfium-review.googlesource.com/6731
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The out_row_buffer of BMPDecompressor is made a vector. This forces the
class to have constructor/destructor. Some other members were changed
to be of size_t instead of int32_t.
Change-Id: I3f70b0322dcee2ddf9a00da7962b43f3415ba545
Reviewed-on: https://pdfium-review.googlesource.com/6691
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I64e32fc9226f57e1c9adff7809fabc6cd56e7a8f
Reviewed-on: https://pdfium-review.googlesource.com/6611
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL creates BMPDecompressor from a struct and moves into this class
many methods which naturally belong to it.
Change-Id: I042fac9b48d0b732ee9e43fbeb0eec6b52007dab
Reviewed-on: https://pdfium-review.googlesource.com/6511
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The pal_num member of bmp_ptr indicates the number of color indices
used by the bitmap. This CL returns an error when an invalid index is
found, since otherwise a heap-buffer-overflow can occur since the size
of m_pSrcPalette is calculated based on pal_num.
Bug: chromium:616670
Change-Id: I397958704bed1aa1ae259016ffd5033c07a801ee
Reviewed-on: https://pdfium-review.googlesource.com/6470
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
If the prec value in syncc444_to_rgb is more then 30 then when we shift
left we'll go negative. The subsequent -1 will cause an overflow. This
CL early returns if the prec value is > 30.
Bug: chromium:728321
Change-Id: I4d25e9bab840bc6d46f8db3490c9484392cd7a32
Reviewed-on: https://pdfium-review.googlesource.com/6414
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I4deaf8ca946c2dcb6842c5702b02eed1c22b1201
Reviewed-on: https://pdfium-review.googlesource.com/6191
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Introduce a base CCodec_GifModule::Context class with a virtual
destructor so holders of unique_ptr's to these can delete them
without actually having any knowledge of the implementation
details of the context.
Bug: 728669
Change-Id: Ia50f94300924a1053c326984eac3b03f25f1b83c
Reviewed-on: https://pdfium-review.googlesource.com/6190
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: Ief386ce0d3887cc2876ce4b430f657b7462e3277
Reviewed-on: https://pdfium-review.googlesource.com/6170
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
The module class itself is already stateless.
Clean up context in its dtor.
Change-Id: Icbab7b23ec9d3ceb773b74383056c12b61a38907
Reviewed-on: https://pdfium-review.googlesource.com/6151
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Rename FXPNG_Context and use unowned ptr. Clean up context
in its dtor. Then create and destroy using |new|.
Change-Id: I7b66e6d0da50a16d3b8d5108ffd931bb01145892
Reviewed-on: https://pdfium-review.googlesource.com/6152
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This avoids a stale delegate pointer issue in the module. In theory,
it should also allow for multiple decodes at the same time from
different contexts within the same module, but this isn't used.
Rename associated context, and use |new| to create it. Along the
way, resolve a subtle FX_Alloc() vs. user-supplied callback
free() issue, and remove supporting code.
Bug: 728323
Change-Id: I7bb66bb5d5b4fa173bec2b445a8e71ab691fdf5c
Reviewed-on: https://pdfium-review.googlesource.com/6133
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I8e31305dcf888665cb0656ac518f07541566b177
Reviewed-on: https://pdfium-review.googlesource.com/6084
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Workaround for murky ownership. Note the member will now get cleared
as a consequence of Release()
Bug: 726887
Change-Id: I3eac3d1aa915497f66a57c5effa892a15d10f583
Reviewed-on: https://pdfium-review.googlesource.com/6079
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
It's passed everywhere it is needed, and there's no reason to
believe that any specific instance will outlive the context.
Bug: 727245
Change-Id: Ie902d02fc668fb5c21adb9c4d8eb329008f3a665
Reviewed-on: https://pdfium-review.googlesource.com/6078
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Avoids the possibility of having a stale pointer in the context.
Bug: 726653
Change-Id: I8b41d2ab04e7ab07e694431b53491b3d0861e4ee
Reviewed-on: https://pdfium-review.googlesource.com/6074
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Avoid holding a stale pointer to it in CJBig2_GRDProc.
Bug: 726732
Change-Id: Ia3797a3e087f61bd2126f867fd5a282e873de5bc
Reviewed-on: https://pdfium-review.googlesource.com/6050
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3
Reviewed-on: https://pdfium-review.googlesource.com/5970
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: Id816174391ee3a5612fb22df0b4c15fb3112cc8d
Reviewed-on: https://pdfium-review.googlesource.com/5954
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
