Age | Commit message (Collapse) | Author |
|
When reading in a BMP, after processing the header, make sure that
there is enough data remaining in the source before proceeding. If not
signal that the BMP is improperly formatted.
BUG=chromium:738635
Change-Id: I506bc0e6db7dcd4b5984fd91a1f39516320a2037
Reviewed-on: https://pdfium-review.googlesource.com/7280
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
They are allocated with |opj_malloc| (which is just |malloc|), but we were
freeing them with |FX_Free|. But |FX_Free| recently changed to be
|PartitionFree|.
This is probably not the right ultimate fix, but it should solve the
high-occurence crash we're seeing in the short term.
BUG=chromium:737033
Change-Id: Ia162fe4e39731bd774d3eccb2357d9add26aa079
Reviewed-on: https://pdfium-review.googlesource.com/7230
Commit-Queue: Chris Palmer <palmer@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This is unused except for being a pathway for indirect deps.
Change-Id: I717290235ccbc59429ad24231033382958e2a086
Reviewed-on: https://pdfium-review.googlesource.com/6910
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
|
|
This CL replaces raw pointers with vector and unique_ptr. It also fixes
other nits.
Change-Id: I45c99c9aa658681ec3f0b48fc4f407b278b250f5
Reviewed-on: https://pdfium-review.googlesource.com/6830
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This CL fixes some nits in fpdf_parser_decode, especially avoiding non-const
reference parameters.
Change-Id: Ibb914850afd924bb398f886ac862f7589519ef7e
Reviewed-on: https://pdfium-review.googlesource.com/6750
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I8a17739538a9ecd63d713007550177579c0b72f0
Reviewed-on: https://pdfium-review.googlesource.com/6731
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The out_row_buffer of BMPDecompressor is made a vector. This forces the
class to have constructor/destructor. Some other members were changed
to be of size_t instead of int32_t.
Change-Id: I3f70b0322dcee2ddf9a00da7962b43f3415ba545
Reviewed-on: https://pdfium-review.googlesource.com/6691
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I64e32fc9226f57e1c9adff7809fabc6cd56e7a8f
Reviewed-on: https://pdfium-review.googlesource.com/6611
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL creates BMPDecompressor from a struct and moves into this class
many methods which naturally belong to it.
Change-Id: I042fac9b48d0b732ee9e43fbeb0eec6b52007dab
Reviewed-on: https://pdfium-review.googlesource.com/6511
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The pal_num member of bmp_ptr indicates the number of color indices
used by the bitmap. This CL returns an error when an invalid index is
found, since otherwise a heap-buffer-overflow can occur since the size
of m_pSrcPalette is calculated based on pal_num.
Bug: chromium:616670
Change-Id: I397958704bed1aa1ae259016ffd5033c07a801ee
Reviewed-on: https://pdfium-review.googlesource.com/6470
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
If the prec value in syncc444_to_rgb is more then 30 then when we shift
left we'll go negative. The subsequent -1 will cause an overflow. This
CL early returns if the prec value is > 30.
Bug: chromium:728321
Change-Id: I4d25e9bab840bc6d46f8db3490c9484392cd7a32
Reviewed-on: https://pdfium-review.googlesource.com/6414
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I4deaf8ca946c2dcb6842c5702b02eed1c22b1201
Reviewed-on: https://pdfium-review.googlesource.com/6191
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Introduce a base CCodec_GifModule::Context class with a virtual
destructor so holders of unique_ptr's to these can delete them
without actually having any knowledge of the implementation
details of the context.
Bug: 728669
Change-Id: Ia50f94300924a1053c326984eac3b03f25f1b83c
Reviewed-on: https://pdfium-review.googlesource.com/6190
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: Ief386ce0d3887cc2876ce4b430f657b7462e3277
Reviewed-on: https://pdfium-review.googlesource.com/6170
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
The module class itself is already stateless.
Clean up context in its dtor.
Change-Id: Icbab7b23ec9d3ceb773b74383056c12b61a38907
Reviewed-on: https://pdfium-review.googlesource.com/6151
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Rename FXPNG_Context and use unowned ptr. Clean up context
in its dtor. Then create and destroy using |new|.
Change-Id: I7b66e6d0da50a16d3b8d5108ffd931bb01145892
Reviewed-on: https://pdfium-review.googlesource.com/6152
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This avoids a stale delegate pointer issue in the module. In theory,
it should also allow for multiple decodes at the same time from
different contexts within the same module, but this isn't used.
Rename associated context, and use |new| to create it. Along the
way, resolve a subtle FX_Alloc() vs. user-supplied callback
free() issue, and remove supporting code.
Bug: 728323
Change-Id: I7bb66bb5d5b4fa173bec2b445a8e71ab691fdf5c
Reviewed-on: https://pdfium-review.googlesource.com/6133
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I8e31305dcf888665cb0656ac518f07541566b177
Reviewed-on: https://pdfium-review.googlesource.com/6084
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Workaround for murky ownership. Note the member will now get cleared
as a consequence of Release()
Bug: 726887
Change-Id: I3eac3d1aa915497f66a57c5effa892a15d10f583
Reviewed-on: https://pdfium-review.googlesource.com/6079
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
It's passed everywhere it is needed, and there's no reason to
believe that any specific instance will outlive the context.
Bug: 727245
Change-Id: Ie902d02fc668fb5c21adb9c4d8eb329008f3a665
Reviewed-on: https://pdfium-review.googlesource.com/6078
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Avoids the possibility of having a stale pointer in the context.
Bug: 726653
Change-Id: I8b41d2ab04e7ab07e694431b53491b3d0861e4ee
Reviewed-on: https://pdfium-review.googlesource.com/6074
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Avoid holding a stale pointer to it in CJBig2_GRDProc.
Bug: 726732
Change-Id: Ia3797a3e087f61bd2126f867fd5a282e873de5bc
Reviewed-on: https://pdfium-review.googlesource.com/6050
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3
Reviewed-on: https://pdfium-review.googlesource.com/5970
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: Id816174391ee3a5612fb22df0b4c15fb3112cc8d
Reviewed-on: https://pdfium-review.googlesource.com/5954
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Sed + minimal conversions to compile, including moving some
constructors into the .cpp file. Any that caused ASAN issues
during the tests were omitted rather than trying to resolve
the underlying issue.
Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335
Reviewed-on: https://pdfium-review.googlesource.com/5891
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
In a way similar to the existing USE_SYSTEM_ZLIB. The default is of course
still the bundled lcms2.
Change-Id: I219b50854b3c7870b0f4d94574ba39f6cb26f556
Reviewed-on: https://pdfium-review.googlesource.com/5870
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
The Gif module is only using the longjmp as a way to catch errors, so this CL
makes it use GifDecodeStatus::Error instead.
Change-Id: I9c97e63ed851d2a80e38f1d2cd9e8f297d608cb2
Reviewed-on: https://pdfium-review.googlesource.com/5850
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I88466943171f19259f84add69679741d44c8e123
Reviewed-on: https://pdfium-review.googlesource.com/5551
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
More straight forward than CFX_GEModule owning in and CPDF_ModuleMgr
holding a pointer to it.
Remove assumptions that the codec modules may return nullptr, and do
IWYU.
Change-Id: Iba7fc3c7ec223fd6d29a1ab74ed13d35689bc5d5
Reviewed-on: https://pdfium-review.googlesource.com/5654
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL adds some checks to make sure the DecodeString method does not go out
out control:
If code is equal to code_table[code].prefix, it will try to loop forever.
Even if that's not the case, avoid reading a negative position from the stack.
Bug: chromium:722672
Change-Id: I638f91542ba21f3a9915198fef853cc3cf94f4f1
Reviewed-on: https://pdfium-review.googlesource.com/5513
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
From the Gif spec:
'The output codes are of variable length, starting at <code size>+1 bits per
code, up to 12 bits per code. This defines a maximum code value of 4095
(0xFFF).'
'Because the LZW compression used for GIF creates a series of variable length
codes, of between 3 and 12 bits each'
Bug: chromium:722115
Change-Id: Ic9cff99e6012195a6b5173693b029dc710285688
Reviewed-on: https://pdfium-review.googlesource.com/5490
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL fixes a leak that can be caused by a longjmp in ErrorData. The method
is renamed to express the fact that it includes such, and a followup should
remove the jmps altogether.
Bug: chromium:721488
Change-Id: Iefcc82a77a30ff77b7973b05611440a8d5bf275e
Reviewed-on: https://pdfium-review.googlesource.com/5450
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I60c9cbd83ff9e7a30a5a570a6ad1cf8f52360c07
Reviewed-on: https://pdfium-review.googlesource.com/5410
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Before, all pointers were being initialized to 0. After raw pointers were
changed to vectors, data() was used in some cases, but now no longer returns
nullptr when it is supposed to. This CL fixes that.
Bug: chromium:721417
Change-Id: Ia31b75b18dc17d7eed48538145fe5d0d59668843
Reviewed-on: https://pdfium-review.googlesource.com/5353
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: I9754da8d1bf54b328761ac9d83fcc4a3518b4a73
Reviewed-on: https://pdfium-review.googlesource.com/5230
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL changes the tag_gif_decompress_struct into CGifDecompressor. It cleans
up a bunch of unnecessary function pointers and starts cleaning up the members
of the new class.
Change-Id: Id49cd8f5377dc8daaa15118551dadad4ddde7931
Reviewed-on: https://pdfium-review.googlesource.com/5170
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: I9306afed2747e3b0054adeea1d39916cac47f5c5
Reviewed-on: https://pdfium-review.googlesource.com/5091
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
In a way similar to the existing USE_SYSTEM_LIBJPEG. The default is of
course still the DEPS-based zlib checkout.
Changes in v2:
1) Since Chromium doesn't have //third_party:zlib (AKA a "zlib" target in
//third_party/BUILD.GN) all the targets that depended on //third_party:zlib now
depend on third_party:zlib, which always points to PDFium's
third_party/BUILD.GN. The targets that depended on //third_party:zlib in
third_party/BUILD.GN just depend on :zlib instead.
2) Move the zlib bits out of !build_with_chromium block.
Change-Id: Id73eb07591418ff2ae71b83b87c18af71b49a22a
Reviewed-on: https://pdfium-review.googlesource.com/5030
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Remove IFX_Pause parameters which are passed but not used.
Change-Id: I51a491c7f9a429676d114a387390fac3ae65e187
Reviewed-on: https://pdfium-review.googlesource.com/4950
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The IFX_Pause param is stored but never used. Remove.
Change-Id: I9e5298fc05c6d408873b7bee307a76dcf3d2d4da
Reviewed-on: https://pdfium-review.googlesource.com/4931
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Remove more IFX_Pause parameters which are not used.
Change-Id: I9d10bb6b28d6d4d94ec3c4241b1c5a8a0709264c
Reviewed-on: https://pdfium-review.googlesource.com/4875
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: If37147f513a87bafb3299a493393a6bc44165dbe
Reviewed-on: https://pdfium-review.googlesource.com/4811
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: I7d2d731b8b18d315b5587e1d0d9737c08cbcdead
Reviewed-on: https://pdfium-review.googlesource.com/4710
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Only use code_end to finish the decoding. Remove ASSERT from DecodeString since
it may be triggered. The following if statement handles that case anyways.
Bug: pdfium:707
Change-Id: Id6ec3c66d0e43c46308b4c3416da6c482ceafc69
Reviewed-on: https://pdfium-review.googlesource.com/4670
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: I13b43ceafc6a35bcc1e366546a4a408ea01fe4ab
Reviewed-on: https://pdfium-review.googlesource.com/4534
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
They are only implemented in one way, and the layering does not
required an interface here.
Change-Id: Id87591ca237fb66dbfc5aa62b4cc11c2464f5ffa
Reviewed-on: https://pdfium-review.googlesource.com/4496
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This reverts commit 36c5b170e722362d4b5f7cb6e4e0099ed227a307.
Reason for revert: This appears to be blocking the roll into Chromium.
https://chromium-review.googlesource.com/c/476165/
Original change's description:
> core: allow building against system zlib
>
> In a way similar to the existing USE_SYSTEM_LIBJPEG. The default is of
> course still the DEPS-based zlib checkout.
>
> Change-Id: I649e75beb1a19c4cf7abda42fa10ebe5babfe946
> Reviewed-on: https://pdfium-review.googlesource.com/4070
> Reviewed-by: Lei Zhang <thestig@chromium.org>
> Commit-Queue: Lei Zhang <thestig@chromium.org>
>
TBR=thestig@chromium.org,dsinclair@chromium.org,npm@chromium.org,vmiklos@collabora.co.uk,pdfium-reviews@googlegroups.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I1ee6fb002f444ff9b559ce6a69679e63de7ff9cc
Reviewed-on: https://pdfium-review.googlesource.com/4393
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL cleans up the fx_extension file. The stream code was moved to
fx_stream. IFX_FileAccess was removed and CFX_CRTFileAccess split to its
own file. Code shuffled from header to cpp file.
Change-Id: I700fdfcc9797cf4e8050cd9ba010ad8854feefbf
Reviewed-on: https://pdfium-review.googlesource.com/4371
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Upstream commit:
https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
Bug: chromium:711638
Change-Id: I46de1a00f9bb8d5de8df64ec78a9d62dcb4352ed
Reviewed-on: https://pdfium-review.googlesource.com/4310
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
In a way similar to the existing USE_SYSTEM_LIBJPEG. The default is of
course still the DEPS-based zlib checkout.
Change-Id: I649e75beb1a19c4cf7abda42fa10ebe5babfe946
Reviewed-on: https://pdfium-review.googlesource.com/4070
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|