Age | Commit message (Collapse) | Author |
|
In the case that the low level LZW decoder has indicated insufficient
destination size, if another call to decode returns this status after
adjusting the destination size, consider it an error. Subsequent
iterations will not return a larger destination size, since the
expected row size doesn't change, so the code will just loop
infinitely, trying to decode a too large row.
BUG=pdfium:1059
Change-Id: I14c8cee721fa77d8aab5e99deff9406490f01468
Reviewed-on: https://pdfium-review.googlesource.com/30452
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
It is set in a couple of places, but the value is never used
for any purpose.
Change-Id: I6fc0839bc14b21ee8217fcb3eadf6c252ad67aa7
Reviewed-on: https://pdfium-review.googlesource.com/30330
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
This might make the memory tools more effective in finding OOBs.
Change-Id: Id093bb0a88c37954c80d612ac00b5a168e75bdbf
Reviewed-on: https://pdfium-review.googlesource.com/29550
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I94412dd183535c18f4421b465f64870b44ad230d
Reviewed-on: https://pdfium-review.googlesource.com/28971
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Destination variables usually have "dest" or "dst" as the prefix.
Change-Id: If5bb01a5eafe1e4b42d1a6d653abb1b444b1b2fa
Reviewed-on: https://pdfium-review.googlesource.com/28970
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Helper functions make getting the bpp and component count more readable.
Change-Id: Ie0f97d52136d11ef5251f6e22748e87aea289ae1
Reviewed-on: https://pdfium-review.googlesource.com/28572
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
|
|
This CL renames the 3 IFX files in core/fxcrt to Iface instead.
Change-Id: I7cee6836650b71bc5c5729a8147fda62f0910fe3
Reviewed-on: https://pdfium-review.googlesource.com/27970
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: Ic1260417e7d1475dd518655b2ab08f0184955d88
Reviewed-on: https://pdfium-review.googlesource.com/27170
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Get things out of the .data section.
Change-Id: I375cf00186a3d5d8d10f5d147bd4b692f5db3683
Reviewed-on: https://pdfium-review.googlesource.com/27130
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I1fd4bf85cd709de1c14ed2895d045018f79bc61f
Reviewed-on: https://pdfium-review.googlesource.com/26950
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
|
|
BUG=chromium:811733
Change-Id: Idce50b8ea4ca06fc77d5b3931557cd1d6fe48bd5
Reviewed-on: https://pdfium-review.googlesource.com/26710
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
Currently the BMP decompressor doesn't verify the
returned data length was the amount requested. This
means we may end up with part of our structure
uninitialized if we didn't copy in enough data.
This CL verifies the length of data copied is the
size we require.
BUG=chromium:811853
Change-Id: I20e0e9b3ff1176a620fcb38c3c7e585848b7e428
Reviewed-on: https://pdfium-review.googlesource.com/26850
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This changes the return value from uint32_t to FX_FILESIZE, which is
the type the methods is uses return. The existing code does an
unguarded static cast, so something like -1 could cause a very large
value being returned.
This change has a cascading impact up to the top of the progressive
codec, which now has to handle negative values gracefully.
Change-Id: I813fb71e932dd5da014dbaed0dbf3bb28f8d4e9f
Reviewed-on: https://pdfium-review.googlesource.com/26450
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Bug: 808902
Change-Id: Iad5ab63eeedc3ea85001337ba73626178c71f8b8
Reviewed-on: https://pdfium-review.googlesource.com/26470
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
|
|
This also adds a Seek method to CFX_MemoryStream
BUG=pdfium:1007
Change-Id: I2c7e1d3b6d8aff36e302014cb2e8ffc0f23ef7c4
Reviewed-on: https://pdfium-review.googlesource.com/26230
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Do some additional checks in test cases where pages were rendered but
the resulting bitmap was immediately destroyed.
Change-Id: I2f4678140cdc672ab4ced70f748135464447ff59
Reviewed-on: https://pdfium-review.googlesource.com/25510
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Add replacement methods that make themselves clear as to what they are
rendering, and return unique_ptrs to help prevent leakage. Mark existing
methods deprecated.
Change-Id: I9055407e614dfbe765428fb32a7da64df3418d1d
Reviewed-on: https://pdfium-review.googlesource.com/25470
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
When a very large, bogus value, was being passed in for the number of
bytes to read, this could cause an overflow in the check for if there
is data available.
BUG=chromium:809824
Change-Id: I54af6655b61d39275f3ae6fabb27be2bee3fef05
Reviewed-on: https://pdfium-review.googlesource.com/25871
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
BUG=pdfium:1006
Change-Id: I84d2a13ac7b24e7f2f5cba8765d6433860241b58
Reviewed-on: https://pdfium-review.googlesource.com/25710
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
BUG=chromium:808336
Change-Id: I84443a00e2ebaf0a1e8590464486ec92bcb0e3b5
Reviewed-on: https://pdfium-review.googlesource.com/25690
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
BUG=chromium:808336
Change-Id: I3201805a374b5403149eca701714ef4369a2e337
Reviewed-on: https://pdfium-review.googlesource.com/25630
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
BMPDecompressor -> CFX_BmpDecompressor
CBmpContext -> CFX_BmpContext
BUG=chromium:808336
Change-Id: If8ef5294171e3619ae1d7c5175ddf23b7673ec78
Reviewed-on: https://pdfium-review.googlesource.com/25611
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
BUG=chromium:808336
Change-Id: Id721787dd77d1bcac6daf6e3c149f79e8d1d9fe4
Reviewed-on: https://pdfium-review.googlesource.com/25610
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
Currently there is no indication in the name of it being a member
variable and the capitalization is inconsistent. This CL brings them
all into line with Chromium style.
BUG=chromium:808336
Change-Id: Iaed0272b69350f316371a67eb513934a0169f451
Reviewed-on: https://pdfium-review.googlesource.com/25430
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
Bug: chromium:802094
Change-Id: I99d2d75cd431afe1cdb966e1431143ab43dd9a73
Reviewed-on: https://pdfium-review.googlesource.com/24730
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
|
|
Bug: chromium:797726
Change-Id: Ib13d5a4a78de462f1257f1103728f2a4111cb916
Reviewed-on: https://pdfium-review.googlesource.com/24510
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
|
|
This reverts commit 77d8ed02c7e97471ceccee5abbabeb2fdea413c7.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> Revert "Use UnownedPtr instead of T* in MaybeOwned."
>
> This reverts commit e563e8352139e4852a955e319023b09f2844aee9.
>
> Reason for revert: <INSERT REASONING HERE>
>
> Original change's description:
> > Use UnownedPtr instead of T* in MaybeOwned.
> >
> > Always check the liftime in the unowned case. Doing so unearthed
> > the following issues:
> >
> > Transient lifetime issue in jbig2_image when doing realloc().
> > Stale (but unused) dictionary pointer in CPDF_Image.
> > Destruction order in error branch in cpdf_dibsource.cpp
> >
> > Change-Id: I12b758aafeefedc7abe1e8b21a18db959929e95f
> > Reviewed-on: https://pdfium-review.googlesource.com/24552
> > Commit-Queue: Tom Sepez <tsepez@chromium.org>
> > Reviewed-by: dsinclair <dsinclair@chromium.org>
>
> TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org
>
> Change-Id: I3c56ee6ab502da90e3adb7507dbc8cc92f090140
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://pdfium-review.googlesource.com/24670
> Reviewed-by: Tom Sepez <tsepez@chromium.org>
> Commit-Queue: Tom Sepez <tsepez@chromium.org>
TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org
Change-Id: I0ccbbeab8be6cadc9b3a5bfefe2aca733654342f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://pdfium-review.googlesource.com/24671
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
This reverts commit e563e8352139e4852a955e319023b09f2844aee9.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> Use UnownedPtr instead of T* in MaybeOwned.
>
> Always check the liftime in the unowned case. Doing so unearthed
> the following issues:
>
> Transient lifetime issue in jbig2_image when doing realloc().
> Stale (but unused) dictionary pointer in CPDF_Image.
> Destruction order in error branch in cpdf_dibsource.cpp
>
> Change-Id: I12b758aafeefedc7abe1e8b21a18db959929e95f
> Reviewed-on: https://pdfium-review.googlesource.com/24552
> Commit-Queue: Tom Sepez <tsepez@chromium.org>
> Reviewed-by: dsinclair <dsinclair@chromium.org>
TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org
Change-Id: I3c56ee6ab502da90e3adb7507dbc8cc92f090140
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://pdfium-review.googlesource.com/24670
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Always check the liftime in the unowned case. Doing so unearthed
the following issues:
Transient lifetime issue in jbig2_image when doing realloc().
Stale (but unused) dictionary pointer in CPDF_Image.
Destruction order in error branch in cpdf_dibsource.cpp
Change-Id: I12b758aafeefedc7abe1e8b21a18db959929e95f
Reviewed-on: https://pdfium-review.googlesource.com/24552
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
BUG=chromium:805881
Change-Id: I3b4914325833c859285a4af1f6e326872cbf1b18
Reviewed-on: https://pdfium-review.googlesource.com/24091
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
BUG=chromium:805881
Change-Id: I91266367296218998d011dd5f62e0b4c6df291a3
Reviewed-on: https://pdfium-review.googlesource.com/24070
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
|
|
The guard being removed was moved lower down in the code, but it
appears the original creeped back in while I was rebasing at some
point. This is causing clusterfuzz failures.
BUG=chromium:803732,chromium:803735
Change-Id: I5bcc6046e64d6060a674f390e243dd8eda9d1d17
Reviewed-on: https://pdfium-review.googlesource.com/23250
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
BUG=chromium:802983
Change-Id: I866ece9c370bf05571b76b50ad23598f5038332b
Reviewed-on: https://pdfium-review.googlesource.com/23151
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: Ifabaf71bb45ffa7e9af7da4acb21d8757e9596ce
Reviewed-on: https://pdfium-review.googlesource.com/23150
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Refactoring the big image format switch in ContinueDecode to call
separate methods for each image format, instead of having one giant
switch block. This should have no functional changes.
BUG=pdfium:976
Change-Id: Ide4892526ee823023c233f0e43b1c98ac8bd1477
Reviewed-on: https://pdfium-review.googlesource.com/23134
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
Refactoring the big image format switch in StartDecode to call
separate methods for each image format, instead of having one giant
switch block. This should have no functional changes.
BUG=pdfium:976
Change-Id: I4e609ecaec0c5d0e173957c0795555b37c38f9a2
Reviewed-on: https://pdfium-review.googlesource.com/23131
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Refactoring the big image format switch in DetectImageType to call
separate methods for each image format, instead of having one giant
switch block. This should have no functional changes.
BUG=pdfium:976
Change-Id: I52cc83879da20b33d471420016f6b1eb53993f0b
Reviewed-on: https://pdfium-review.googlesource.com/23130
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
By catching this early we are now actually returning the wrong
value. The bad value should be passed into the jpeg library code,
which will cause a fatal error and jump out to the common error
handling code for this method.
BUG=pdfium:986
Change-Id: Ib3d32939aa38aece887c014c3a477407ee178193
Reviewed-on: https://pdfium-review.googlesource.com/23119
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This moves the setjmps needed for handling fatal errors in the jpeg
library up a level to be in line with how other instances of this are
being modified. This additionally reduces the number of times that
setjmp needs to be called and documents why it is occurring.
This covers the Start and ReadScanLine methods. It also adds in
setting the error member, which had been missed in previous CLs.
BUG=pdfium:986
Change-Id: I7db87288ffe0ee8b29899d97035c30ad812da76a
Reviewed-on: https://pdfium-review.googlesource.com/23117
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
This move the setjmp needed for handling fatal errors in the jpeg
library up a level to be in line with how other instances of this are
being modified. This additionally reduces the number of times that
setjmp needs to be called and documents why it is occuring.
BUG=pdfium:986
Change-Id: Ia57821e1ce65aae811618effb3f2fa6256e1ab8c
Reviewed-on: https://pdfium-review.googlesource.com/23115
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
The current implementation treats both returning false and longjmp'ing
out of jpeg_start_decompress as indicating that the decompression has
paused and needs more data. This is incorrect, in reality only the
false return value indicates this. The longjmp path indicates a fatal
error in the processing of the jpeg. The default implementation
actually calls exit() in this case, and the documentation explicitly
calls out that in this case recovery isn't possible and the decode
process will have to start from scratch.
This resolves a situation where the progressive decoder would get a
malformed jpeg and keep on grabbing blocks from it and try to start
decoding it. This would eventually fail when it ran out of data to
read, but would cause a large memory leak and a crash on the MSAN
fuzzers.
BUG=pdfium:986,chromium:798665
Change-Id: Ifd2ed7a2dc46fa20bab34e9c461a8d4c4718c4d7
Reviewed-on: https://pdfium-review.googlesource.com/23072
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
This reverts commit dca380ffe0571be4023b11b06b8aecad9934bb06.
Reason for revert: Causes missing text in a user's PDF
Original change's description:
> Check for success of decodes to avoid infinite loops
>
> Bug: 790693
> Change-Id: I9b1d87e024229d8b01f55ec554e2cc544db6ac06
> Reviewed-on: https://pdfium-review.googlesource.com/20230
> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
TBR=npm@chromium.org,hnakashima@chromium.org,rharrison@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: 790693
Change-Id: I886b14e120c34da757a96f8a1f9c6a081d8326b6
Reviewed-on: https://pdfium-review.googlesource.com/22950
Reviewed-by: Nicolás Peña Moreno <npm@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
|
|
Change-Id: I8edb14c024860c66b5e6c014136393e71e38387d
Reviewed-on: https://pdfium-review.googlesource.com/21570
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Add LoadAllDataFiltered() and LoadAllDataRaw() and update callers.
Change-Id: I9b80ee34a358db204968acdc8b1adc9db0b6b83f
Reviewed-on: https://pdfium-review.googlesource.com/20810
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
|
|
Change-Id: I3efc57cd7325d16e3ca8ebdeeaec06012b2c56e3
Reviewed-on: https://pdfium-review.googlesource.com/20110
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Bug: 790693
Change-Id: I9b1d87e024229d8b01f55ec554e2cc544db6ac06
Reviewed-on: https://pdfium-review.googlesource.com/20230
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
|
|
In this CL we prevent integer overflow by checking that the integers are
in the appropriate range before casting from unsigned to signed.
Bug: 789524
Change-Id: I41572849f18ffb0f0739c80130ee6b5061845d29
Reviewed-on: https://pdfium-review.googlesource.com/20011
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
|
|
Bug:
Change-Id: I0c930ca30637f58af3b60ed8f1383bd9234a1723
Reviewed-on: https://pdfium-review.googlesource.com/19850
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Bug: pdfium:774
Change-Id: Ie7674ac55dea6284a0d974cef107ef357197a06b
Reviewed-on: https://pdfium-review.googlesource.com/19610
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
|
|
This CL removes the CollectionSize and updates call locations as needed.
Bug: pdfium:774
Change-Id: I813c500b3a17a194407ceb1304252b9b16fe1779
Reviewed-on: https://pdfium-review.googlesource.com/19590
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
|