summaryrefslogtreecommitdiff
path: root/core/fxcodec
AgeCommit message (Collapse)Author
2018-05-04Check CJBig2_Image is valid before filling.chromium/3423chromium/3422chromium/3421Lei Zhang
Skip a lot of work that will all fail anyway. BUG=chromium:838347 Change-Id: Iba45120e436b5547e106feb27dadea92cc948258 Reviewed-on: https://pdfium-review.googlesource.com/32053 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-05-03Invalidate GIF input buffer when moving file cursor backwardschromium/3420chromium/3419Ryan Harrison
The current implementation of the GIF codec does not handle the file cursor moving backwards correctly. Specifically the input buffer that the data is being read into is not invalidated, so if the entirity of the buffer hasn't been consumed, a chunk of it will be moved to the front before reading in more data, which is just incorrect. Additionally, depending on the specific series of operations, it is possible that the buffer was allocated for more space then had been read into it and the uninitialized portion at the end is being copied to the beginning. The file cursor may move backwards when dealing with an animated gif or other image with multiple frames, since all of the control data is read in on load, and future calls specify what frame to fetch. The code has been changed to treat the input buffer as invalid when moving the cursor to a frame location, which will bypass any of the problematic unused saving behaviour. A call to std::min has been added to prevent allocation of an input buffer larger then the file size. Additionally this CL refactors GifReadMoreData to be clearer about what calculations are occuring, since the existing code reuses a number of vaguely named variables, making it difficult to follow. BUG=chromium:839348, chromium:839361 Change-Id: I2865658187bdf30bcad13ef4cac4f51a8966db11 Reviewed-on: https://pdfium-review.googlesource.com/32054 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-05-02Convert hand rolled buffer reader in CFX_MemoryStreamRyan Harrison
BUG=pdfium:1007 Change-Id: Ib8aecf2e4833f22a4288f6e1381edc11d114c865 Reviewed-on: https://pdfium-review.googlesource.com/31952 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2018-05-02Make several Huffman decoders consistently check for integer overflows.Lei Zhang
BUG=chromium:837972 Change-Id: I6cfa28bff38870419e4b1e2bced427cfcbf843cd Reviewed-on: https://pdfium-review.googlesource.com/31912 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-05-01Add struct CJBig2_GRDProc::ProgressiveArithDecodeState.Lei Zhang
Track the decode state in one data structure. Also grab pointers to data structure members before tight loops when decoding. It turns out referring to this->foo in tight loops can actually slow down decoding. Change-Id: I6a09b08ca06ef05968966055b5ad20f8c89896af Reviewed-on: https://pdfium-review.googlesource.com/31790 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-05-01Clean up CJBig2_Image compose methods.Lei Zhang
- Mark them private when possible. - Disambiguate method names. - Make method names match the style guide. - Pass in rects by reference. Change-Id: I0bf848756e81a92d20e46a81cd6260b660eaf482 Reviewed-on: https://pdfium-review.googlesource.com/31772 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-27Tidy cfx_gif.h.chromium/3415chromium/3414chromium/3413Tom Sepez
Use C++ style struct syntax (file already has other C++ features). Assert that things have packed as intended since they map to known layouts. Order these asserts in the same order as .h file. Change-Id: I0a006c4b5789fb544783f488d5b4e609e32c7ec1 Reviewed-on: https://pdfium-review.googlesource.com/31654 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-04-27Remove CJBig2_HuffmanTable::InitCodes().Lei Zhang
Use CJBig2_Context::HuffmanAssignCode() instead. Change-Id: Ief187420494a8cefa26eeedb98a55683caf7807b Reviewed-on: https://pdfium-review.googlesource.com/31538 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2018-04-27Replace void* with CFX_GifPalette* in fxcodecTom Sepez
The type is known where we need it, and we avoid some dubious casts in the process. Also avoid clumsy indexing and use the members directly in computations. Bug: pdfium:243 Change-Id: I1e061465fd0f9045cf5b82067204f26ac7df53f0 Reviewed-on: https://pdfium-review.googlesource.com/31651 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-04-27Change CJBig2_HuffmanTable to use struct JBig2HuffmanCode.Lei Zhang
Change-Id: I6461f81a3d8005efa75b8141c18c502a63252883 Reviewed-on: https://pdfium-review.googlesource.com/31537 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2018-04-27Adjust CJBig2_Context::HuffmanAssignCode().Lei Zhang
It looks a lot like CJBig2_HuffmanTable::InitCodes(). Port over the UBSAN error fix from commit 76c9a1b1. BUG=chromium:709781 Change-Id: I5d2f8fb013c09099c82b0565627b77e4fb0f8a98 Reviewed-on: https://pdfium-review.googlesource.com/31536 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2018-04-27Simplify CJBig2_Context::DecodeSymbolIDHuffmanTable().Lei Zhang
One of its parameters is a member variable. Change-Id: I0dcb78275d9ea5b05a77e211d178a0efb8699395 Reviewed-on: https://pdfium-review.googlesource.com/31535 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2018-04-27Use std::function in CJBig2_GRDProc.Lei Zhang
Pick from a set of functions before calling it, instead of having code to call all of the functions with the same parameters. Change-Id: I7f479948f50bdc1a9eb2764d5eb7505dc7434418 Reviewed-on: https://pdfium-review.googlesource.com/31533 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-27Disambiguate methods in CJBig2_GRDProc.Lei Zhang
Also remove method parameters that always refer to the same member variables. Change-Id: I9751d63895cc59e5280283795e39b50fd42eef94 Reviewed-on: https://pdfium-review.googlesource.com/31532 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-04-27Simplify CJBig2_Context::FindReferredSegmentByTypeAndIndex().Lei Zhang
It only looks for a single segment type. Change-Id: I83457c6f74c210299caec79a563e7876f4d1d9ea Reviewed-on: https://pdfium-review.googlesource.com/31534 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2018-04-27Fix style for many jbig2 methods.chromium/3412Lei Zhang
Change-Id: Ie700e132f13f2cb4851ea59b68c891e3c42af243 Reviewed-on: https://pdfium-review.googlesource.com/31531 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-27Add CJBig2_Image::IsValidImageSize() helper method.Lei Zhang
Change-Id: Ic2acd6f03b9b2e52b3d94d7579d5dc36c8e62c96 Reviewed-on: https://pdfium-review.googlesource.com/31530 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-27Sanitize another image size in CJBig2_Context::parseHalftoneRegion().Lei Zhang
BUG=chromium:836872 Change-Id: I0362fd7708043648bffa26c9248b401ea2793a21 Reviewed-on: https://pdfium-review.googlesource.com/31510 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-27Sanitize the SBNUMINSTANCES value in the JBIG2 decoder.Lei Zhang
BUG=chromium:837192 Change-Id: Ib9c0e7b4aeb6501e81308844d344a784f7c138d8 Reviewed-on: https://pdfium-review.googlesource.com/31490 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-25Replace reinterpret_cast with static_cast where possibleTom Sepez
Change-Id: Ic62f1def8e043494c9fa6c08a937d7d872513567 Reviewed-on: https://pdfium-review.googlesource.com/31314 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2018-04-25Don't store CE (comment extension) block data when decoding GIFRyan Harrison
GIF extensions are laid out as follows: <size byte> <chunk of data> <size byte> <chunk of data> ... <terminator byte>. The decoder needs to scan along the data, finding the size bytes to determine where the block ends in the stream, even if we don't care about the content. Currently the decoder is storing all of the data chunks, which are never used and take a lot of time to concat together if they are very small. Our implementation of the GIF spec does not handle this extension, so when scanning for the end of the block, just don't bother storing data from it. BUG=chromium:833168 Change-Id: Iadf3ab3afd8145b6c5c7c22c30fe9316efcafc15 Reviewed-on: https://pdfium-review.googlesource.com/31315 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-04-25Use a bool in FindBit() in the fax codec.Lei Zhang
Change-Id: If75c0db94d341715e0bc6406f0fd89812f1ea73c Reviewed-on: https://pdfium-review.googlesource.com/31311 Commit-Queue: Lei Zhang <thestig@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-25Use PredictorType in more places.Lei Zhang
Change-Id: Ifbacab2868232a5597ef782fb24a749ebb4871bf Reviewed-on: https://pdfium-review.googlesource.com/31270 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-25Clean up CCodec_FlateScanlineDecoder.Lei Zhang
- Merge Create() with the ctor. - Initialize all member variables and mark them const when possible. - Add an enum class for the predictor type. - Move it into an anonymous namespace. Change-Id: If7bb62ddf4a4e00ec2d02355e7c178028a7c187c Reviewed-on: https://pdfium-review.googlesource.com/31233 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-25Introduce ScopedFPDF types in public/cpp/fpdf_scopers.hTom Sepez
Applies std::remove_ptr to the public API types so that we can deduce a correct unique ptr type no matter how that API might change away from void* usage. Creates shorter names for std::unique_ptr<std::remove_pointer<>, ...> Change-Id: I04a0ff43cb7d5a4d3867939a53a54c9cef00db86 Reviewed-on: https://pdfium-review.googlesource.com/31292 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-04-25Remove unused PNGEncode() code.Lei Zhang
BUG=pdfium:41 Change-Id: I98070a5a6c88a0769f2b571eae4fe62092f7dfcd Reviewed-on: https://pdfium-review.googlesource.com/31232 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-04-23Add more image size checks in CJBig2_Context.Lei Zhang
BUG=chromium:834557 Change-Id: I8fb8d74f87097b39608c3f83f2fa1c4e49e69980 Reviewed-on: https://pdfium-review.googlesource.com/31170 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-04-16Fix some checks for FX_Realloc() failures.Lei Zhang
FX_Realloc() never fails. So either remove the check or switch to FX_TryRealloc(). Change-Id: I11fd02508add50db900a7502835018c2b61bcd09 Reviewed-on: https://pdfium-review.googlesource.com/30712 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-04-12Fail decode if continuing to get insufficient size errorRyan Harrison
In the case that the low level LZW decoder has indicated insufficient destination size, if another call to decode returns this status after adjusting the destination size, consider it an error. Subsequent iterations will not return a larger destination size, since the expected row size doesn't change, so the code will just loop infinitely, trying to decode a too large row. BUG=pdfium:1059 Change-Id: I14c8cee721fa77d8aab5e99deff9406490f01468 Reviewed-on: https://pdfium-review.googlesource.com/30452 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-04-11Remove CFX_DIBAttribute::m_strAuthorTom Sepez
It is set in a couple of places, but the value is never used for any purpose. Change-Id: I6fc0839bc14b21ee8217fcb3eadf6c252ad67aa7 Reviewed-on: https://pdfium-review.googlesource.com/30330 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-04-03Re-arrange so inline vectors come last in structs.Tom Sepez
This might make the memory tools more effective in finding OOBs. Change-Id: Id093bb0a88c37954c80d612ac00b5a168e75bdbf Reviewed-on: https://pdfium-review.googlesource.com/29550 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-03-21Rename foo_{wid,hei} to foo_{width,height}.Lei Zhang
Change-Id: I94412dd183535c18f4421b465f64870b44ad230d Reviewed-on: https://pdfium-review.googlesource.com/28971 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-03-21Rename "des_foo" to "dest_foo".Lei Zhang
Destination variables usually have "dest" or "dst" as the prefix. Change-Id: If5bb01a5eafe1e4b42d1a6d653abb1b444b1b2fa Reviewed-on: https://pdfium-review.googlesource.com/28970 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-03-21Add helpers to work with FXDIB_Format.Lei Zhang
Helper functions make getting the bpp and component count more readable. Change-Id: Ie0f97d52136d11ef5251f6e22748e87aea289ae1 Reviewed-on: https://pdfium-review.googlesource.com/28572 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2018-03-06Rename core/fxcrt IFX files to IfaceDan Sinclair
This CL renames the 3 IFX files in core/fxcrt to Iface instead. Change-Id: I7cee6836650b71bc5c5729a8147fda62f0910fe3 Reviewed-on: https://pdfium-review.googlesource.com/27970 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2018-02-26Shrink some tables and kill dead code in xfa.Tom Sepez
Change-Id: Ic1260417e7d1475dd518655b2ab08f0184955d88 Reviewed-on: https://pdfium-review.googlesource.com/27170 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2018-02-26Add some more missing consts.chromium/3356Tom Sepez
Get things out of the .data section. Change-Id: I375cf00186a3d5d8d10f5d147bd4b692f5db3683 Reviewed-on: https://pdfium-review.googlesource.com/27130 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2018-02-16Fix fallthroughs in XFA code.chromium/3350Henrique Nakashima
Change-Id: I1fd4bf85cd709de1c14ed2895d045018f79bc61f Reviewed-on: https://pdfium-review.googlesource.com/26950 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2018-02-15Correctly seek when header size is larger then expectedchromium/3349Ryan Harrison
BUG=chromium:811733 Change-Id: Idce50b8ea4ca06fc77d5b3931557cd1d6fe48bd5 Reviewed-on: https://pdfium-review.googlesource.com/26710 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-02-14Check that the request was satisfied in ReadDataRyan Harrison
Currently the BMP decompressor doesn't verify the returned data length was the amount requested. This means we may end up with part of our structure uninitialized if we didn't copy in enough data. This CL verifies the length of data copied is the size we require. BUG=chromium:811853 Change-Id: I20e0e9b3ff1176a620fcb38c3c7e585848b7e428 Reviewed-on: https://pdfium-review.googlesource.com/26850 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2018-02-13Change return value of GetAvailInputRyan Harrison
This changes the return value from uint32_t to FX_FILESIZE, which is the type the methods is uses return. The existing code does an unguarded static cast, so something like -1 could cause a very large value being returned. This change has a cascading impact up to the top of the progressive codec, which now has to handle negative values gracefully. Change-Id: I813fb71e932dd5da014dbaed0dbf3bb28f8d4e9f Reviewed-on: https://pdfium-review.googlesource.com/26450 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-02-12Fix signedness in CJBig2_HuffmanTable, and add overflow checkNicolas Pena
Bug: 808902 Change-Id: Iad5ab63eeedc3ea85001337ba73626178c71f8b8 Reviewed-on: https://pdfium-review.googlesource.com/26470 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2018-02-12Convert CFX_BmpDecompressor to use CFX_MemoryStreamRyan Harrison
This also adds a Seek method to CFX_MemoryStream BUG=pdfium:1007 Change-Id: I2c7e1d3b6d8aff36e302014cb2e8ffc0f23ef7c4 Reviewed-on: https://pdfium-review.googlesource.com/26230 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2018-02-07Remove some deprecated RenderPage method usage.Lei Zhang
Do some additional checks in test cases where pages were rendered but the resulting bitmap was immediately destroyed. Change-Id: I2f4678140cdc672ab4ced70f748135464447ff59 Reviewed-on: https://pdfium-review.googlesource.com/25510 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-02-07Clean up RenderPage methods in EmbedderTest.Lei Zhang
Add replacement methods that make themselves clear as to what they are rendering, and return unique_ptrs to help prevent leakage. Mark existing methods deprecated. Change-Id: I9055407e614dfbe765428fb32a7da64df3418d1d Reviewed-on: https://pdfium-review.googlesource.com/25470 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-02-07Check that request sizes in ReadData don't overflowRyan Harrison
When a very large, bogus value, was being passed in for the number of bytes to read, this could cause an overflow in the check for if there is data available. BUG=chromium:809824 Change-Id: I54af6655b61d39275f3ae6fabb27be2bee3fef05 Reviewed-on: https://pdfium-review.googlesource.com/25871 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-02-06Break unneeded dep on Bmp codec in Gif codecRyan Harrison
BUG=pdfium:1006 Change-Id: I84d2a13ac7b24e7f2f5cba8765d6433860241b58 Reviewed-on: https://pdfium-review.googlesource.com/25710 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-02-06Account for skip size before getting image ifh sizeRyan Harrison
BUG=chromium:808336 Change-Id: I84443a00e2ebaf0a1e8590464486ec92bcb0e3b5 Reviewed-on: https://pdfium-review.googlesource.com/25690 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-02-06Extract classes in fx_bmp.h into their own filesRyan Harrison
BUG=chromium:808336 Change-Id: I3201805a374b5403149eca701714ef4369a2e337 Reviewed-on: https://pdfium-review.googlesource.com/25630 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2018-02-06Convert BMP class name style to match other codecsRyan Harrison
BMPDecompressor -> CFX_BmpDecompressor CBmpContext -> CFX_BmpContext BUG=chromium:808336 Change-Id: If8ef5294171e3619ae1d7c5175ddf23b7673ec78 Reviewed-on: https://pdfium-review.googlesource.com/25611 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>