summaryrefslogtreecommitdiff
path: root/core/fxcodec
AgeCommit message (Collapse)Author
2016-10-13Verify number of ex flags matches number of ex items.dsinclair
Currently the JBig2 decoder can leak subimages in the case where we mark more items in EXFLAGS then we have SDNUMEXSYMS. This Cl checks for this condition and fails the decode if it happens. BUG=chromium:654365 Review-Url: https://codereview.chromium.org/2419553002
2016-10-06Fix assertion failure when decoding malform G4 fax imagechromium/2886chromium/2885chromium/2884kcwu
The position indexes of color elements must be monotonic increasing. Bail out if the decoded index is less or equal to the previous index. BUG=pdfium:615 Review-Url: https://codereview.chromium.org/2398033002
2016-10-06Reject JBig2 Huffman table with too large shift valuekcwu
BUG=chromium:653044 Review-Url: https://codereview.chromium.org/2397783002
2016-10-04Move core/fpdfapi/fpdf_parser to core/fpdfapi/parserdsinclair
BUG=pdfium:603 Review-Url: https://codereview.chromium.org/2392603004
2016-10-04Move core/fpdfapi/fpdf_page to core/fpdfapi/pagedsinclair
BUG=pdfium:603 Review-Url: https://codereview.chromium.org/2386423004
2016-09-29Move core/fxge/include to core/fxgedsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2377393002
2016-09-29Move core/fxcrt/include to core/fxcrtdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2382723003
2016-09-29Move core/fxcodec/codec/include and core/fxcodec/include files updsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2381063002
2016-09-29Move core/fpdfapi/fpdf_parser/include to core/fpdfapi/fpdf_parserdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2383543002
2016-09-29Move core/fpdfapi/fpdf_page/include to core/fpdfapi/fpdf_pagedsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2379033002
2016-09-26Clean up fx_codec_fax.cpp.thestig
Review-Url: https://codereview.chromium.org/2357173005
2016-09-23Bail out on bad width and height in CCodec_FaxDecoder::CreateDecoderkcwu
BUG=648935,649436 Review-Url: https://codereview.chromium.org/2360283004
2016-09-19Remove dead code in CCodec_IccModulekcwu
TEST=build pdfium and chromium BUG=pdfium:599 Review-Url: https://codereview.chromium.org/2355523002
2016-09-19Avoid nullptr access in sycc422_to_rgb and sycc420_to_rgbstackexploit
BUG=648127 Review-Url: https://codereview.chromium.org/2351623002
2016-09-12Verify value of prec before usingdsinclair
The fx_codec_jpx_opj code will attempt to do a 1 << (prec - 1). If the prec value is >=32 then that shift will overflow the int value. This CL adds a check that prec is < 32 before attempting the shift. BUG=chromium:633208 Review-Url: https://codereview.chromium.org/2334823002
2016-09-12change memcpy to memmove for potential nearby addressestracy_jiang
BUG=645186 Review-Url: https://codereview.chromium.org/2326103002
2016-09-12fix some uninitialized variableshong_zhang
BUG=627399 Review-Url: https://codereview.chromium.org/2328003002
2016-08-31Free the GifPlainText object when complete.dsinclair
We allocate the GifPlainText object on line ~685 inside GIF_D_STATUS_EXT_PTE. We cleanup the internal pointers in the gif_destroy_decompress() but we failed to cleanup the pointer itself. This CL frees the allocated pointer once the data is cleaned up. BUG=chromium:638499 Review-Url: https://codereview.chromium.org/2291143003
2016-08-29Skip the channel if there is no data.dsinclair
The JPX decoder needs to verify there is data associated with an image channel before access. This was already done in one side of the if() but seems to be missing from the other. This Cl updates the loop to check the existance of channel data and to continue iteration if none found. BUG=chromium:637232 Review-Url: https://codereview.chromium.org/2291813002
2016-08-29Fix for #618267. Adding a method to determine if multiplication hastracy_jiang
overflow. BUG=618267 Review-Url: https://codereview.chromium.org/2284063002
2016-08-12fix 617135hong_zhang
to fix bug 617135 617135 described an exploit against pdfium using a malformed gif. This fix introduced a couple edge case handling lines to address the OOB issue. BUG= 617135 Review-Url: https://codereview.chromium.org/2230683002
2016-08-08Check if image width or height are zero before proceeding.dsinclair
If the width of the CJBig2_Image is set to 0 then the stride_pixels will be zero and when we divide we'll get a floating point exception. If the width or height are zero then we can exit early without proceeding with the rest of the constructor. BUG=chromium:635008 Review-Url: https://codereview.chromium.org/2222843004
2016-08-02Bound total pixels in JBig2 images to avoid overflows later.tsepez
Also make these private to ensure they aren't modified so as to violate the bounds checks applied at creation time. BUG=633002 Review-Url: https://codereview.chromium.org/2202013002
2016-08-02Verify row bytes before alloc in BMP codec.dsinclair
If the out_row_bytes is negative the alloc will fail. Verify the size before alloc and bail if it's negative. BUG=633381 Review-Url: https://codereview.chromium.org/2202283003
2016-08-02Fix Jbig2 document context creation by checking proper pointerweili
The pointer a unique_ptr contains should be checked instead of the pointer of the unique_ptr itself. BUG=chromium:631912 Review-Url: https://codereview.chromium.org/2205573004
2016-07-24Remove CFX_Deletableweili
Change the last use of CFX_Deletable to its actual type and remove the use of CFX_Deletable. Review-Url: https://codereview.chromium.org/2178613002
2016-07-19Use smart pointers for various Jbig2 decoding contextsweili
Use unique_ptr for class owned member variables, and remove unnecessary or unused functions and member variable. BUG=pdfium:518 Review-Url: https://codereview.chromium.org/2149903002
2016-07-12Replace void* to actual type for jbig2 context to avoid castsweili
Also clear up a few variable names and unnecessary brackets. Review-Url: https://codereview.chromium.org/2143083002
2016-06-27Double AdobeCMYK_to_sRGB speed with faster roundingbrucedawson
FXSYS_round is painfully slow on Windows. It does range checking and then calls an extremely expensive function. It ends up consuming half the CPU time when decoding the images in PDFs such as this one: https://www.ets.org/Media/Tests/GRE/pdf/gre_research_validity_data.pdf SSE can be used to optimize this: __m128 cmyk = {c * 255, m * 255, y * 255, k * 255}; uint32_t output[4]; _mm_storeu_si128((__m128i*)output, _mm_cvtps_epi32(cmyk)); but is cryptic, only works for x86/x64, and gives basically identical performance to this solution - int(c * 255 + 0.5f); The rounding behavior is not identical but in practice this rarely matters, and in this specific case it does not matter because the edge cases that vary are not hit. The three divisions at the end were changed to multiplies because profiling showed they were a significant cost. This change reduces the image-decode stalls in the PDF listed above by about 40%, making for a noticeably better experience. Further optimizations are possible but would require significantly more time and testing. BUG=617365 Review-Url: https://codereview.chromium.org/2096723003
2016-06-20Fixup LoadImageInfo type checking.dsinclair
The ::DetectImageType method does more then just detecting the image type, it also sets up various needed structures to handle the decoding. Instead of skipping the ::DetectImageType call this CL changes the code to return early if the image check fails. This should allow us to stop working on images which do not match the required data format. BUG=chromium:621094 Review-Url: https://codereview.chromium.org/2085493002
2016-06-16Remove unused code.dsinclair
This cl removes code that exists but is never called. This includes: * cfwl_formtp * cfwl_widgetdelegate * cfwl_scrollbar * cfwl_theme * cfwl_tooltip * PWL_Label * PWL_ListCtrl * PWL_Signature * PWL_IconList * BC_ResultPoint * BC_CommonPerspectiveTransform * BC_CommonBitSource * BC_PDF417Codeword * fx_codec_flate.h (the .cpp file still exists) Review-Url: https://codereview.chromium.org/2071953002
2016-06-15Make code compile with clang_use_chrome_plugin (part IV)weili
This change mainly contains files in fpdfsdk/ directory. This is part of the efforts to make PDFium code compilable by Clang chromium style plugins. The changes are mainly the following: -- move inline constructor/destructor of complex class/struct out-of-line; -- add constructor/destructor of complex class/struct if not explicitly defined; -- add explicit out-of-line copy constructor when needed; -- move inline virtual functions out-of-line; -- Properly mark virtual functions with 'override'; -- some minor cleanups plus removing an unused file and splitting cxfa_eventparam out from fxfa.h BUG=pdfium:469 Review-Url: https://codereview.chromium.org/2062313002
2016-06-14Make code compile with clang_use_chrome_plugin (part II)weili
This change contains files in core directory which were not covered in part I. This is part of the efforts to make PDFium code compilable by Clang chromium style plugins. The changes are mainly the following: -- move inline constructor/destructor of complex class/struct out-of-line; -- add constructor/destructor of complex class/struct if not explicitly defined; -- add explicit out-of-line copy constructor when needed; -- move inline virtual functions out-of-line; -- Properly mark virtual functions with 'override'; -- some minor cleanups; BUG=pdfium:469 Review-Url: https://codereview.chromium.org/2060913003
2016-06-13Optionally skip image type detection in progressive decoder.dsinclair
The progressive decoder will attempt to verify that the provided image type matches the actual image content. We need to disable this check when running the fuzzer in order to target the fuzzing to specific decoders otherwise each fuzzer will end up fuzzing all of the decoders. BUG=chromium:587126 Review-Url: https://codereview.chromium.org/2061733002
2016-06-09Clean up fx_codec_tiff.cpp.thestig
Fix regressions from commit 4997b22. BUG=618164 Review-Url: https://codereview.chromium.org/2053573003
2016-06-07Get rid of NULLs in fpdfsdk/thestig
Review-Url: https://codereview.chromium.org/2031653003
2016-06-07Fix more code which has shadow variablesweili
The code has local variables that shadow struct or class member variables. Also, when this happens, different variable names should be used instead of namespaces. These were discovered by /Wshadow warning flag in Clang. Review-Url: https://codereview.chromium.org/2034253003
2016-06-07Get rid of NULLs in core/thestig
Review-Url: https://codereview.chromium.org/2032613003
2016-06-07Verify we have a CJBig2_Image before attempting use.dsinclair
In CJBig2_SDDProc::decode_Arith we will set a SDNEWSYMS value to nullptr if the height or width are 0. With the PDF from the bug, all of the decoders are set to nullptr. Then, we call into CJBig2_TRDProc::decode_Arith and pull out one of the nullptr decoders and attempt to use it, crashing. This CL adds a check that we have a non-null decoder before attempting to use the decoder. BUG=pdfium:511 Review-Url: https://codereview.chromium.org/2048683002
2016-06-06Remove unused PS generation code.thestig
CFX_PSRenderer, IFX_PSOutput, CPSOutput, CPSPrinterDriver. Also reland commit 2d63eaa. Review-Url: https://codereview.chromium.org/2019603002
2016-06-03Fix some code which causes warnings when compiled by /analyze toolweili
The code may not cause error conditions, but can be improved. These warnings include uninitialized variables, signed/unsigned mismatch, redundant condition, and using bool in arithmetic operations. Also remove a chunk of unused code. BUG=chromium:613623, chromium:427616 Review-Url: https://codereview.chromium.org/2036203004
2016-06-02Fix all the code which has duplicate variable declarationsweili
When there are duplicate variable declarations, the inner names shadow the outter ones. This is error prone and harder to read. Remove all the instances found by /analyze. BUG=chromium:613623, chromium:427616 Review-Url: https://codereview.chromium.org/2027273002
2016-05-26Fix a bug which may cause infinite loopweili
When the condition is "status == FXCODEC_STATUS_DECODE_TOBECONTINUE" while |status| never gets updated in the loop, it would enter infinite loop. Also, since Start_decode_MMR() never returns FXCODEC_STATUS_DECODE_TOBECONTINUE, there is no point to check on the return value for that. Review-Url: https://codereview.chromium.org/2013263002
2016-05-25Banish CFX_PrivateData to the XFA sidetsepez
Remove an unused inheritance. The remaining usages are a little more intricate. Review-Url: https://codereview.chromium.org/2015743002
2016-05-25Remove CFX_PrivateData from CPDF_Documenttsepez
Replace it with two generic slots for Links and Codec usage. Since the codec is at a lower layer than the document, we don't provide separate get/set methods, since having a document upon which to call these would be a layering violation. Do the same for the Links for simplicity. Review-Url: https://codereview.chromium.org/2005193003
2016-05-24Remove CFX_PrivateData from CPDF_ModuleMgrtsepez
Its only used to store one object, so replace it with a unique_ptr to a class with a virtual dtor. Rename the prototypical class with virtual dtor from CFX_DestructObject to CFX_Deletable. Rename the fx_basic_module.cpp to cfx_modulemgr.cpp to match the one class in it. Review-Url: https://codereview.chromium.org/2013483003
2016-05-16Convert border style defines to an enum class.dsinclair
There were two defines, BBS_ and PBS_ for the various border styles in the system. They were the same, except PBS_ had an extra SHADOW define which was never used. This CL combines both of those into a single BorderStyle enum class and updates the code as needed. Also, removes ADDBIT, GETBIT unused defines. Updates barcode code to use the util.h defines instead of redefinition. fsdk_baseannot names starting with _ were cleaned up and some #defines moved to constants. Review-Url: https://codereview.chromium.org/1980973002
2016-05-13Make CFX_ByteString(const CFX_ByteStringC&) explicit.tsepez
Add missing helper function to CFX_ByteTextBuf to avoid the anti-pattern CFX_ByteString(sBuf.AsStringC()), using the name "Make" to indicate there's an allocation going on in this case. Change some method arguments to take pre-existing ByteStrings where possible. Review-Url: https://codereview.chromium.org/1977093002
2016-05-11Replace some calls to Release() with direct delete, part 1.tsepez
Searching for the anti-pattern: void Release() { delete this; } We must be explicit on the ownership model. Add unique_ptrs as a result. Review-Url: https://codereview.chromium.org/1960673003
2016-04-29Avoid nullptr dereferences in sycc444_to_rgb().thestig
BUG=607739 Review-Url: https://codereview.chromium.org/1934483002