Age | Commit message (Collapse) | Author |
|
None of the decodes in the method are currently being checked. This is
causing pdfium to take a long time rendering corrupted files. Thus, I
added a couple of early returns to help prevent this from happening.
BUG=450971
Review-Url: https://codereview.chromium.org/2493633002
|
|
https://codereview.chromium.org/2482663002/ )
Reason for revert:
Max cmsChannelsOf() is 15, which is larger than expectation of existing code and cause crashes (at least the fuzzer).
BUG=chromium:663240
Original issue's description:
> Clean up fx_codec_icc.cpp
>
> Committed: https://pdfium.googlesource.com/pdfium/+/a94fc11866adb1b9ca4a4e1afb4fb574ed472e07
TBR=dsinclair@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review-Url: https://codereview.chromium.org/2485363002
|
|
Review-Url: https://codereview.chromium.org/2482663002
|
|
Review-Url: https://codereview.chromium.org/2477443002
|
|
An optimization to speed up float-to-int rounding caused a different
result for one input value. This tweaks the conversion constant so
that the results are identical across the entire valid range, and
adds a test that checks the part of the range that is most sensitive
to errors.
BUG=pdfium:624
Review-Url: https://codereview.chromium.org/2466203002
|
|
Review-Url: https://codereview.chromium.org/2450393004
|
|
Review-Url: https://codereview.chromium.org/2454263002
|
|
Review-Url: https://codereview.chromium.org/2457943002
|
|
Review-Url: https://codereview.chromium.org/2461543002
|
|
Replace most of these with ints since the are used in integer
operations. If it walks like a duck, and quacks like a duck
... despite what the hungarian notation might say.
Review-Url: https://codereview.chromium.org/2455523005
|
|
Review-Url: https://codereview.chromium.org/2459673002
|
|
BUG=chromium:659519
Review-Url: https://codereview.chromium.org/2456553002
|
|
NEXTBIT() is particularly pernicious in that it isn't syntactically
an expression, but rather two expressions. Replace it with an inline
along the way.
Review-Url: https://codereview.chromium.org/2452123002
|
|
It's been troubling for some time that an IFX_FileStream might
actually be an in-memory buffer with no backing file.
Review-Url: https://codereview.chromium.org/2443723002
|
|
Currently the JBig2 decoder can leak subimages in the case where we mark
more items in EXFLAGS then we have SDNUMEXSYMS. This Cl checks for this
condition and fails the decode if it happens.
BUG=chromium:654365
Review-Url: https://codereview.chromium.org/2419553002
|
|
The position indexes of color elements must be monotonic increasing.
Bail out if the decoded index is less or equal to the previous index.
BUG=pdfium:615
Review-Url: https://codereview.chromium.org/2398033002
|
|
BUG=chromium:653044
Review-Url: https://codereview.chromium.org/2397783002
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2392603004
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2386423004
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2377393002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2382723003
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2381063002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2383543002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2379033002
|
|
Review-Url: https://codereview.chromium.org/2357173005
|
|
BUG=648935,649436
Review-Url: https://codereview.chromium.org/2360283004
|
|
TEST=build pdfium and chromium
BUG=pdfium:599
Review-Url: https://codereview.chromium.org/2355523002
|
|
BUG=648127
Review-Url: https://codereview.chromium.org/2351623002
|
|
The fx_codec_jpx_opj code will attempt to do a 1 << (prec - 1). If the prec
value is >=32 then that shift will overflow the int value. This CL adds a check
that prec is < 32 before attempting the shift.
BUG=chromium:633208
Review-Url: https://codereview.chromium.org/2334823002
|
|
BUG=645186
Review-Url: https://codereview.chromium.org/2326103002
|
|
BUG=627399
Review-Url: https://codereview.chromium.org/2328003002
|
|
We allocate the GifPlainText object on line ~685 inside GIF_D_STATUS_EXT_PTE.
We cleanup the internal pointers in the gif_destroy_decompress() but we
failed to cleanup the pointer itself.
This CL frees the allocated pointer once the data is cleaned up.
BUG=chromium:638499
Review-Url: https://codereview.chromium.org/2291143003
|
|
The JPX decoder needs to verify there is data associated with an image channel
before access. This was already done in one side of the if() but seems to be
missing from the other.
This Cl updates the loop to check the existance of channel data and to continue
iteration if none found.
BUG=chromium:637232
Review-Url: https://codereview.chromium.org/2291813002
|
|
overflow.
BUG=618267
Review-Url: https://codereview.chromium.org/2284063002
|
|
to fix bug 617135
617135 described an exploit against pdfium using a malformed gif.
This fix introduced a couple edge case handling lines to address
the OOB issue.
BUG= 617135
Review-Url: https://codereview.chromium.org/2230683002
|
|
If the width of the CJBig2_Image is set to 0 then the stride_pixels will be
zero and when we divide we'll get a floating point exception.
If the width or height are zero then we can exit early without proceeding with
the rest of the constructor.
BUG=chromium:635008
Review-Url: https://codereview.chromium.org/2222843004
|
|
Also make these private to ensure they aren't modified so as to
violate the bounds checks applied at creation time.
BUG=633002
Review-Url: https://codereview.chromium.org/2202013002
|
|
If the out_row_bytes is negative the alloc will fail. Verify the size before
alloc and bail if it's negative.
BUG=633381
Review-Url: https://codereview.chromium.org/2202283003
|
|
The pointer a unique_ptr contains should be checked instead of the
pointer of the unique_ptr itself.
BUG=chromium:631912
Review-Url: https://codereview.chromium.org/2205573004
|
|
Change the last use of CFX_Deletable to its actual type and remove
the use of CFX_Deletable.
Review-Url: https://codereview.chromium.org/2178613002
|
|
Use unique_ptr for class owned member variables, and remove unnecessary
or unused functions and member variable.
BUG=pdfium:518
Review-Url: https://codereview.chromium.org/2149903002
|
|
Also clear up a few variable names and unnecessary brackets.
Review-Url: https://codereview.chromium.org/2143083002
|
|
FXSYS_round is painfully slow on Windows. It does range checking and
then calls an extremely expensive function. It ends up consuming half
the CPU time when decoding the images in PDFs such as this one:
https://www.ets.org/Media/Tests/GRE/pdf/gre_research_validity_data.pdf
SSE can be used to optimize this:
__m128 cmyk = {c * 255, m * 255, y * 255, k * 255};
uint32_t output[4];
_mm_storeu_si128((__m128i*)output, _mm_cvtps_epi32(cmyk));
but is cryptic, only works for x86/x64, and gives basically identical
performance to this solution - int(c * 255 + 0.5f);
The rounding behavior is not identical but in practice this rarely
matters, and in this specific case it does not matter because the edge
cases that vary are not hit.
The three divisions at the end were changed to multiplies because
profiling showed they were a significant cost.
This change reduces the image-decode stalls in the PDF listed above by
about 40%, making for a noticeably better experience. Further
optimizations are possible but would require significantly more time and
testing.
BUG=617365
Review-Url: https://codereview.chromium.org/2096723003
|
|
The ::DetectImageType method does more then just detecting the image type, it
also sets up various needed structures to handle the decoding. Instead of
skipping the ::DetectImageType call this CL changes the code to return early if
the image check fails. This should allow us to stop working on images which do
not match the required data format.
BUG=chromium:621094
Review-Url: https://codereview.chromium.org/2085493002
|
|
This cl removes code that exists but is never called. This includes:
* cfwl_formtp
* cfwl_widgetdelegate
* cfwl_scrollbar
* cfwl_theme
* cfwl_tooltip
* PWL_Label
* PWL_ListCtrl
* PWL_Signature
* PWL_IconList
* BC_ResultPoint
* BC_CommonPerspectiveTransform
* BC_CommonBitSource
* BC_PDF417Codeword
* fx_codec_flate.h (the .cpp file still exists)
Review-Url: https://codereview.chromium.org/2071953002
|
|
This change mainly contains files in fpdfsdk/ directory.
This is part of the efforts to make PDFium code compilable
by Clang chromium style plugins.
The changes are mainly the following:
-- move inline constructor/destructor of complex class/struct out-of-line;
-- add constructor/destructor of complex class/struct if not
explicitly defined;
-- add explicit out-of-line copy constructor when needed;
-- move inline virtual functions out-of-line;
-- Properly mark virtual functions with 'override';
-- some minor cleanups plus removing an unused file and splitting
cxfa_eventparam out from fxfa.h
BUG=pdfium:469
Review-Url: https://codereview.chromium.org/2062313002
|
|
This change contains files in core directory which were not covered
in part I. This is part of the efforts to make PDFium code compilable
by Clang chromium style plugins.
The changes are mainly the following:
-- move inline constructor/destructor of complex class/struct out-of-line;
-- add constructor/destructor of complex class/struct if not
explicitly defined;
-- add explicit out-of-line copy constructor when needed;
-- move inline virtual functions out-of-line;
-- Properly mark virtual functions with 'override';
-- some minor cleanups;
BUG=pdfium:469
Review-Url: https://codereview.chromium.org/2060913003
|
|
The progressive decoder will attempt to verify that the provided image type
matches the actual image content. We need to disable this check when running
the fuzzer in order to target the fuzzing to specific decoders otherwise
each fuzzer will end up fuzzing all of the decoders.
BUG=chromium:587126
Review-Url: https://codereview.chromium.org/2061733002
|
|
Fix regressions from commit 4997b22.
BUG=618164
Review-Url: https://codereview.chromium.org/2053573003
|
|
Review-Url: https://codereview.chromium.org/2031653003
|