summaryrefslogtreecommitdiff
path: root/core/fxcrt
AgeCommit message (Collapse)Author
2017-08-02Rewrite how string Insert() methods handle out of bound indicesRyan Harrison
The existing behaviour was to clamp the provided index to the valid bounds. This would lead to programming errors being hidden, since inserting would still do something even if the index calculation was wrong. The behaviour of these methods has been changed to instead early return when this occurs, returning the old length value. The caller can check if the call to Insert actually did anything by comparing the returned value to the length before calling insert. All of the existing calls to Insert have been tested by running all of the tests with asserts in the Insert method to check the index is in bounds. Additionally the call sites have been manually inspected. The majority of them are of the form Insert(0, foo) and the rest tend to be in a loop advancing from 0 to length. Convenience methods InsertAtFront/InsertAtBack have been added to handle calling Insert when the intent is for the character to be added to the beginning or end of the string. Existing call sites to Insert that do this have been converted. This work was originally being performed to check if there would be any issues in these methods with making FX_STRSIZE unsigned. BUG=pdfium:828 Change-Id: I60cee5ad45338aa8ed46569de7bcc78a76db18f7 Reviewed-on: https://pdfium-review.googlesource.com/9870 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-01Encapsulate some CFX_Char members.Lei Zhang
Change-Id: Iab34de5858ae06582023be220ef7dd0d1d0a91c9 Reviewed-on: https://pdfium-review.googlesource.com/9530 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-08-01Remove support for negative params to ReleaseBuffer()Ryan Harrison
This CL removes the default param value for this method, which was negative. It also adds in a method to get buffer lengths, so that the callsites can explictly passing in the length of the buffer if they were using the default value previously. BUG=pdfium:828 Change-Id: I0170771ee81970b8b601631015ab3e6e39fea8ea Reviewed-on: https://pdfium-review.googlesource.com/9790 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-08-01Replace raw value for constant error value in string operationsRyan Harrison
Currently Find() and other methods that return a FX_STRSIZE return -1 to indicate error/failure. This means that there is a lot of magic numbers and magic checks floating around. The standard library for similar operations uses a npos constant. This CL implements FX_STRNPOS, and replaces usages of magic number checking. It also does some type cleanup along the way where it was obvious that FX_STRSIZE should be being used. Removing the magic numbers should make eventually changing FX_STRSIZE to be unsigned easier in the future. BUG=pdfium:828 Change-Id: I67e481e44cf2f75a1698afa8fbee4f375a74c490 Reviewed-on: https://pdfium-review.googlesource.com/9651 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-28Use FX_GetUnicodeProperties() in more places.chromium/3173chromium/3172chromium/3171Lei Zhang
Instead of accessing the raw kTextLayoutCodeProperties data. Change-Id: Ie39cf5c098e1564ae2f18d76b234af42f24db4ca Reviewed-on: https://pdfium-review.googlesource.com/9451 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-07-28Convert calls to Mid() to Left() or Right() if possibleRyan Harrison
The various string/byte classes support Mid(), Left(), and Right() for extracting substrings. Mid() can handle all possible cases, but Left() and Right() are useful for common cases and more explicit about what is going on. Calls like Mid(offset, length - offset) can be converted to Right(length - offset). Calls like Mid(0, length) can be converted to Left(length). If the substring being extracted does not extend all the way to one of the edges of the string, then Mid() still needs to be used. BUG=pdfium:828 Change-Id: I2ec46ad3d71aac0f7b513e103c69cbe8c854cf62 Reviewed-on: https://pdfium-review.googlesource.com/9510 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-27Simplify FX_GetMirrorChar() code.Lei Zhang
Change-Id: I43ec0d4a3b60d51c59ba5a540dfe24803e725089 Reviewed-on: https://pdfium-review.googlesource.com/9170 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-07-27Define SIZEOF_VOIDP and other cleanup in tiffconfNicolas Pena
This CL uses sizeof to calculate sizes in tiffconf. It adds SIZEOF_VOIDP to allow LibTIFF to take codepaths reducing OOMs. Finally, it gets rid of _FX_WIN32_MOBILE_ since it's never defined. Bug: chromium:718494 Change-Id: I9e6fb2812487ccd7d08e56fd1954c716ddccd07b Reviewed-on: https://pdfium-review.googlesource.com/9410 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-27Remove single param Mid() method from string classesRyan Harrison
This support is being removed from CFX_ByteString, CFX_ByteStringC, CFX_WideString, and CFX_WideStringC. This standardizes all of these classes to only have one Mid method that takes in 2 params, offset and count. Count now must be positive. The old behaviour of calculating the length for the user if -1 is passed in for the count has been removed. This work is in preperation for converting these classes to not accept negative lengths anywhere and thus make the underlying size type unsigned. BUG=pdfium:828 Change-Id: I5f15e7b7b00b264231817f143e2da88ee6f69e7b Reviewed-on: https://pdfium-review.googlesource.com/9430 Reviewed-by: (OOO Jul 28 - Aug 8) dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-27Simplify CFX_BidiLine code.Lei Zhang
The base level is always 0 in much of the code. Change-Id: I70b8342e0f6cf1dc366ff9f1d5d734d6f55ead0e Reviewed-on: https://pdfium-review.googlesource.com/9254 Reviewed-by: (OOO Jul 28 - Aug 8) dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-07-26Allow CFX_RTemplate to work with CFX_FloatRectDan Sinclair
This CL adds a CFX_RTemplate constuctor which accepts a CFX_FloatRect and converts to the correct type. It also adds a ToFloatRect() method which returns a CFX_FloatRect. The CFX_FloatRect::FromCFXRect is removed. Change-Id: I6827345300c6c4dee02c4e5dfa5590f3c8088748 Reviewed-on: https://pdfium-review.googlesource.com/9114 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-26Use std::min/max in fx_coordinates.hDan Sinclair
This CL updates some of the fx_coordinates methods to use std::min/max as appropriate. Change-Id: I12af519bfcbf97969da6fcc9e1bf978beb2d00e8 Reviewed-on: https://pdfium-review.googlesource.com/9113 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-07-26Make comment match codeDan Sinclair
The CFX_FloatRect params are Left,Bottom,Right,Top. Update comment to match. Change-Id: If4d8559e1f2693cfe0f7fcbe649add4c9a5bc303 Reviewed-on: https://pdfium-review.googlesource.com/9112 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-07-24Basic APIs and tests for adding attachmentsJane Liu
1. Added APIs for adding attachments, setting attachment files, and modifying attachment dictionary entries. * Added two embedder tests covering all new APIs. Bug=pdfium:174 Change-Id: I65f43cd6ca4887b71f9f7bcee64a87ba6b7e2706 Reviewed-on: https://pdfium-review.googlesource.com/8671 Commit-Queue: Jane Liu <janeliulwq@google.com> Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-20Change length calculation in CFX_StringCTemplate constructorRyan Harrison
Originally this would only calculate the length of the passed in string if the passed in length was -1. This causes issues, since other negative values will be passed straight through and break the post-condition on the constructor of the length being non-negative. This leads to undefined and hard to debug behaviour later, in cases where the root cause is a mistake in calculating the proper length. The other related classes, CFX_WideString & CFX_ByteString, test for all negative length values and calculating the length when they occur. This CL changes the FooC versions to use this logic. This implicitly assumes the string is null terminated, so in the incase of an incorrect negative length and a non-null terminated string there will still be a crash, but it will now occur at construction time, instead of at some random later time. BUG=pdfium:827 Change-Id: I4d1fed746ada67c496d8e6ab10861b9332555023 Reviewed-on: https://pdfium-review.googlesource.com/8450 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-19Rename StringCs c_str() to unterminated_c_str().Tom Sepez
Since there is no guarantee of termination if the StringC was extracted from a snippet of another string. Make it more obvious that things like strlen(str.unterminated_c_str()) might be a bad idea. Change-Id: I7832248ed89ebbddf5c0bcd402aac7d40ec2adc2 Reviewed-on: https://pdfium-review.googlesource.com/8170 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-07-19Converting CFX_ByteTextBuf to ostringstream in SAX.Henrique Nakashima
Respin of https://pdfium-review.googlesource.com/c/6592 with fixes that avoid invalid reads. Bug: pdfium:731 Change-Id: I9395063505ba1a5c610e21b089ab8aa1a0a5b86f Reviewed-on: https://pdfium-review.googlesource.com/8290 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-07-19Revert "Converting CFX_ByteTextBuf to ostringstream in SAX."Henrique Nakashima
This reverts commit 7ca47d55c9cbbec7e0a0b0beffffe348ae655086. Reason for revert: Caused pdfium:821 Original change's description: > Converting CFX_ByteTextBuf to ostringstream in SAX. > > Bug: pdfium:731 > Change-Id: Ic492e8900c4a69082ff9c2384006a4e6bfa3313e > Reviewed-on: https://pdfium-review.googlesource.com/6592 > Reviewed-by: Lei Zhang <thestig@chromium.org> > Reviewed-by: dsinclair <dsinclair@chromium.org> > Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> TBR=thestig@chromium.org,dsinclair@chromium.org,hnakashima@chromium.org Bug: pdfium:731 Change-Id: Ic7390c3f53d67d6eecf7f669e329702daa16f339 Reviewed-on: https://pdfium-review.googlesource.com/8230 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-19Avoid unterminated string segment in cfx_saxreaderhandler.cppTom Sepez
Use the overloaded << operator, which takes length into account for StringC types, rather than a raw ptr (which gets promoted into a std::string resulting in a length call that overflows since StringCs aren't necessarily nul-terminated). Bug: 746073 Change-Id: Iffbbff53e12da8741acc7ce54000232cc66d83bc Reviewed-on: https://pdfium-review.googlesource.com/8150 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-19Prevent more crashes in wcsftime.Lei Zhang
BUG=chromium:738303 Change-Id: If36cdc0f53fc224c0c4c8cf775fd2c916f2d0add Reviewed-on: https://pdfium-review.googlesource.com/8210 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-17Add CFX_FloatRect::GetDeflateddan sinclair
This CL adds a method to CFX_FloatRect to get a new deflated rectangle from a given rectangle. Change-Id: I781222257c82baf94d5f77deede52fbe4e97c701 Reviewed-on: https://pdfium-review.googlesource.com/7850 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-13Use PartitionAlloc with PartitionAllocReturnNullNicolas Pena
This CL changes usage of PartitionAlloc in fx_memory to allow null return value for methods used by external C libraries. Change-Id: I8e2b5dcfb37e30370606afb9a71a7a1d3a28c097 Reviewed-on: https://pdfium-review.googlesource.com/7770 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-13Move CPWL_Utils::ScaleRect to CFX_FloatRectDan Sinclair
This CL moves the ScaleRect method to Scale on CFX_FloatRect and changes it to operate directly on the rect. Change-Id: Ie0f91c9319be08c9e2cc81cba2519ebb5f2c35eb Reviewed-on: https://pdfium-review.googlesource.com/7714 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-07-13Move CPWL_Utils::GetCenterSquare to CFX_FloatRectDan Sinclair
This method is working on the FloatRect content so move it to CFX_FloatRect. Change-Id: I60aabf6e3b86aa9acc59f86cff69347ec5fe5033 Reviewed-on: https://pdfium-review.googlesource.com/7712 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-07core: fix -Wshadow warningschromium/3153Miklos Vajna
Found with this patch: diff --git a/BUILD.gn b/BUILD.gn index 83bad1b13..444685f04 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -89,6 +89,8 @@ config("pdfium_core_config") { "/wd4324", "/wd4577", ] + } else { + cflags += [ "-Wshadow" ] } } But renaming the conflicting names is tricky, so done with clang-rename. Change-Id: Ie959b86e9e82b11b211761b0c73e439e51044de7 Reviewed-on: https://pdfium-review.googlesource.com/7410 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-07-07Convert c-style casts in fx_memory.h into static_castsRyan Harrison
Change-Id: I53da7a36ce8503abd99f2525e8a5b394ee547b47 Reviewed-on: https://pdfium-review.googlesource.com/7353 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-06-30Remove hand rolled bsearch from HTMLSTR2CodeRyan Harrison
BUG=pdfium:786 Change-Id: I0779dccb6db0e6ea3933279914153ef7961d9a5b Reviewed-on: https://pdfium-review.googlesource.com/7152 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-06-29Change SetReverse to GetInverse in CFX_MatrixNicolas Pena
CFX_Matrix::GetInverse is much clearer. Change-Id: Id10ab1723735332e1a78de853f28415ec3a4d834 Reviewed-on: https://pdfium-review.googlesource.com/7090 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-06-28Add << overload for CFX_StringCTemplate classeschromium/3144Ryan Harrison
BUG=pdfium:790 Change-Id: I4a3623dc0daac6ff8407c09cd00e9f2e4e5dd2d7 Reviewed-on: https://pdfium-review.googlesource.com/7051 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-06-28Add << overload for CFX_WideStringRyan Harrison
BUG=pdfium:788 Change-Id: I9f211d42e60c0d8b7b3c508d340036a3b26542dd Reviewed-on: https://pdfium-review.googlesource.com/7041 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-06-27Add empty string test case for ostream << CFX_ByteString.Henrique Nakashima
Change-Id: I1f3933709ad4a4f251a634dbe6d87a541994f02e Reviewed-on: https://pdfium-review.googlesource.com/7037 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-06-27Adding overload for ostream << CFX_ByteStringHenrique Nakashima
Bug: pdfium:731 Change-Id: I285332c8f9d988327e8633cb0746af2b76c401e5 Reviewed-on: https://pdfium-review.googlesource.com/6911 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-06-23Cleaning up fx_string_testhelpers.Henrique Nakashima
This is unused except for being a pathway for indirect deps. Change-Id: I717290235ccbc59429ad24231033382958e2a086 Reviewed-on: https://pdfium-review.googlesource.com/6910 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-06-22Add a |gGeneralPartitionAllocator| and use it in the |FX_*Alloc| wrappers.chromium/3142chromium/3141chromium/3140chromium/3139Chris Palmer
BUG=pdfium:690 Change-Id: I922279e4bdc8b411f47f49798155e8f9118c1396 Reviewed-on: https://pdfium-review.googlesource.com/6552 Commit-Queue: Chris Palmer <palmer@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-06-19Use EXPECT_STREQ() in fx_system_unittest.cpp.Lei Zhang
Instead of using EXPECT_EQ() and constructing a std::string. Change-Id: I7f349f49a03b1ebbad15865f9783568f4d025d91 Reviewed-on: https://pdfium-review.googlesource.com/6670 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-06-19Converting CFX_ByteTextBuf to ostringstream in SAX.Henrique Nakashima
Bug: pdfium:731 Change-Id: Ic492e8900c4a69082ff9c2384006a4e6bfa3313e Reviewed-on: https://pdfium-review.googlesource.com/6592 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-06-19Converting CFX_ByteTextBuf to ostringstream in cxml_parser.cpp.Henrique Nakashima
Bug: pdfium:731 Change-Id: Id4cb57aaf1d045d5052869477a8c5082cab8961c Reviewed-on: https://pdfium-review.googlesource.com/6675 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-06-16Avoid a crash inside wcsftime() on Windows.chromium/3135chromium/3134chromium/3133Lei Zhang
BUG=chromium:733245 Change-Id: Ic9347e2cc245831c0b71fac1d531c33c5646ab3f Reviewed-on: https://pdfium-review.googlesource.com/6671 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-06-09Revert "Revert "Adding constructor of CFX_ByteString that takes a ↵Henrique Nakashima
std::ostringstream."" This reverts commit 53827cbbfebae66dd31f7aa30d3ee5c88716897a. Reason for revert: Rollforward of original CL - test failures were flakes. Original change's description: > Revert "Adding constructor of CFX_ByteString that takes a std::ostringstream." > > This reverts commit 4633d52736c4b926eceb1e18c4b379ff57fd31fa. > > Reason for revert: windows_xfa_clang broke? > > Original change's description: > > Adding constructor of CFX_ByteString that takes a std::ostringstream. > > > > Bug: pdfium:731 > > Change-Id: Ia0734deb3f309732dccae5c0cf6131d32713e87a > > Reviewed-on: https://pdfium-review.googlesource.com/6394 > > Reviewed-by: dsinclair <dsinclair@chromium.org> > > Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> > > TBR=dsinclair@chromium.org,hnakashima@chromium.org > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: pdfium:731 > > Change-Id: I674aa1be12d6777c4d565d3131910ac5a11d8dc0 > Reviewed-on: https://pdfium-review.googlesource.com/6395 > Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> > Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> TBR=dsinclair@chromium.org,pdfium-reviews@googlegroups.com,hnakashima@chromium.org No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: pdfium:731 Change-Id: I4a31a1a6bdb128016183c1059f0bfe1fa559a89e Reviewed-on: https://pdfium-review.googlesource.com/6434 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-06-08Revert "Adding constructor of CFX_ByteString that takes a std::ostringstream."Henrique Nakashima
This reverts commit 4633d52736c4b926eceb1e18c4b379ff57fd31fa. Reason for revert: windows_xfa_clang broke? Original change's description: > Adding constructor of CFX_ByteString that takes a std::ostringstream. > > Bug: pdfium:731 > Change-Id: Ia0734deb3f309732dccae5c0cf6131d32713e87a > Reviewed-on: https://pdfium-review.googlesource.com/6394 > Reviewed-by: dsinclair <dsinclair@chromium.org> > Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> TBR=dsinclair@chromium.org,hnakashima@chromium.org No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: pdfium:731 Change-Id: I674aa1be12d6777c4d565d3131910ac5a11d8dc0 Reviewed-on: https://pdfium-review.googlesource.com/6395 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-06-08Adding constructor of CFX_ByteString that takes a std::ostringstream.Henrique Nakashima
Bug: pdfium:731 Change-Id: Ia0734deb3f309732dccae5c0cf6131d32713e87a Reviewed-on: https://pdfium-review.googlesource.com/6394 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-06-05Add start of CFGAS_FormatString testsDan Sinclair
This CL adds tests for the date parsing and formatting code in CFGAS_FormatString. Change-Id: I9989cdd1b3f92c90d46ee2c3f7838fe1de255be2 Reviewed-on: https://pdfium-review.googlesource.com/6178 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-26Rename Probe() to ProbeForLowSeverityLifetimeIssue().Tom Sepez
Use name that clues in bug triage folks as I'm writing Probe -> severity low in each new bug report. Also add comment from the unlanded chromium-side CL. No functional change. Change-Id: I49399e8450eaecd1369a85ea0212bdd69b1d0824 Reviewed-on: https://pdfium-review.googlesource.com/6070 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-26Use more STL algorithms in fx_coordinates.cpp.Lei Zhang
Change-Id: I061132b3de0f388f4f4c103ff0377405de2ecf29 Reviewed-on: https://pdfium-review.googlesource.com/6012 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-25Mass conversion of all const-lifetime class membersTom Sepez
Sed + minimal conversions to compile, including moving some constructors into the .cpp file. Any that caused ASAN issues during the tests were omitted rather than trying to resolve the underlying issue. Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335 Reviewed-on: https://pdfium-review.googlesource.com/5891 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-22CFX_ByteStringC: avoid taking unreferenceable vector::data() ptr.chromium/3108Tom Sepez
Otherwise, the UnownedPtr destructor will try to probe it. ASAN knows about the structure of std::vector and will flag it as such. Bug: 724960 Change-Id: I2b24501704c3845a4b16edad191d7b8f41f77587 Reviewed-on: https://pdfium-review.googlesource.com/5750 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-19Back-fill some functionality for CFX_UnownedPtrTom Sepez
Add Release() method, type-convertible compares and assigns, and right hand vs. left hand comparisons. Change-Id: I96b1112e328802143d314aa6c92948f26583fa90 Reviewed-on: https://pdfium-review.googlesource.com/5731 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-18Use UnownedPtr to check CFX_*StringC lifetimeschromium/3104Tom Sepez
Change interform to avoid temp StringC with dangling ptr. Change-Id: I8d8659973bcdf2cdbcaa6efa6012e4acce5f1604 Reviewed-on: https://pdfium-review.googlesource.com/5571 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-17CFX_UnownedPtr: check during assignment time as well.Tom Sepez
In particular, doing m_pPtr = nullptr; in your dtor to evade this check will not longer work. Fix slight mis-ordering observeds in CFX_Font and CPDFXFA_Context. Change-Id: I3e6137159430333b091364021283a54a13d916b5 Reviewed-on: https://pdfium-review.googlesource.com/5570 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-16Introduce CFX_UnownedPtr to detect lifetime inversion issues.Tom Sepez
There are places where an object "child" has a raw pointer back to object "owner" with the understanding that owner will always outlive child. Violating this constraint can lead to use after free, but this requires finding two paths: one that frees the objects in the wrong order, and one that uses the object after the free. The purpose of this patch is to detect the constraint violation even when the second path is not hit. We create a template that is used in place of TYPE*. It's dtor, when a memory tool is present, goes out and probes the first byte of the object to which it points. Used in "child", this allows the memory tool to prove that the "owner" is still alive at the time the child is destroyed, and hence the constraint is never violated. Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417 Reviewed-on: https://pdfium-review.googlesource.com/5475 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>