summaryrefslogtreecommitdiff
path: root/core/fxge
AgeCommit message (Collapse)Author
2017-07-07Check that there is enough data remaining in source BMP before readingchromium/3152Ryan Harrison
When reading in a BMP, after processing the header, make sure that there is enough data remaining in the source before proceeding. If not signal that the BMP is improperly formatted. BUG=chromium:738635 Change-Id: I506bc0e6db7dcd4b5984fd91a1f39516320a2037 Reviewed-on: https://pdfium-review.googlesource.com/7280 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-07-06Revert "typeface double delete"Cary Clark
This reverts commit ddf2418ba8e5d925909d7955ac22b33f37ccce44. Reason for revert: not right Original change's description: > typeface double delete > > SkTypeface was doubly deleted at pdfium teardown > SkTypeface has two pointers but no owners. > Making the font cache an owner fixes the bug but > violates checkdeps rules. Let me know what to > do about that. > > R=​dsinclair@chromium.org,npm@chromium.org > Bug: 736133 > Change-Id: I756a41258a5ac86e70139d7a587c5da9bb7a707b > Reviewed-on: https://pdfium-review.googlesource.com/7270 > Reviewed-by: Nicolás Peña <npm@chromium.org> > Commit-Queue: Cary Clark <caryclark@google.com> TBR=dsinclair@chromium.org,caryclark@google.com,npm@chromium.org,caryclark@skia.org Change-Id: I255f50acf2cbaecc85b8e5ac3893c1fbc77b6492 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 736133 Reviewed-on: https://pdfium-review.googlesource.com/7310 Reviewed-by: Cary Clark <caryclark@google.com> Commit-Queue: Cary Clark <caryclark@google.com>
2017-07-05typeface double deletechromium/3150Cary Clark
SkTypeface was doubly deleted at pdfium teardown SkTypeface has two pointers but no owners. Making the font cache an owner fixes the bug but violates checkdeps rules. Let me know what to do about that. R=dsinclair@chromium.org,npm@chromium.org Bug: 736133 Change-Id: I756a41258a5ac86e70139d7a587c5da9bb7a707b Reviewed-on: https://pdfium-review.googlesource.com/7270 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>
2017-07-05additional clip debuggingCary Clark
Add debugging for bounding clip boxes Add debugging to dump save count (probably not useful) Make debugging output easier to find R=dsinclair@chromium.org,npm@chromium.org Bug: Change-Id: I4b985b8810c80a3061a11401e26a065d17236604 Reviewed-on: https://pdfium-review.googlesource.com/7278 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>
2017-07-05maintain ClipBoxCary Clark
GetClipBox returned wrong clip bounds Found tracing through looking for other bugs. GetClipBox is used by graphics outside of Skia so it needs to be kept up to date. R=dsinclair@chromium.org,npm@chromium.org Bug: 736703 Change-Id: I2b3fdfe91053848243e5b486a2615a233654c5a9 Reviewed-on: https://pdfium-review.googlesource.com/7274 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>
2017-07-05set clip rectCary Clark
clip rect should mirror existing construction Also found tracing. Keep the clip rect in sync with its expected value for compatibility. R=dsinclair@chromium.org,npm@chromium.org Bug: 736703 Change-Id: I57bab209f5e1febb5fbcd91860b43296063f1f80 Reviewed-on: https://pdfium-review.googlesource.com/7275 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>
2017-07-05show original text to aid in debuggingCary Clark
disabled by default R=dsinclair@chromium.org,npm@chromium.org Bug: Change-Id: Iab08a7120d28b2d81a5e1d4768fd95a460208ebf Reviewed-on: https://pdfium-review.googlesource.com/7277 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>
2017-07-05fix fuzzer generated out of rangeCary Clark
I could not get this to reproduce. It was also reported in April, but I marked it fixed because I couldn't reproduce this then, either. I suspect that the result of LineSide() is +/-inf, causing either minBounds or maxBounds in ClipAngledGradient() to be set to -1, triggering the stack buffer misread. R=dsinclair@chromium.org,npm@chromium.org Bug: 736574 Change-Id: Id828321f8c5481b862822be43d76a41dd8e74ef0 Reviewed-on: https://pdfium-review.googlesource.com/7273 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>
2017-07-05clip save off by oneCary Clark
Code around this bug was altered in April to fix the off by one bug, but somehow the loop counter fix was overlooked. R=dsinclair@chromium.org,npm@chromium.org Bug: 736195 Change-Id: I583a9f2389e6111ae1b847b961afaafd5e854810 Reviewed-on: https://pdfium-review.googlesource.com/7276 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>
2017-06-29Move Start to constructor in CFX_Image(Renderer|Transformer)chromium/3145Nicolas Pena
The bool returned by Start was not being used and the method was always called right after the constructor, so it should be in the constructor. Change-Id: I98abf9f7c11fbe42b3aa15ec5e46731198aa23d5 Reviewed-on: https://pdfium-review.googlesource.com/7151 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-06-29Change SetReverse to GetInverse in CFX_MatrixNicolas Pena
CFX_Matrix::GetInverse is much clearer. Change-Id: Id10ab1723735332e1a78de853f28415ec3a4d834 Reviewed-on: https://pdfium-review.googlesource.com/7090 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-06-27Converting CFX_ByteTextBuf to ostringstream in cfx_fontmapper.cpp.Henrique Nakashima
Bug: pdfium:731 Change-Id: I9453f28a17dd34908e6dcc97ea27e5ee84eda2d1 Reviewed-on: https://pdfium-review.googlesource.com/7011 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-06-23Cleaning up fx_string_testhelpers.Henrique Nakashima
This is unused except for being a pathway for indirect deps. Change-Id: I717290235ccbc59429ad24231033382958e2a086 Reviewed-on: https://pdfium-review.googlesource.com/6910 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-06-14Fix crash when inserting empty pathNicolas Pena
The path creation method begins with an open MoveTo point. If nothing else is added, CFX_PathData::GetBoundingBox will try an OOB access in its m_Points. This CL adds a check similar to the one in CPDF_StreamContentParser::AddPathObject. Change-Id: Iec7cfe3379253c021ba7d5f276306a66009f84e2 Reviewed-on: https://pdfium-review.googlesource.com/6593 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-26Fix CPDF_PageRenderContext cleanupTom Sepez
Make CFX_RenderDevice, which owns the IFX_RenderDeviceDriver, responsible for restoring driver state as part of its destruction so that its callers don't have to do so out of turn. Then re-order CPDF_PageRenderContext destruction order so that the progressive renderer is destroyed before the device, and the device destroyed before the options because of unowned pointers to objects owned by these. Bug: 726755 Change-Id: I9a6f23da12140b2758b86e6f33f715ad1c679c3f Reviewed-on: https://pdfium-review.googlesource.com/6073 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-26Add public API for setting LineJoin and LineCap on a pathwileyrya
BUG=pdfium:718 R=npm@chromium.org Change-Id: Icdc1546c87a676a7d05330dece2c5eacd92c0c92 Reviewed-on: https://pdfium-review.googlesource.com/5951 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-25Mass conversion of remaining class members (non-xfa)Tom Sepez
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3 Reviewed-on: https://pdfium-review.googlesource.com/5970 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Remove some unused definesDan Sinclair
Change-Id: Id816174391ee3a5612fb22df0b4c15fb3112cc8d Reviewed-on: https://pdfium-review.googlesource.com/5954 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-25Mass conversion of all const-lifetime class membersTom Sepez
Sed + minimal conversions to compile, including moving some constructors into the .cpp file. Any that caused ASAN issues during the tests were omitted rather than trying to resolve the underlying issue. Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335 Reviewed-on: https://pdfium-review.googlesource.com/5891 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Break apart the pageint.h file.Dan Sinclair
This CL separates pageint.h and the supporting cpp files into indivudal class files. Change-Id: Idcadce41976a8cd5f0d916e6a5ebbc283fd36527 Reviewed-on: https://pdfium-review.googlesource.com/5930 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-25Cleanup some nits in CFX_FontNicolas Pena
Change-Id: I30b59c794fc855fd36c33da3c60053ae08b3dac1 Reviewed-on: https://pdfium-review.googlesource.com/5910 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-23Use NOTREACHED() in more places.Lei Zhang
Change-Id: I88466943171f19259f84add69679741d44c8e123 Reviewed-on: https://pdfium-review.googlesource.com/5551 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-19Move CCodec_ModuleMgr ownership to CPDF_ModuleMgr.Lei Zhang
More straight forward than CFX_GEModule owning in and CPDF_ModuleMgr holding a pointer to it. Remove assumptions that the codec modules may return nullptr, and do IWYU. Change-Id: Iba7fc3c7ec223fd6d29a1ab74ed13d35689bc5d5 Reviewed-on: https://pdfium-review.googlesource.com/5654 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-18Fix typo in CFX_ImageTransformer::ContinueNicolas Pena
This CL fixes a typo introduced in: https://pdfium-review.googlesource.com/c/4495/3/core/fxge/dib/cfx_imagetransformer.cpp#395 Bug: chromium:723976 Change-Id: I629d1e61054805f768356fce44c25f40f9346beb Reviewed-on: https://pdfium-review.googlesource.com/5634 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-17CFX_UnownedPtr: check during assignment time as well.Tom Sepez
In particular, doing m_pPtr = nullptr; in your dtor to evade this check will not longer work. Fix slight mis-ordering observeds in CFX_Font and CPDFXFA_Context. Change-Id: I3e6137159430333b091364021283a54a13d916b5 Reviewed-on: https://pdfium-review.googlesource.com/5570 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-17SkPictureRecorder.h includes less, so we have to IWYUchromium/3103Mike Reed
Bug: Change-Id: I294e765916f35ef933142789179a06ffad67fc31 Reviewed-on: https://pdfium-review.googlesource.com/5494 Reviewed-by: Mike Reed <reed@google.com> Commit-Queue: Mike Reed <reed@google.com>
2017-05-16Be skeptical of bare |new|s.Tom Sepez
In particular, prefer an explicit .release() call when handing ownership of an object to a caller across a C-API. Change-Id: Ic3784e9d0b2d378a08d388989eaea7c9166bacd1 Reviewed-on: https://pdfium-review.googlesource.com/5470 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-16Introduce CFX_UnownedPtr to detect lifetime inversion issues.Tom Sepez
There are places where an object "child" has a raw pointer back to object "owner" with the understanding that owner will always outlive child. Violating this constraint can lead to use after free, but this requires finding two paths: one that frees the objects in the wrong order, and one that uses the object after the free. The purpose of this patch is to detect the constraint violation even when the second path is not hit. We create a template that is used in place of TYPE*. It's dtor, when a memory tool is present, goes out and probes the first byte of the object to which it points. Used in "child", this allows the memory tool to prove that the "owner" is still alive at the time the child is destroyed, and hence the constraint is never violated. Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417 Reviewed-on: https://pdfium-review.googlesource.com/5475 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-16Simplify ContrastAdjust().chromium/3102Lei Zhang
Add a few constants in the process. Change-Id: Id69b939e4ea6a3de879e0a1f29d1453e95c838db Reviewed-on: https://pdfium-review.googlesource.com/5552 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-15Remove gamma codeDan Sinclair
The gamma value is always 2.2, which means the table entries all point to themselves. Remove the usage of the gamma table. Change-Id: Idbb06015e8acd9f106f4bd1da5ef06563fb26296 Reviewed-on: https://pdfium-review.googlesource.com/5352 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-15Convert CPSOutput to an IFX_WriteStreamdan sinclair
This Cl updates CPSOutput to inherit from IFX_WriteStream and converts the CFX_PSRenderer to accept an IFX_WriteStream instead of a CPSOutput. Change-Id: Ibde5c7da1c2f6df0a10cb6e9a470e18fbab167b8 Reviewed-on: https://pdfium-review.googlesource.com/5431 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Use clamp() in a couple more places.Lei Zhang
Change-Id: I9b7a1c101e3c73d0270f9216225e5a13d9937b97 Reviewed-on: https://pdfium-review.googlesource.com/5332 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-11Rename render device classesDan Sinclair
This Cl renames the CFX_RenderDevice subclasses to make their usage clearer. Change-Id: Ie820b57df9a3743ce8c6893fb483b398a1f1bdbe Reviewed-on: https://pdfium-review.googlesource.com/5390 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Remove unused GetPlatformSurface and GetDC methodsdan sinclair
The times we need the DC we call ::GetDC to retrieve it from the platform. These methods are unused. Change-Id: If83aa9b37ae2231d8029db6f2e6d8d17f1825611 Reviewed-on: https://pdfium-review.googlesource.com/5350 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Move map and codec loading into managerDan Sinclair
This Cl consolidates the code to load maps and codecs into the CPDF_ModuleMgr class instead of putting it directly into fpdfview. Change-Id: Ia08f212f43a33e51ab1c7832051ee4f28eecb50d Reviewed-on: https://pdfium-review.googlesource.com/5335 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-11Stop rendering if a span length overflowed in AGGNicolas Pena
In AGG, len is of type coord_type, which we have as int16_t, but we can add to it large values, causing it to become negative. Stop the rendering when that occurs. Bug: chromium:719258 Change-Id: Ic7497666b01220a9cd3e7d749f1fc6ae4a210870 Reviewed-on: https://pdfium-review.googlesource.com/5370 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-10Fix typos for the word start.Lei Zhang
Change-Id: Ic602126dc5407fcbb56dca5ec43e1824a5ca55b6 Reviewed-on: https://pdfium-review.googlesource.com/5251 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-08Remove default params in CFX_DIBSourceNicolas Pena
Change-Id: I9306afed2747e3b0054adeea1d39916cac47f5c5 Reviewed-on: https://pdfium-review.googlesource.com/5091 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-05Cleanup CStretchEngine and its CWeightTableNicolas Pena
This CL cleans up a bunch of nits and improves ownership in the CStretchEngine class. Change-Id: I6527f29c50dab329ef58d0724cd24b94fca50ee6 Reviewed-on: https://pdfium-review.googlesource.com/4970 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-05More unused IFX_Pause parameters removedchromium/3091Dan Sinclair
Remove IFX_Pause parameters which are passed but not used. Change-Id: I51a491c7f9a429676d114a387390fac3ae65e187 Reviewed-on: https://pdfium-review.googlesource.com/4950 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-04More cleanup in CFX_ScanlineCompositorNicolas Pena
This CL does more cleanup in CFX_ScanlineCompositor: - Use private initization methods instead of passing member refs to namespace. - Own the m_pSrcPalette properly by getting rid of the raw pointer. - Remove members that are unused. - Fix some nits. Change-Id: I2447032f8f92614dc026f62bd0cdcd2204ab37de Reviewed-on: https://pdfium-review.googlesource.com/4851 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-01Remove more |new|s, part 5Tom Sepez
Many of these are already unique_ptrs. Change-Id: I3695d4ff5a8f7483ad994ac7657897fd55069cd5 Reviewed-on: https://pdfium-review.googlesource.com/4690 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-04-26Guard against overflow in CFX_BilinearMatrix code.Dan Sinclair
If any of the values in the matrix used to initialize the CFX_BilinearMatrix are close to INT_MAX then the numbers can overflow when multipled causing undefined behaviour. This Cl uses a pdfium::CheckedNumeric to handle the multiplications and then assigns back to the int value if valid. Bug: chromium:702041 Change-Id: Ia1895e2e39c0ac2bf099d45f97e33209cb50d134 Reviewed-on: https://pdfium-review.googlesource.com/4495 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-25Use unique_ptr in CFPF_SkiaDeviceModuleTom Sepez
Change-Id: Ie50deca34dd3c122efb483ef210f96798abe9e4e Reviewed-on: https://pdfium-review.googlesource.com/4498 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-04-25Use unique_ptr for CFX_GEModule::m_pFontCache.Tom Sepez
Change-Id: I656e8028001fadd7869a08593f10b0b8e25fe01c Reviewed-on: https://pdfium-review.googlesource.com/4497 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-04-24Use unique_ptr in CFX_SizeGlyphCacheTom Sepez
Fix illegal leading underscore in class name while at it. Change-Id: Idd138eb42f4a0676552aa02d7dda4c29d1877348 Reviewed-on: https://pdfium-review.googlesource.com/4438 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-04-21Use unique_ptr in CFX_FolderFontInfo::m_FontListchromium/3079Tom Sepez
Avoid a string duplication along the way. Change-Id: I866c34ad1afb20b9578aeb7cabeb8a185674c884 Reviewed-on: https://pdfium-review.googlesource.com/4437 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-04-21Use unique_ptr in CFX_FontMgr::m_FaceMap.Tom Sepez
Change-Id: Ie34942e6e577dfa270417b17c59a51813f310d27 Reviewed-on: https://pdfium-review.googlesource.com/4436 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-04-21Add CFX_RenderDevice::AutoRestorer()chromium/3078Tom Sepez
Avoid cleanup on every return path. Change-Id: I6978adb6f31020d812ac88c5d46c703d1461d373 Reviewed-on: https://pdfium-review.googlesource.com/4435 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-04-20Let {Argb,Cmyk}Decode return tuplesNicolas Pena
Change-Id: Ic4e766d9417f9a9ece5f9e4269d0f96e1e91639b Reviewed-on: https://pdfium-review.googlesource.com/4392 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>