| Age | Commit message (Collapse) | Author |
|---|
|
When reading in a BMP, after processing the header, make sure that
there is enough data remaining in the source before proceeding. If not
signal that the BMP is improperly formatted.
BUG=chromium:738635
Change-Id: I506bc0e6db7dcd4b5984fd91a1f39516320a2037
Reviewed-on: https://pdfium-review.googlesource.com/7280
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
This reverts commit ddf2418ba8e5d925909d7955ac22b33f37ccce44.
Reason for revert: not right
Original change's description:
> typeface double delete
>
> SkTypeface was doubly deleted at pdfium teardown
> SkTypeface has two pointers but no owners.
> Making the font cache an owner fixes the bug but
> violates checkdeps rules. Let me know what to
> do about that.
>
> R=dsinclair@chromium.org,npm@chromium.org
> Bug: 736133
> Change-Id: I756a41258a5ac86e70139d7a587c5da9bb7a707b
> Reviewed-on: https://pdfium-review.googlesource.com/7270
> Reviewed-by: Nicolás Peña <npm@chromium.org>
> Commit-Queue: Cary Clark <caryclark@google.com>
TBR=dsinclair@chromium.org,caryclark@google.com,npm@chromium.org,caryclark@skia.org
Change-Id: I255f50acf2cbaecc85b8e5ac3893c1fbc77b6492
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 736133
Reviewed-on: https://pdfium-review.googlesource.com/7310
Reviewed-by: Cary Clark <caryclark@google.com>
Commit-Queue: Cary Clark <caryclark@google.com>
|
|
SkTypeface was doubly deleted at pdfium teardown
SkTypeface has two pointers but no owners.
Making the font cache an owner fixes the bug but
violates checkdeps rules. Let me know what to
do about that.
R=dsinclair@chromium.org,npm@chromium.org
Bug: 736133
Change-Id: I756a41258a5ac86e70139d7a587c5da9bb7a707b
Reviewed-on: https://pdfium-review.googlesource.com/7270
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Cary Clark <caryclark@google.com>
|
|
Add debugging for bounding clip boxes
Add debugging to dump save count (probably not useful)
Make debugging output easier to find
R=dsinclair@chromium.org,npm@chromium.org
Bug:
Change-Id: I4b985b8810c80a3061a11401e26a065d17236604
Reviewed-on: https://pdfium-review.googlesource.com/7278
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Cary Clark <caryclark@google.com>
|
|
GetClipBox returned wrong clip bounds
Found tracing through looking for other bugs.
GetClipBox is used by graphics outside of
Skia so it needs to be kept up to date.
R=dsinclair@chromium.org,npm@chromium.org
Bug: 736703
Change-Id: I2b3fdfe91053848243e5b486a2615a233654c5a9
Reviewed-on: https://pdfium-review.googlesource.com/7274
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Cary Clark <caryclark@google.com>
|
|
clip rect should mirror existing construction
Also found tracing. Keep the clip rect
in sync with its expected value for
compatibility.
R=dsinclair@chromium.org,npm@chromium.org
Bug: 736703
Change-Id: I57bab209f5e1febb5fbcd91860b43296063f1f80
Reviewed-on: https://pdfium-review.googlesource.com/7275
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Cary Clark <caryclark@google.com>
|
|
disabled by default
R=dsinclair@chromium.org,npm@chromium.org
Bug:
Change-Id: Iab08a7120d28b2d81a5e1d4768fd95a460208ebf
Reviewed-on: https://pdfium-review.googlesource.com/7277
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Cary Clark <caryclark@google.com>
|
|
I could not get this to reproduce. It was also
reported in April, but I marked it fixed because
I couldn't reproduce this then, either. I suspect
that the result of LineSide() is +/-inf, causing
either minBounds or maxBounds in
ClipAngledGradient() to be set to -1, triggering
the stack buffer misread.
R=dsinclair@chromium.org,npm@chromium.org
Bug: 736574
Change-Id: Id828321f8c5481b862822be43d76a41dd8e74ef0
Reviewed-on: https://pdfium-review.googlesource.com/7273
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Cary Clark <caryclark@google.com>
|
|
Code around this bug was altered in April
to fix the off by one bug, but somehow the
loop counter fix was overlooked.
R=dsinclair@chromium.org,npm@chromium.org
Bug: 736195
Change-Id: I583a9f2389e6111ae1b847b961afaafd5e854810
Reviewed-on: https://pdfium-review.googlesource.com/7276
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Cary Clark <caryclark@google.com>
|
|
The bool returned by Start was not being used and the method was always
called right after the constructor, so it should be in the constructor.
Change-Id: I98abf9f7c11fbe42b3aa15ec5e46731198aa23d5
Reviewed-on: https://pdfium-review.googlesource.com/7151
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
CFX_Matrix::GetInverse is much clearer.
Change-Id: Id10ab1723735332e1a78de853f28415ec3a4d834
Reviewed-on: https://pdfium-review.googlesource.com/7090
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Bug: pdfium:731
Change-Id: I9453f28a17dd34908e6dcc97ea27e5ee84eda2d1
Reviewed-on: https://pdfium-review.googlesource.com/7011
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This is unused except for being a pathway for indirect deps.
Change-Id: I717290235ccbc59429ad24231033382958e2a086
Reviewed-on: https://pdfium-review.googlesource.com/6910
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
|
|
The path creation method begins with an open MoveTo point. If nothing
else is added, CFX_PathData::GetBoundingBox will try an OOB access in
its m_Points. This CL adds a check similar to the one in
CPDF_StreamContentParser::AddPathObject.
Change-Id: Iec7cfe3379253c021ba7d5f276306a66009f84e2
Reviewed-on: https://pdfium-review.googlesource.com/6593
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Make CFX_RenderDevice, which owns the IFX_RenderDeviceDriver, responsible
for restoring driver state as part of its destruction so that its callers
don't have to do so out of turn.
Then re-order CPDF_PageRenderContext destruction order so that
the progressive renderer is destroyed before the device, and the
device destroyed before the options because of unowned pointers
to objects owned by these.
Bug: 726755
Change-Id: I9a6f23da12140b2758b86e6f33f715ad1c679c3f
Reviewed-on: https://pdfium-review.googlesource.com/6073
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
BUG=pdfium:718
R=npm@chromium.org
Change-Id: Icdc1546c87a676a7d05330dece2c5eacd92c0c92
Reviewed-on: https://pdfium-review.googlesource.com/5951
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3
Reviewed-on: https://pdfium-review.googlesource.com/5970
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: Id816174391ee3a5612fb22df0b4c15fb3112cc8d
Reviewed-on: https://pdfium-review.googlesource.com/5954
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Sed + minimal conversions to compile, including moving some
constructors into the .cpp file. Any that caused ASAN issues
during the tests were omitted rather than trying to resolve
the underlying issue.
Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335
Reviewed-on: https://pdfium-review.googlesource.com/5891
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This CL separates pageint.h and the supporting cpp files into indivudal
class files.
Change-Id: Idcadce41976a8cd5f0d916e6a5ebbc283fd36527
Reviewed-on: https://pdfium-review.googlesource.com/5930
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I30b59c794fc855fd36c33da3c60053ae08b3dac1
Reviewed-on: https://pdfium-review.googlesource.com/5910
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I88466943171f19259f84add69679741d44c8e123
Reviewed-on: https://pdfium-review.googlesource.com/5551
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
More straight forward than CFX_GEModule owning in and CPDF_ModuleMgr
holding a pointer to it.
Remove assumptions that the codec modules may return nullptr, and do
IWYU.
Change-Id: Iba7fc3c7ec223fd6d29a1ab74ed13d35689bc5d5
Reviewed-on: https://pdfium-review.googlesource.com/5654
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL fixes a typo introduced in:
https://pdfium-review.googlesource.com/c/4495/3/core/fxge/dib/cfx_imagetransformer.cpp#395
Bug: chromium:723976
Change-Id: I629d1e61054805f768356fce44c25f40f9346beb
Reviewed-on: https://pdfium-review.googlesource.com/5634
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
In particular, doing m_pPtr = nullptr; in your dtor to evade this
check will not longer work.
Fix slight mis-ordering observeds in CFX_Font and CPDFXFA_Context.
Change-Id: I3e6137159430333b091364021283a54a13d916b5
Reviewed-on: https://pdfium-review.googlesource.com/5570
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Bug:
Change-Id: I294e765916f35ef933142789179a06ffad67fc31
Reviewed-on: https://pdfium-review.googlesource.com/5494
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
|
|
In particular, prefer an explicit .release() call when handing
ownership of an object to a caller across a C-API.
Change-Id: Ic3784e9d0b2d378a08d388989eaea7c9166bacd1
Reviewed-on: https://pdfium-review.googlesource.com/5470
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
There are places where an object "child" has a raw pointer
back to object "owner" with the understanding that owner will
always outlive child.
Violating this constraint can lead to use after free, but this
requires finding two paths: one that frees the objects in the
wrong order, and one that uses the object after the free. The
purpose of this patch is to detect the constraint violation
even when the second path is not hit.
We create a template that is used in place of TYPE*. It's dtor,
when a memory tool is present, goes out and probes the first
byte of the object to which it points. Used in "child", this
allows the memory tool to prove that the "owner" is still alive
at the time the child is destroyed, and hence the constraint is
never violated.
Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417
Reviewed-on: https://pdfium-review.googlesource.com/5475
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Add a few constants in the process.
Change-Id: Id69b939e4ea6a3de879e0a1f29d1453e95c838db
Reviewed-on: https://pdfium-review.googlesource.com/5552
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The gamma value is always 2.2, which means the table entries all point
to themselves. Remove the usage of the gamma table.
Change-Id: Idbb06015e8acd9f106f4bd1da5ef06563fb26296
Reviewed-on: https://pdfium-review.googlesource.com/5352
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl updates CPSOutput to inherit from IFX_WriteStream and converts
the CFX_PSRenderer to accept an IFX_WriteStream instead of a CPSOutput.
Change-Id: Ibde5c7da1c2f6df0a10cb6e9a470e18fbab167b8
Reviewed-on: https://pdfium-review.googlesource.com/5431
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I9b7a1c101e3c73d0270f9216225e5a13d9937b97
Reviewed-on: https://pdfium-review.googlesource.com/5332
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
This Cl renames the CFX_RenderDevice subclasses to make their usage
clearer.
Change-Id: Ie820b57df9a3743ce8c6893fb483b398a1f1bdbe
Reviewed-on: https://pdfium-review.googlesource.com/5390
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The times we need the DC we call ::GetDC to retrieve it from the platform.
These methods are unused.
Change-Id: If83aa9b37ae2231d8029db6f2e6d8d17f1825611
Reviewed-on: https://pdfium-review.googlesource.com/5350
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl consolidates the code to load maps and codecs into the
CPDF_ModuleMgr class instead of putting it directly into fpdfview.
Change-Id: Ia08f212f43a33e51ab1c7832051ee4f28eecb50d
Reviewed-on: https://pdfium-review.googlesource.com/5335
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
In AGG, len is of type coord_type, which we have as int16_t, but we can add to
it large values, causing it to become negative. Stop the rendering when that
occurs.
Bug: chromium:719258
Change-Id: Ic7497666b01220a9cd3e7d749f1fc6ae4a210870
Reviewed-on: https://pdfium-review.googlesource.com/5370
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: Ic602126dc5407fcbb56dca5ec43e1824a5ca55b6
Reviewed-on: https://pdfium-review.googlesource.com/5251
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: I9306afed2747e3b0054adeea1d39916cac47f5c5
Reviewed-on: https://pdfium-review.googlesource.com/5091
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL cleans up a bunch of nits and improves ownership in the CStretchEngine
class.
Change-Id: I6527f29c50dab329ef58d0724cd24b94fca50ee6
Reviewed-on: https://pdfium-review.googlesource.com/4970
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Remove IFX_Pause parameters which are passed but not used.
Change-Id: I51a491c7f9a429676d114a387390fac3ae65e187
Reviewed-on: https://pdfium-review.googlesource.com/4950
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL does more cleanup in CFX_ScanlineCompositor:
- Use private initization methods instead of passing member refs to namespace.
- Own the m_pSrcPalette properly by getting rid of the raw pointer.
- Remove members that are unused.
- Fix some nits.
Change-Id: I2447032f8f92614dc026f62bd0cdcd2204ab37de
Reviewed-on: https://pdfium-review.googlesource.com/4851
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Many of these are already unique_ptrs.
Change-Id: I3695d4ff5a8f7483ad994ac7657897fd55069cd5
Reviewed-on: https://pdfium-review.googlesource.com/4690
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
If any of the values in the matrix used to initialize the
CFX_BilinearMatrix are close to INT_MAX then the numbers can overflow
when multipled causing undefined behaviour.
This Cl uses a pdfium::CheckedNumeric to handle the multiplications and
then assigns back to the int value if valid.
Bug: chromium:702041
Change-Id: Ia1895e2e39c0ac2bf099d45f97e33209cb50d134
Reviewed-on: https://pdfium-review.googlesource.com/4495
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: Ie50deca34dd3c122efb483ef210f96798abe9e4e
Reviewed-on: https://pdfium-review.googlesource.com/4498
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I656e8028001fadd7869a08593f10b0b8e25fe01c
Reviewed-on: https://pdfium-review.googlesource.com/4497
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Fix illegal leading underscore in class name while at it.
Change-Id: Idd138eb42f4a0676552aa02d7dda4c29d1877348
Reviewed-on: https://pdfium-review.googlesource.com/4438
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Avoid a string duplication along the way.
Change-Id: I866c34ad1afb20b9578aeb7cabeb8a185674c884
Reviewed-on: https://pdfium-review.googlesource.com/4437
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: Ie34942e6e577dfa270417b17c59a51813f310d27
Reviewed-on: https://pdfium-review.googlesource.com/4436
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Avoid cleanup on every return path.
Change-Id: I6978adb6f31020d812ac88c5d46c703d1461d373
Reviewed-on: https://pdfium-review.googlesource.com/4435
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: Ic4e766d9417f9a9ece5f9e4269d0f96e1e91639b
Reviewed-on: https://pdfium-review.googlesource.com/4392
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
