summaryrefslogtreecommitdiff
path: root/core/fxge
AgeCommit message (Collapse)Author
2017-07-05fix fuzzer generated out of rangeCary Clark
I could not get this to reproduce. It was also reported in April, but I marked it fixed because I couldn't reproduce this then, either. I suspect that the result of LineSide() is +/-inf, causing either minBounds or maxBounds in ClipAngledGradient() to be set to -1, triggering the stack buffer misread. R=dsinclair@chromium.org,npm@chromium.org Bug: 736574 Change-Id: Id828321f8c5481b862822be43d76a41dd8e74ef0 Reviewed-on: https://pdfium-review.googlesource.com/7273 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>
2017-07-05clip save off by oneCary Clark
Code around this bug was altered in April to fix the off by one bug, but somehow the loop counter fix was overlooked. R=dsinclair@chromium.org,npm@chromium.org Bug: 736195 Change-Id: I583a9f2389e6111ae1b847b961afaafd5e854810 Reviewed-on: https://pdfium-review.googlesource.com/7276 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>
2017-06-29Move Start to constructor in CFX_Image(Renderer|Transformer)chromium/3145Nicolas Pena
The bool returned by Start was not being used and the method was always called right after the constructor, so it should be in the constructor. Change-Id: I98abf9f7c11fbe42b3aa15ec5e46731198aa23d5 Reviewed-on: https://pdfium-review.googlesource.com/7151 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-06-29Change SetReverse to GetInverse in CFX_MatrixNicolas Pena
CFX_Matrix::GetInverse is much clearer. Change-Id: Id10ab1723735332e1a78de853f28415ec3a4d834 Reviewed-on: https://pdfium-review.googlesource.com/7090 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-06-27Converting CFX_ByteTextBuf to ostringstream in cfx_fontmapper.cpp.Henrique Nakashima
Bug: pdfium:731 Change-Id: I9453f28a17dd34908e6dcc97ea27e5ee84eda2d1 Reviewed-on: https://pdfium-review.googlesource.com/7011 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-06-23Cleaning up fx_string_testhelpers.Henrique Nakashima
This is unused except for being a pathway for indirect deps. Change-Id: I717290235ccbc59429ad24231033382958e2a086 Reviewed-on: https://pdfium-review.googlesource.com/6910 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-06-14Fix crash when inserting empty pathNicolas Pena
The path creation method begins with an open MoveTo point. If nothing else is added, CFX_PathData::GetBoundingBox will try an OOB access in its m_Points. This CL adds a check similar to the one in CPDF_StreamContentParser::AddPathObject. Change-Id: Iec7cfe3379253c021ba7d5f276306a66009f84e2 Reviewed-on: https://pdfium-review.googlesource.com/6593 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-26Fix CPDF_PageRenderContext cleanupTom Sepez
Make CFX_RenderDevice, which owns the IFX_RenderDeviceDriver, responsible for restoring driver state as part of its destruction so that its callers don't have to do so out of turn. Then re-order CPDF_PageRenderContext destruction order so that the progressive renderer is destroyed before the device, and the device destroyed before the options because of unowned pointers to objects owned by these. Bug: 726755 Change-Id: I9a6f23da12140b2758b86e6f33f715ad1c679c3f Reviewed-on: https://pdfium-review.googlesource.com/6073 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-26Add public API for setting LineJoin and LineCap on a pathwileyrya
BUG=pdfium:718 R=npm@chromium.org Change-Id: Icdc1546c87a676a7d05330dece2c5eacd92c0c92 Reviewed-on: https://pdfium-review.googlesource.com/5951 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-25Mass conversion of remaining class members (non-xfa)Tom Sepez
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3 Reviewed-on: https://pdfium-review.googlesource.com/5970 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Remove some unused definesDan Sinclair
Change-Id: Id816174391ee3a5612fb22df0b4c15fb3112cc8d Reviewed-on: https://pdfium-review.googlesource.com/5954 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-25Mass conversion of all const-lifetime class membersTom Sepez
Sed + minimal conversions to compile, including moving some constructors into the .cpp file. Any that caused ASAN issues during the tests were omitted rather than trying to resolve the underlying issue. Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335 Reviewed-on: https://pdfium-review.googlesource.com/5891 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Break apart the pageint.h file.Dan Sinclair
This CL separates pageint.h and the supporting cpp files into indivudal class files. Change-Id: Idcadce41976a8cd5f0d916e6a5ebbc283fd36527 Reviewed-on: https://pdfium-review.googlesource.com/5930 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-25Cleanup some nits in CFX_FontNicolas Pena
Change-Id: I30b59c794fc855fd36c33da3c60053ae08b3dac1 Reviewed-on: https://pdfium-review.googlesource.com/5910 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-23Use NOTREACHED() in more places.Lei Zhang
Change-Id: I88466943171f19259f84add69679741d44c8e123 Reviewed-on: https://pdfium-review.googlesource.com/5551 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-19Move CCodec_ModuleMgr ownership to CPDF_ModuleMgr.Lei Zhang
More straight forward than CFX_GEModule owning in and CPDF_ModuleMgr holding a pointer to it. Remove assumptions that the codec modules may return nullptr, and do IWYU. Change-Id: Iba7fc3c7ec223fd6d29a1ab74ed13d35689bc5d5 Reviewed-on: https://pdfium-review.googlesource.com/5654 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-18Fix typo in CFX_ImageTransformer::ContinueNicolas Pena
This CL fixes a typo introduced in: https://pdfium-review.googlesource.com/c/4495/3/core/fxge/dib/cfx_imagetransformer.cpp#395 Bug: chromium:723976 Change-Id: I629d1e61054805f768356fce44c25f40f9346beb Reviewed-on: https://pdfium-review.googlesource.com/5634 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-17CFX_UnownedPtr: check during assignment time as well.Tom Sepez
In particular, doing m_pPtr = nullptr; in your dtor to evade this check will not longer work. Fix slight mis-ordering observeds in CFX_Font and CPDFXFA_Context. Change-Id: I3e6137159430333b091364021283a54a13d916b5 Reviewed-on: https://pdfium-review.googlesource.com/5570 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-17SkPictureRecorder.h includes less, so we have to IWYUchromium/3103Mike Reed
Bug: Change-Id: I294e765916f35ef933142789179a06ffad67fc31 Reviewed-on: https://pdfium-review.googlesource.com/5494 Reviewed-by: Mike Reed <reed@google.com> Commit-Queue: Mike Reed <reed@google.com>
2017-05-16Be skeptical of bare |new|s.Tom Sepez
In particular, prefer an explicit .release() call when handing ownership of an object to a caller across a C-API. Change-Id: Ic3784e9d0b2d378a08d388989eaea7c9166bacd1 Reviewed-on: https://pdfium-review.googlesource.com/5470 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-16Introduce CFX_UnownedPtr to detect lifetime inversion issues.Tom Sepez
There are places where an object "child" has a raw pointer back to object "owner" with the understanding that owner will always outlive child. Violating this constraint can lead to use after free, but this requires finding two paths: one that frees the objects in the wrong order, and one that uses the object after the free. The purpose of this patch is to detect the constraint violation even when the second path is not hit. We create a template that is used in place of TYPE*. It's dtor, when a memory tool is present, goes out and probes the first byte of the object to which it points. Used in "child", this allows the memory tool to prove that the "owner" is still alive at the time the child is destroyed, and hence the constraint is never violated. Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417 Reviewed-on: https://pdfium-review.googlesource.com/5475 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-16Simplify ContrastAdjust().chromium/3102Lei Zhang
Add a few constants in the process. Change-Id: Id69b939e4ea6a3de879e0a1f29d1453e95c838db Reviewed-on: https://pdfium-review.googlesource.com/5552 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-15Remove gamma codeDan Sinclair
The gamma value is always 2.2, which means the table entries all point to themselves. Remove the usage of the gamma table. Change-Id: Idbb06015e8acd9f106f4bd1da5ef06563fb26296 Reviewed-on: https://pdfium-review.googlesource.com/5352 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-15Convert CPSOutput to an IFX_WriteStreamdan sinclair
This Cl updates CPSOutput to inherit from IFX_WriteStream and converts the CFX_PSRenderer to accept an IFX_WriteStream instead of a CPSOutput. Change-Id: Ibde5c7da1c2f6df0a10cb6e9a470e18fbab167b8 Reviewed-on: https://pdfium-review.googlesource.com/5431 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Use clamp() in a couple more places.Lei Zhang
Change-Id: I9b7a1c101e3c73d0270f9216225e5a13d9937b97 Reviewed-on: https://pdfium-review.googlesource.com/5332 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-11Rename render device classesDan Sinclair
This Cl renames the CFX_RenderDevice subclasses to make their usage clearer. Change-Id: Ie820b57df9a3743ce8c6893fb483b398a1f1bdbe Reviewed-on: https://pdfium-review.googlesource.com/5390 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Remove unused GetPlatformSurface and GetDC methodsdan sinclair
The times we need the DC we call ::GetDC to retrieve it from the platform. These methods are unused. Change-Id: If83aa9b37ae2231d8029db6f2e6d8d17f1825611 Reviewed-on: https://pdfium-review.googlesource.com/5350 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-11Move map and codec loading into managerDan Sinclair
This Cl consolidates the code to load maps and codecs into the CPDF_ModuleMgr class instead of putting it directly into fpdfview. Change-Id: Ia08f212f43a33e51ab1c7832051ee4f28eecb50d Reviewed-on: https://pdfium-review.googlesource.com/5335 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-11Stop rendering if a span length overflowed in AGGNicolas Pena
In AGG, len is of type coord_type, which we have as int16_t, but we can add to it large values, causing it to become negative. Stop the rendering when that occurs. Bug: chromium:719258 Change-Id: Ic7497666b01220a9cd3e7d749f1fc6ae4a210870 Reviewed-on: https://pdfium-review.googlesource.com/5370 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-10Fix typos for the word start.Lei Zhang
Change-Id: Ic602126dc5407fcbb56dca5ec43e1824a5ca55b6 Reviewed-on: https://pdfium-review.googlesource.com/5251 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-08Remove default params in CFX_DIBSourceNicolas Pena
Change-Id: I9306afed2747e3b0054adeea1d39916cac47f5c5 Reviewed-on: https://pdfium-review.googlesource.com/5091 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-05Cleanup CStretchEngine and its CWeightTableNicolas Pena
This CL cleans up a bunch of nits and improves ownership in the CStretchEngine class. Change-Id: I6527f29c50dab329ef58d0724cd24b94fca50ee6 Reviewed-on: https://pdfium-review.googlesource.com/4970 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-05More unused IFX_Pause parameters removedchromium/3091Dan Sinclair
Remove IFX_Pause parameters which are passed but not used. Change-Id: I51a491c7f9a429676d114a387390fac3ae65e187 Reviewed-on: https://pdfium-review.googlesource.com/4950 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-04More cleanup in CFX_ScanlineCompositorNicolas Pena
This CL does more cleanup in CFX_ScanlineCompositor: - Use private initization methods instead of passing member refs to namespace. - Own the m_pSrcPalette properly by getting rid of the raw pointer. - Remove members that are unused. - Fix some nits. Change-Id: I2447032f8f92614dc026f62bd0cdcd2204ab37de Reviewed-on: https://pdfium-review.googlesource.com/4851 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-01Remove more |new|s, part 5Tom Sepez
Many of these are already unique_ptrs. Change-Id: I3695d4ff5a8f7483ad994ac7657897fd55069cd5 Reviewed-on: https://pdfium-review.googlesource.com/4690 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-04-26Guard against overflow in CFX_BilinearMatrix code.Dan Sinclair
If any of the values in the matrix used to initialize the CFX_BilinearMatrix are close to INT_MAX then the numbers can overflow when multipled causing undefined behaviour. This Cl uses a pdfium::CheckedNumeric to handle the multiplications and then assigns back to the int value if valid. Bug: chromium:702041 Change-Id: Ia1895e2e39c0ac2bf099d45f97e33209cb50d134 Reviewed-on: https://pdfium-review.googlesource.com/4495 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-25Use unique_ptr in CFPF_SkiaDeviceModuleTom Sepez
Change-Id: Ie50deca34dd3c122efb483ef210f96798abe9e4e Reviewed-on: https://pdfium-review.googlesource.com/4498 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-04-25Use unique_ptr for CFX_GEModule::m_pFontCache.Tom Sepez
Change-Id: I656e8028001fadd7869a08593f10b0b8e25fe01c Reviewed-on: https://pdfium-review.googlesource.com/4497 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-04-24Use unique_ptr in CFX_SizeGlyphCacheTom Sepez
Fix illegal leading underscore in class name while at it. Change-Id: Idd138eb42f4a0676552aa02d7dda4c29d1877348 Reviewed-on: https://pdfium-review.googlesource.com/4438 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-04-21Use unique_ptr in CFX_FolderFontInfo::m_FontListchromium/3079Tom Sepez
Avoid a string duplication along the way. Change-Id: I866c34ad1afb20b9578aeb7cabeb8a185674c884 Reviewed-on: https://pdfium-review.googlesource.com/4437 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-04-21Use unique_ptr in CFX_FontMgr::m_FaceMap.Tom Sepez
Change-Id: Ie34942e6e577dfa270417b17c59a51813f310d27 Reviewed-on: https://pdfium-review.googlesource.com/4436 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-04-21Add CFX_RenderDevice::AutoRestorer()chromium/3078Tom Sepez
Avoid cleanup on every return path. Change-Id: I6978adb6f31020d812ac88c5d46c703d1461d373 Reviewed-on: https://pdfium-review.googlesource.com/4435 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-04-20Let {Argb,Cmyk}Decode return tuplesNicolas Pena
Change-Id: Ic4e766d9417f9a9ece5f9e4269d0f96e1e91639b Reviewed-on: https://pdfium-review.googlesource.com/4392 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-04-20Cleanup the fx_extension code.Dan Sinclair
This CL cleans up the fx_extension file. The stream code was moved to fx_stream. IFX_FileAccess was removed and CFX_CRTFileAccess split to its own file. Code shuffled from header to cpp file. Change-Id: I700fdfcc9797cf4e8050cd9ba010ad8854feefbf Reviewed-on: https://pdfium-review.googlesource.com/4371 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-20core: choosen -> chosenMiklos Vajna
Change-Id: I5b78fe4238a68bb6ba56aa76b53b315ef6f8574c Reviewed-on: https://pdfium-review.googlesource.com/3730 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-19Split up CFX_DIBitmap::ConvertColorScaleNicolas Pena
The code is completely separated into CMYK vs RGB cases, so having two separate private methods is better. Change-Id: I67f885ee2f4393b722c6d6e770b230a5aa6b0cb1 Reviewed-on: https://pdfium-review.googlesource.com/4372 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Wei Li <weili@chromium.org>
2017-04-19Cleanup codepage and charset definitions.Dan Sinclair
This Cl cleans up the unused defines in fx_codepage.h. The FXFONT_CHARSET_ defines are replaced with fx_codepage defines, this moves fx_codepage into core instead of xfa only. Static asserts are added to verify the public/ charsets match the fx_codepage charsets. Change-Id: Ie2f749e093de60a9a6743128a1fb087912e4cc96 Reviewed-on: https://pdfium-review.googlesource.com/4316 Commit-Queue: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-18Clean up unneeded code in agg and skia driverNicolas Pena
- The agg driver never initializes an ICC transform and always uses an alpha_flag equal to 0 in a couple of methods. - The skia driver is not using CFX_Renderer. If it needs it later, we should move it out of fx_agg_driver.cpp into its own file, instead of duplicating the code. Change-Id: Ibd721cf1760270bea3f8f95d6e1e8edbc6ba1792 Reviewed-on: https://pdfium-review.googlesource.com/3952 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Cary Clark <caryclark@google.com> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-04-18Use Byte/WideString iteratorsTom Sepez
Change-Id: I85c8423c177fd7ecd5da90ef89419efc0f9cf44b Reviewed-on: https://pdfium-review.googlesource.com/4262 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-04-12Cache TypeFace instead of FontCary Clark
Skia tracks the font passed so it can use it later to draw. In XFA's case, the font is discarded after Skia sees it, but before it draws with it. Track the TypeFace instead, which remains available across the XFA lifetime. R=dsinclair@chromium.org Bug: 705193 Change-Id: I4fc9fee4a7d96ea25f242975f6c0d10941f5c549 Reviewed-on: https://pdfium-review.googlesource.com/4058 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>