| Age | Commit message (Collapse) | Author |
|---|
|
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1181593003.
|
|
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1187463003.
|
|
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1177973008.
|
|
At one point in time, it may have made sense to indicate the
expected alignment of the memory you're about to copy, but that
was last century. The compiler will take care of it just fine.
I stopped short of removing the FXSYS_ wrapper macros entirely.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1179693003.
|
|
These stand for const CFX_{Byte,Wide}StringC&, which is just
monumentally confusing, since there are so many string types
running around here.
The following had manual changes:
core/src/fpdfapi/fpdf_edit/fpdf_edit_content.cpp
core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
core/src/fpdfdoc/doc_form.cpp
fpdfsdk/src/fpdf_ext.cpp
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1180593004.
|
|
This involves fixing some multiple variable per line
declarations, as the textually-substituted "*" applies
only to the first one.
This involves moving some consts around following the
substitution.
This involves replacing some typedefs used as constructors
with better code.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1171733003
|
|
It's redundant nowadays to provide our own equivalents, now
that this is done for us by the system header.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1177483002
|
|
Get rid of leading _CAPITAL identifiers.
A large number of these didn't actually match the filename.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1160443004
|
|
This avoids unchecked multiplications when computing a size argument
to malloc(). Such an overflow is very scary, and can result in
exploitable bugs.
Along the way, kill off some return checks, since we know this can't
return NULL.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1143663004
|
|
This mimics the std:: behaviour.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1130053003
|
|
Replace them with |new| so that we can tell by the presence of FX_NEW
the places that still need to be audited.
R=thestig@google.com, thestig@chromium.org
Review URL: https://codereview.chromium.org/1052553006
|
|
CFX_Object is a type that implements its own new operators that return
NULL on error. There's no need for this given the |new (std::nothrow)|
syntax; in fact, the current code can only work if there is no activity
in the constructors. This may explain the pervasive lack of
constructors and reliance on Init() methods throughout the codebase.
The activity takes place in fx_memory.h, where FX_NEW is mapped onto
the std::nothrow syntax. The rest is just cleanup.
Down the road, we will simply throw and remove all the error-checking
paths for new objects. Landing this patch first will at least show a
simple path back to the old behaviour without having to re-introduce
CFX_Object should someone want to do so in their own fork.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1088733002
|
|
Confirmed manually that:
g++ --std=c++0x -o /dev/null -I. ... -c fx_xxxxx.h
is now error-free for the files in this directory. Also kill
some ifndef's around inclusion since we know this doesn't
provide benefit with modern compilers.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1064433005
|
|
This is part of the project to kill off C-style casts in the code base.
Remove implict T* cast operator, and replace potentially unsafe C-style
casts with Get() method.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/889673003
|
|
A suitably corrupted file can cause the parser(s) to repeatedly re-read
sections of the file at increasing parser recursion depth until the
stack is exhausted. There is supposed to be a check for this based upon
the parser "level", but not all call paths pass or update the level as
required.
Much as I hate per-class statics, this introduces one to track the depth
so that the check is enforced no matter how screwy the call path might be
that leads the parser to re-enter itself. This is more palatable than trying
to find all these paths and fix them. We know this is OK since there is
only one thread in here modifying the static.
BUG=451830
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/875263002
|
|
This is done by explicitly adding a virtual dtor to interface classes,
since the cost is small given that there are already virtual functions.
The exceptions are for classes that have a Release() or Delete() method,
in which case it is non-virtual and protected to indicate that the virtual
class is never the deletion point.
BUG=
R=brucedawson@chromium.org, thestig@chromium.org
Review URL: https://codereview.chromium.org/810883005
|
|
FX_ArraySize macro.
pdfium has numerous places where the number of elements in an array is
calculated with expressions like:
sizeof(cFormats)/sizeof(FX_LPCWSTR)
This is suboptimal because it is verbose, it is easy to get wrong, and
it cannot be determined through casual inspection whether the code is
correct. It will give incorrect results if cFormats is a pointer instead
of an array and it will give incorrect results if FX_LPCWSTR is not the
type of the array elements.
The FX_WSTRC macro in fx_string.h which I fixed was particularly scary
because it would silently misbehave if passed a pointer.
The FX_ArraySize macro which I have added and started using (taken from
arraysize in v8's macros.h) is easier to use and will always give correct
results. If passed a pointer it will fail to compile.
For this change I only fixed instances of sizeof(FX_LPCWSTR). There
appear to be about 150 other places in the pdfium code that could
benefit from using FX_ArraySize.
R=bo_xu@foxitsoftware.com, tsepez@chromium.org
Review URL: https://codereview.chromium.org/729293003
|
|
BUG=pdfium:19
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/403163002
|
|
The |nGrowBy| argument to |SetSize| was always -1, which caused the
effective m_nGrowBy value to always be its default value: 0. So it was not
needed, and was cluttering up the logic.
BUG=384662
Check for integer overflow in CFX_BasicArray.
BUG=384662
R=bo_xu@foxitsoftware.com, rsesek@chromium.org
Review URL: https://codereview.chromium.org/415803002
|
|
BUG=
R=palmer@chromium.org
Review URL: https://codereview.chromium.org/372473003
|
|
BUG=382656
R=palmer@chromium.org
Review URL: https://codereview.chromium.org/334573007
|
|
|
|
|
