summaryrefslogtreecommitdiff
path: root/core/include/fxcrt
AgeCommit message (Collapse)Author
2015-06-05Add move constructor for FX string types.Tom Sepez
R=thestig@chromium.org Review URL: https://codereview.chromium.org/1162203007
2015-06-04Move fx_safe_types.h to include/ directory.Tom Sepez
Small bit of OCD here, since this file is included cross-library (i.e. from fpdfsk), it can't be in src/. In other words, the following should be empty: grep -R 'include.*core/src/' fpdfsdk Fix some IWYU in it at the same time. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1147353006
2015-05-28Fix ALL the include guards.Tom Sepez
Get rid of leading _CAPITAL identifiers. A large number of these didn't actually match the filename. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1160443004
2015-05-18Add safe FX_Alloc2D() macroTom Sepez
This avoids unchecked multiplications when computing a size argument to malloc(). Such an overflow is very scary, and can result in exploitable bugs. Along the way, kill off some return checks, since we know this can't return NULL. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1143663004
2015-05-15Abort on OOM by default in FX_Alloc().Tom Sepez
Add a FX_TryAlloc() for those few cases where we might need to continue in face of OOM. Remove FX_AllocNL() (the context of its use would suggest that NL means "No Limit"). This is used for some big allocations, so replace it with TryAlloc(). Large allocations may be worth trying to continue from, since there are few and they have a large chance of failing. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1128043009
2015-05-15Remove FX_NEW_VECTOR() macros.Tom Sepez
There isn't much point in having macros that obscure obvious language features. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1135273004
2015-05-15Fix potential UAF in ConcatInPlace.Tom Sepez
If ConcatCopy somehow gets a zero nNewlen, it returns early, without allocating a new m_Data. ConcatInPlace then frees the old one, leaving m_Data dangling. Also be concerned about the multiplication in the widestring version. So use wmemcpy and let the library cope with it. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1130763007
2015-05-14Make CFX_StringData be scoped by CFX_Bytestring and add methods.chromium/2421chromium/2420chromium/2419chromium/2418chromium/2417chromium/2416chromium/2415chromium/2414chromium/2413chromium/2412chromium/2411chromium/2410chromium/2409chromium/2408chromium/2407chromium/2406chromium/2405chromium/2404Tom Sepez
This is a precondition for someday combining Byte/Wide strings via templates. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1142533002
2015-05-12Restore checked strlen conversions.Tom Sepez
The checked conversion can be re-enabled now that there is a public API free of private headers like this one. This reverts commit 6661fd4c26106cd530d187b36f29be7e5c98b70f. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1133323003
2015-05-08Fix compilation under chromium checkouts.Tom Sepez
This is a fix to hide pdfium's safe_conversions.h from the higher-level callers. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1132163002
2015-05-08Fix a bunch of -Wunused-but-set-variable warnings.Lei Zhang
Also fix a few nits and other errors along the way. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1098583002
2015-05-06Support arrays in nonstd::unique_ptr<>.Tom Sepez
This mimics the std:: behaviour. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1130053003
2015-05-06Manual revert of ad2a822ce5c3Tom Sepez
Reason for revert: No longer needed in face of 9ea57a43faea TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1122423006
2015-05-06Remove FX_STRSIZE casts, use safe conversionsTom Sepez
BUG=pdfium:153 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1124043003
2015-05-06Fix fx_string.h compile error under chromium checkouts.chromium/2398chromium/2397chromium/2396Tom Sepez
This gets included in chromium's pdfium_engine.cc, and thus must pass a higher error level. There's probably a follow-up to check why the FPDF_ api doesn't insulate chromium from this file. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1127043004
2015-05-05Make sure string constructors are efficient on literalsTom Sepez
Separate out the overload when the length is not known, and be sure that strlen() call is in the header so that strlen("foo") => 3 (since many compilers support this optimization). Also delete some unused types. BUG=pdfium:151 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1117263004
2015-05-04Fix issues with != and == in fx_basic_wstringTom Sepez
Part two. Fix same issue in wide strings as in their bytestring counterparts. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1127753002
2015-05-04Kill FX_DEFINEHANDLETom Sepez
I spent at least 2 minutes grep'ing for a class or struct (on the other branch) that was delcared using this. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1129433002
2015-05-04Fix issuse with != and == shown by fx_basic_bstring unit tests.Tom Sepez
R=thestig@chromium.org Review URL: https://codereview.chromium.org/1125703004
2015-05-01Backfill some FX String unit tests for == and !=.Tom Sepez
... and there are a few inconsistencies which we can now fix. Also add a comment about why these strings aren't headed for the dust-bin long term. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1122573002
2015-05-01Save 4 bytes per CFX_ByteString where intptr_t smaller than long.Tom Sepez
Also prevent theoretical roll-over where long smaller than intptr_t. See bug for discussion. BUG=pdfium:149 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1117413002
2015-04-28Make CFX_WideString::LockBuffer() completely unused.Tom Sepez
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast simplification. There's an additional copy now in one place, so shoot me. BUG=pdfium:144 R=thestig@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/ee7412f5aef353e5c6f1a64d0e1708ed926869d9 Committed: https://pdfium.googlesource.com/pdfium/+/5a256ad29483eb2b13e6e2c89fe0f77a9103f68f Review URL: https://codereview.chromium.org/1053613004
2015-04-28Revert "Make CFX_WideString::LockBuffer() completely unused."Tom Sepez
This reverts commit 5a256ad29483eb2b13e6e2c89fe0f77a9103f68f. Reason for revert: broke JS tests. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1112673002
2015-04-28Make CFX_WideString::LockBuffer() completely unused.Tom Sepez
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast simplification. There's an additional copy now in one place, so shoot me. BUG=pdfium:144 R=thestig@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/ee7412f5aef353e5c6f1a64d0e1708ed926869d9 Review URL: https://codereview.chromium.org/1053613004
2015-04-27Revert "Make CFX_WideString::LockBuffer() completely unused."Tom Sepez
This reverts commit ee7412f5aef353e5c6f1a64d0e1708ed926869d9. Reason for revert: VS compile broke. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1106333003
2015-04-27Make CFX_WideString::LockBuffer() completely unused.Tom Sepez
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast simplification. There's an additional copy now in one place, so shoot me. BUG=pdfium:144 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1053613004
2015-04-27Revert "Kill operator LPCWSTR from CFX_WideString()."Tom Sepez
This reverts commit 15a62973b9b89c3e229cc0ab501c45967f91b325. Reason for revert: broke build on windows, mac. I must have missed some platform-specific conversions. TBR=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1108883002
2015-04-27Kill operator LPCWSTR from CFX_WideString().Tom Sepez
This involves adding some explicit c_str() calls. Doing so flagged PDF_EncodeText() and FindOptionValue() as having suboptimal signatures, in that we are often throwing away a perfectly fine length and recomputing it. R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1101933003
2015-04-22Add missing operators for CFX_WideStringC.Tom Sepez
Part 2 of 4. R=thestig@chromium.org TBR=brucedawson@chromium.org BUG=pdfium:142 Review URL: https://codereview.chromium.org/1099193002
2015-04-22Add missing operators for CFX_ByteStringC.Tom Sepez
Removing the implicit cast operator forces a build breakage should we use ByteStringC in STL containers. Adding an operator< restores correct behaviour. Adding an operator[] avoids re-writing some code to call GetPtr() prior to array indexing. Part 1 of 4. R=thestig@chromium.org TBR=brucedawson@chromium.org BUG=pdfium:142. Review URL: https://codereview.chromium.org/1090303003
2015-04-22Add missing operators for CFX_WideStringTom Sepez
Part 4 of 4. BUG=pdfium:142 R=brucedawson@chromium.org, thestig@chromium.org Review URL: https://codereview.chromium.org/1084293003
2015-04-22Add missing operators for CFX_ByteString.Tom Sepez
Part 3 of 4. BUG=pdfium:142 R=brucedawson@chromium.org, thestig@chromium.org Review URL: https://codereview.chromium.org/1099213002
2015-04-21Kill CFX_StringBufTemplate.Tom Sepez
It's unused. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1098203002
2015-04-17Remove unused FX_NEW definition.Tom Sepez
R=thestig@chromium.org Review URL: https://codereview.chromium.org/1096853002
2015-04-17Fix all remaining instances of FX_NEW.Tom Sepez
R=thestig@chromium.org Review URL: https://codereview.chromium.org/1084613006
2015-04-15Remove checks in fxcrt now that FX_NEW can't return 0.Tom Sepez
Replace them with |new| so that we can tell by the presence of FX_NEW the places that still need to be audited. R=thestig@google.com, thestig@chromium.org Review URL: https://codereview.chromium.org/1052553006
2015-04-15Make FX_NEW throw on OOM.Tom Sepez
Restores default behavior of new. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1082253003
2015-04-14Kill CFX_Object.Tom Sepez
CFX_Object is a type that implements its own new operators that return NULL on error. There's no need for this given the |new (std::nothrow)| syntax; in fact, the current code can only work if there is no activity in the constructors. This may explain the pervasive lack of constructors and reliance on Init() methods throughout the codebase. The activity takes place in fx_memory.h, where FX_NEW is mapped onto the std::nothrow syntax. The rest is just cleanup. Down the road, we will simply throw and remove all the error-checking paths for new objects. Landing this patch first will at least show a simple path back to the old behaviour without having to re-introduce CFX_Object should someone want to do so in their own fork. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1088733002
2015-04-10Fix the noisiest variable shadowing warnings in pdfium.Bruce Dawson
Three functions in fx_coordinates.h account for 60% of the warnings when building with VS 2015, due to variable shadowing. Renaming the function parameters is safe, resolves the warnings, and reduces confusion. R=tsepez@chromium.org BUG=440500 Review URL: https://codereview.chromium.org/1077083003
2015-04-10Better fix for snprintf non-termination on windows.Tom Sepez
Replaces https://codereview.chromium.org/1062983002/ BUG=469244 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1077903002
2015-04-06Fix IWYU in fxcrt headers.Tom Sepez
Confirmed manually that: g++ --std=c++0x -o /dev/null -I. ... -c fx_xxxxx.h is now error-free for the files in this directory. Also kill some ifndef's around inclusion since we know this doesn't provide benefit with modern compilers. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1064433005
2015-03-12Revert "Kill CFX_GrowOnlyPool."Tom Sepez
This reverts commit 090d683489bfa3f36f1e2624c310ff9ca5836038. Symbol appears in files that are not compiled anywhere, it would seem. Reverting to remove these first. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1001023003
2015-03-12Kill CFX_GrowOnlyPool.Tom Sepez
It's unused, and when the time comes, we'll want to put pdfium onto a hardened allocator like partitionAlloc anyways. Along the way, merge adjacent #ifdef __cplusplus blocks, remove a pointless check for __cplusplus inside a .cpp file, and remove a redundant cast. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1008483002
2015-03-10Kill remaining sprintfsTom Sepez
I thought I had done this already, apart from the third-party libraries, but there were a couple remaining (the third-party libraries will still call this, they should be tweaked upstream as needed). R=thestig@chromium.org Review URL: https://codereview.chromium.org/999543002
2015-02-10Fix uninitialized value in CFX_ByteString::FormatIntegerchromium/2304chromium/2303chromium/2302JUN FANG
BUG=449845 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/911293002
2015-02-05Kill off some more unreachable fopen's.Tom Sepez
The bstring's read from file is unused. The load from file paths aren't taken. R=jam@chromium.org Review URL: https://codereview.chromium.org/902943003
2015-02-04Prevent base::CheckedNumeric from leaking outside of pdfium.Tom Sepez
Headers in /include directories should be free of implementation details from third_party. Put the types into a new header outside of /include. Requires https://codereview.chromium.org/902443003/ before a version containing this patch is rolled into chromium. R=jam@chromium.org Review URL: https://codereview.chromium.org/896023003
2015-02-03Replace CFX_SmartPointer cast operator with Get() method.Tom Sepez
This is part of the project to kill off C-style casts in the code base. Remove implict T* cast operator, and replace potentially unsafe C-style casts with Get() method. R=thestig@chromium.org Review URL: https://codereview.chromium.org/889673003
2015-01-26Fix infinite recursion in CPDF_Parser::ParseIndirectObjectAt().Tom Sepez
A suitably corrupted file can cause the parser(s) to repeatedly re-read sections of the file at increasing parser recursion depth until the stack is exhausted. There is supposed to be a check for this based upon the parser "level", but not all call paths pass or update the level as required. Much as I hate per-class statics, this introduces one to track the depth so that the check is enforced no matter how screwy the call path might be that leads the parser to re-enter itself. This is more palatable than trying to find all these paths and fix them. We know this is OK since there is only one thread in here modifying the static. BUG=451830 R=thestig@chromium.org Review URL: https://codereview.chromium.org/875263002
2015-01-21Simplify UTF16LE_Encode and add unittest.Bo Xu
Previously, UTF16LE_Encode take an optional flag to indicate if the returned byte string has trailing zeros. In fact, no where needs the flag to be false. So just get rid of it so callers won't misuse. The bug is found by https://codereview.chromium.org/837723009 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/860973002