summaryrefslogtreecommitdiff
path: root/core/src/fpdfapi
AgeCommit message (Collapse)Author
2015-02-13Fix JPX image rendering that regressed due to several security fixes.Lei Zhang
BUG=453723 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/892553002
2015-02-12Fix an error 'Use-of-uninitialized-value in CPDF_Function::Call'JUN FANG
This issue was introduced in https://codereview.chromium.org/886953002/. BUG=454280 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/869343008
2015-02-11CPDF_Object() constructor should set its internal m_Type variable.Tom Sepez
Follow-on from https://codereview.chromium.org/911293002/ Currently, all the subclass constructors are reaching up into the parent class to do this. Fix this, just because. R=thestig@chromium.org Review URL: https://codereview.chromium.org/880233005
2015-02-09Fix some typos in fpdf_render_loadimage.cpp.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/885223004
2015-02-06Cleanup: Fix some unused-function warnings.Lei Zhang
BUG=pdfium:29 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/891113002
2015-02-06Cleanup parts of fpdf_render_loadimage.cpp.Lei Zhang
- Add functions to do pitch calculation. - Delete dead code. - Don't bother checking pointers before deleting them. - Don't bother setting pointers to NULL in dtors. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/890883006
2015-02-05Kill off some more unreachable fopen's.Tom Sepez
The bstring's read from file is unused. The load from file paths aren't taken. R=jam@chromium.org Review URL: https://codereview.chromium.org/902943003
2015-02-05Merge to master: Kill off some dodgy JS callbacksTom Sepez
Note that this work was done opposite the usual branch order, because I didn't want to kill things in master that turned out to be in use in XFA. Original Review URL: https://codereview.chromium.org/883393007 TBR=jam@chromium.org Review URL: https://codereview.chromium.org/903893002
2015-02-05Fix segv in CPDF_DataAvail::CheckRoot() when /Root object is a string.Tom Sepez
Handles the case of this malformed PDF without crashing. Note that to get a reproducible test case, a small fix is applied to our .py script which results in some whitespace/numbering difs across the resources (down the road, we ought to generate them on the fly in an intermediate directory). BUG=454695 R=jun_fang@foxitsoftware.com, thestig@chromium.org Review URL: https://codereview.chromium.org/895933003
2015-02-05Add namespace and-re-arrange PDFium's local copy of chromium /base.Tom Sepez
Any projects DEPS'd into chromium and requiring a /base subset should have a local copy of that subset in a separate namespace. This will avoid future naming conflicts. Re-arrange the directory structure to better identify what came from chromium's base, and to make drop-in replacement easier for files that contain hard-coded "base/" in their #include directives. R=jam@chromium.org Review URL: https://codereview.chromium.org/900753002
2015-02-04Prevent base::CheckedNumeric from leaking outside of pdfium.Tom Sepez
Headers in /include directories should be free of implementation details from third_party. Put the types into a new header outside of /include. Requires https://codereview.chromium.org/902443003/ before a version containing this patch is rolled into chromium. R=jam@chromium.org Review URL: https://codereview.chromium.org/896023003
2015-02-03Replace CFX_SmartPointer cast operator with Get() method.Tom Sepez
This is part of the project to kill off C-style casts in the code base. Remove implict T* cast operator, and replace potentially unsafe C-style casts with Get() method. R=thestig@chromium.org Review URL: https://codereview.chromium.org/889673003
2015-02-03Fix stack exhaustion in CPDF_DataAvail::HaveResourceAncestor()Tom Sepez
BUG=https://code.google.com/p/pdfium/issues/detail?id=113 R=thestig@chromium.org Review URL: https://codereview.chromium.org/880043004
2015-01-31Fix heap buffer overflow in CPDF_SampledFunc::v_CallJUN FANG
This issue was caused by integer overflow in CPDF_SampledFunc::v_Call. The root cause of this issue is that the content in the test pdf file was damaged. The solution is to check whether an integer is overflow before using it. BUG=452455 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/886953002
2015-01-29Fix infinite recursion in CPDF_RenderStatus::RenderSingleObject().Tom Sepez
Introduce a local static to track the recursion depth, thereby removing the burden for callers to track and pass a level parameter correctly through all call paths. Also increase the depth tolerated, since we know there were paths that were under-counting this value. BUG=451265 R=thestig@chromium.org Review URL: https://codereview.chromium.org/868253009
2015-01-27Kill scattered extern _PDF_CharType declarations.chromium/2292chromium/2291chromium/2290Tom Sepez
While we're at it, avoid an indirection through a pointer, and use a name that isn't reserved for the compiler (leading _ CAP). This is a small portion of the associated bug: BUG=https://code.google.com/p/pdfium/issues/detail?id=112 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/880663003
2015-01-26Fix infinite recursion in CPDF_Parser::ParseIndirectObjectAt().Tom Sepez
A suitably corrupted file can cause the parser(s) to repeatedly re-read sections of the file at increasing parser recursion depth until the stack is exhausted. There is supposed to be a check for this based upon the parser "level", but not all call paths pass or update the level as required. Much as I hate per-class statics, this introduces one to track the depth so that the check is enforced no matter how screwy the call path might be that leads the parser to re-enter itself. This is more palatable than trying to find all these paths and fix them. We know this is OK since there is only one thread in here modifying the static. BUG=451830 R=thestig@chromium.org Review URL: https://codereview.chromium.org/875263002
2015-01-23Fix null crash in CheckTrailer.Tom Sepez
We are making checks in the incorrect order. Also adds two test cases, one for the this crash, and another for the original issue that motivated the patch. Original Patch by Bo at https://codereview.chromium.org/866003003/ BUG=450871 R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/872563002
2015-01-22Use IPDF_DataAvail interface to hide CPDF_DataAvail.Tom Sepez
Currently, no callers go through the Interface, which makes having a separate interface class kind of pointless. After converting callers away from using the CPDF_DataAvail concrete class, it can be moved from the header to the .cpp file. R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/873523002
2015-01-09Fix -Wnon-virtual-dtor compiler warnings.Tom Sepez
This is done by explicitly adding a virtual dtor to interface classes, since the cost is small given that there are already virtual functions. The exceptions are for classes that have a Release() or Delete() method, in which case it is non-virtual and protected to indicate that the virtual class is never the deletion point. BUG= R=brucedawson@chromium.org, thestig@chromium.org Review URL: https://codereview.chromium.org/810883005
2015-01-05Cleanup: Get rid of CRLF line endings.Lei Zhang
R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/837533003
2014-12-30Get rid of FX_LPCSTR cast.Bo Xu
Follow up on https://codereview.chromium.org/733693003 R=brucedawson@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/809993004
2014-12-19Update freetype to 2.5.4.Bo Xu
Put freetype into third_party directory, cleaning up header files. Previously freetype header files are in core/src/fxge/freetype and core/include/thirdparties. There were also multiple fx_freetype.h. This patch removes the additional Foxit wrapper to make further update easier. Notice, for original freetype source code, the following files are modified and need to be updated accordingly in future update: third_party/freetype/include/config/ftmodule.h third_party/freetype/include/config/ftoption.h BUG=407341 R=thestig@chromium.org Review URL: https://codereview.chromium.org/815103002
2014-12-17Fix a bug that occurs when an object has the same object number with the ↵JUN FANG
root object Before this fix, the root will be released when an indirect object has the same object number with the root. However, the root object is loaded when the trailer is parsed. It shall not be updated or replaced anymore. BUG=425040 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/803103002
2014-12-12Simplify PDFium by removing code that's not used in the open source repo.John Abd-El-Malek
-remove parameter from FPDF_InitLibrary -remove a bunch of ifdefs that are unused R=tsepez@chromium.org Review URL: https://codereview.chromium.org/801913002
2014-12-11m_pColorSpace can not be NULL for image object with DCTDecode filterBo Xu
BUG=411842 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/792113003
2014-12-10Do not do strict check of BitsPerComponent for RunLengthDecode filterBo Xu
BUG=438421 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/790363002
2014-12-10Lab colorspace needs to be 3 componentBo Xu
BUG=429134 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/791223002
2014-12-09Trailer should be a dictionary objectBo Xu
BUG=https://code.google.com/p/pdfium/issues/detail?id=86 a "<<" token should follow "trailer" but "<" will trick the parser to make trailer a hex string object. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/787753002
2014-12-08Getting rid of more (FX_LPCWSTR) casts and fixing two bugs revealed by this.Bruce Dawson
Since casts to FX_LPCWSTR have been shown to hide bugs I tried removing more of them, targeting those places where a cast was used to force a conversion from CFX_WideString to FX_LPCWSTR, replacing these casts with calls to the newly added .c_str() function. This revealed two places where the cast was hiding a bug -- where ->c_str() was required instead! This removes ~33 FX_LPCWSTR casts and there are ~31 left, many of which will go away in some future change. Also includes this change: Removing unnecessary casts from wchar_t* to wchar_t*, by various names. Original patch from Bruce Dawson(brucedawson@chromium.org) R=bo_xu@foxitsoftware.com, tsepez@chromium.org Review URL: https://codereview.chromium.org/733693003
2014-12-03Cleanup: Remove an unused function.Lei Zhang
R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/775903002
2014-11-19Fix blank page issues caused by too strict checkchromium/2250chromium/2249chromium/2248chromium/2247chromium/2246chromium/2245chromium/2244chromium/2243chromium/2242chromium/2241chromium/2240chromium/2239chromium/2238chromium/2237Jun Fang
Before this fix, PDF parser aborts the parsering process when detecting an error. For this case, PDF parser just gives up parsering when it detects that the length of image stream is incorrect. The solution to this case is to find the tag "endstream" and "endobj" to calculate the length rather than aborting the parsering process. BUG=433339 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/743263002
2014-11-18Fixing operator so that bCheckRight isn't always true. Unknown effect!Bruce Dawson
VC++'s /analyze points out that this expression: FX_BOOL bCheckRight = type != 'D' || type != 'W';" is always true. This means that the tests for the right edge of a word Original patch from Bruce Dawson(brucedawson@chromium.org) BUG=427616 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/731673003
2014-11-17Zero initialize ch to avoid possible bug - conditions are very subtle.Bruce Dawson
Whether ch and iRet are read without being initialized depends on complex preconditions and cannot be determined by looking at these function. Therefore it seems prudent to zero initialize them to avoid any risk. BUG=427616 R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/727083002
2014-11-06Fix bug with reading from uninitialized variable found by VC++'s /analyze.Tom Sepez
The flag variable is conditionally initialized but unconditionally read. Warning was: src\fpdfapi\fpdf_page\fpdf_page_pattern.cpp(274) : warning C6001: Using uninitialized memory 'flag'. BUG=427616 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/703213004
2014-10-29Resolve compilation error with G++ 4.9.Tom Sepez
Add a check for zero-length keys to avoid hitting the equivalent of |""[1]|. BUG=https://code.google.com/p/pdfium/issues/detail?id=58 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/665223003
2014-10-21Change the clear order of pDocPage and pDocRenderBo Xu
pTransfer function is released in pDocRender cleanup but is still being accessed in ~CPDF_GeneralStateData in pDocPage cleanup. BUG=419320 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/662063003
2014-10-14Store the address of the page data map's value for proper referencing.Bo Xu
CPDF_Pattern objects are counted and maintained in m_PatternedMap. When a CPDF_Pattern object "pattern" is deleted, it's address is marked as NULL in m_PatternMap. This patch stores the address of CPDF_Pattern's adderss in all objects that references "pattern", to ensure valid referencing after deletion. BUG=416319, 419976, 418392 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/656753002
2014-10-14Don't leave dangling pointer to out-of-scope local in ↵Tom Sepez
CPDF_StreamContentParser::Parse. This is just a bit of defensive programming; I'm not sure the situation can occur in the current code, but the following code is likely to set off a red flag to anyone who reads it: CPDF_StreamParser syntax(pData, dwSize); m_pSyntax = &syntax; since the extent of the local |syntax| is far less than the pointer member |m_pSyntax|. NULL it out before syntax goes out of scope. R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/652063002
2014-10-13Fix off-by-one in sizing of m_EmbeddedToUnicodes.Tom Sepez
BUG=421196 R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/656463006
2014-09-19Fix a bug when assign the generation number of indirect objectschromium/2166chromium/2165Bo Xu
BUG=408532 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/524443002
2014-09-19Adjust the order of clearing resource in CPDF_DocPageData::ClearJun Fang
Images are basic resource and are referred or used by other objects in some cases. Images should be released after the objects who uses these objects. In this case, an image object is accessed in the process of CPDF_TilingPattern's destroy. Unlikely, this image has been destroyed before. BUG=414046 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/582993002
2014-09-18Fix Regression: Incomplete file loading is seen for multi page pdf files.chromium/2164chromium/2163Tom Sepez
This was introduced at PDFium revision 12a9940. There was a subtle logic change for null |parray|. BUG=415438 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/579363002
2014-09-16When forcing clear page data, no need to release colorspace when releasing ↵Bo Xu
pattern BUG=414661 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/572853006
2014-09-15Check Null pointer in CPDF_Dictionary::GetUnicodeTextBo Xu
BUG=414155 R=thakis@chromium.org Review URL: https://codereview.chromium.org/574463002
2014-09-10Check object type for objects used in the dictory of 'Index'chromium/2162chromium/2161chromium/2160chromium/2159chromium/2158chromium/2157chromium/2156Jun Fang
BUG=387970 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/551503003
2014-09-09Change the forced clear order of CPDF_DocPageData::Clear, and remove ↵Bo Xu
m_pDocument in CPDF_Color If not forced clear, the counter of CPDF_Pattern will take care the count of referenced instance. When forced clear, clear color first to make sure pattern still exists when referencing it. BUG=411154 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/554913003
2014-09-08Fix un-initialized R G B valueBo Xu
BUG=411163 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/551513005
2014-09-03Allocate m_pCompData when |m_nComponents| is updated.Bo Xu
When |m_nComponents| is changed from loading stream information, previously allocated memory that depends on |m_nComponents| needes to be freed and allocated again to enforce memory size consistency. BUG=409695 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/528163002
2014-09-02Check m_nComponents when using JBIG2Decodechromium/2146Bo Xu
BUG=409692 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/534763002