summaryrefslogtreecommitdiff
path: root/core/src/fpdfapi
AgeCommit message (Collapse)Author
2015-04-11Fix a heap buffer overflow issue in CPDF_CMap::GetNextCharJUN FANG
Add a check to make sure offset is less than the size of string in the function of GetNextChar(). BUG=471651 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1067073003
2015-04-10Fix a stack overflow in CPDF_Parser::LoadCrossRefV5JUN FANG
A stack overflow was triggered by checked_cast due to invalid index in pdf files like 'Index[45 -1661]'. BUG=473400 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1054303005
2015-04-10Don't call FPDF_InitLibrary() in individual unit_tests.Tom Sepez
The initialization sequence becomes more complicated as v8 evolves and when we move to XFA (where pdfium_unittests are currently broken). Centralize this initialization in a few places, like the embedder_test framework and the pdfium_test binary, and convert tests that require it into embedder_tests rather than unit_tests. Change on master first before moving to XFA. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1071343002
2015-04-09Fix a global buffer overflow in GCPDF_CIDFont::_CharCodeFromUnicodechromium/2368chromium/2367chromium/2366chromium/2365chromium/2364Jun Fang
There is not a code page (CP) used for converting unicode to mutli-bytes if the coding scheme is CID coding. Only return 0 if CID can't be retrieved. The difference on Windows and other platforms should be the function used for converting rather than others. BUG=466790 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1074653002
2015-04-03Update the path of header file to avoid a compiling error in chromechromium/2363chromium/2362chromium/2361chromium/2360chromium/2359chromium/2358JUN FANG
BUG=N/A R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1059233005
2015-04-03No-op change to poke the bots after being out of sequence.Tom Sepez
Adds a comment and changes some whitespace. TBR=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1059373002
2015-04-03Fix a compiling error in fpdf_parser_parser_embeddertest.cppJun Fang
BUG=N/A R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1057383002
2015-04-03Add embedder test comparing with the last patch.JUN FANG
When there is a wrong keyword like '??ze' in the dictionary of the trailer, PDFium can't recognize it and aborts further parsing. After this change, PDFium continues even it can't get the right size at this moment. It will rebuild the cross reference table later since the size of the table is missing. BUG=459580 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1055323003
2015-03-17Revert "Fix a problem that JP2 image is not displayed because index color ↵Tom Sepez
space is used" This reverts commit 5a0e504d53195892458d819e52c62bea0c710bd5. Original review URL https://codereview.chromium.org/1009513003 Reason for revert: New "corpus" tests show that this is no longer rendering some images. See, e.g. http://chromegw/i/client.pdfium/builders/linux/builds/144/steps/corpus%20tests/logs/stdio for those that diff'd. TBR=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1016823003
2015-03-16Fix a problem that JP2 image is not displayed because index color space is usedJUN FANG
There are two issues in this bug. One is that JP2 image is not displayed because it aborts loading Jpx bitmap when the number of components in color space is different with that one in JPX images. I found that the number of components in color space isn't updated after it's initialized. For index color space, the component shall inherit from its base color space. The second issue is that displayed color is not correct after I fixed the first issue. The root cause is that sRGB is used in JPX image, it doesn't need to map from index to RGB again. BUG=464215 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1009513003
2015-03-16Fix potential integer overflow in fpdf_render_image.cppJUN FANG
BUG=382661 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1007643002
2015-02-24Add small flate decode unit test.Tom Sepez
As we remove flate encoded sections from test cases (to promote clarity), we should first have a simple unit test for the underlying functionality. R=thestig@chromium.org Review URL: https://codereview.chromium.org/845313006
2015-02-13Fix JPX image rendering that regressed due to several security fixes.Lei Zhang
BUG=453723 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/892553002
2015-02-12Fix an error 'Use-of-uninitialized-value in CPDF_Function::Call'JUN FANG
This issue was introduced in https://codereview.chromium.org/886953002/. BUG=454280 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/869343008
2015-02-11CPDF_Object() constructor should set its internal m_Type variable.Tom Sepez
Follow-on from https://codereview.chromium.org/911293002/ Currently, all the subclass constructors are reaching up into the parent class to do this. Fix this, just because. R=thestig@chromium.org Review URL: https://codereview.chromium.org/880233005
2015-02-09Fix some typos in fpdf_render_loadimage.cpp.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/885223004
2015-02-06Cleanup: Fix some unused-function warnings.Lei Zhang
BUG=pdfium:29 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/891113002
2015-02-06Cleanup parts of fpdf_render_loadimage.cpp.Lei Zhang
- Add functions to do pitch calculation. - Delete dead code. - Don't bother checking pointers before deleting them. - Don't bother setting pointers to NULL in dtors. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/890883006
2015-02-05Kill off some more unreachable fopen's.Tom Sepez
The bstring's read from file is unused. The load from file paths aren't taken. R=jam@chromium.org Review URL: https://codereview.chromium.org/902943003
2015-02-05Merge to master: Kill off some dodgy JS callbacksTom Sepez
Note that this work was done opposite the usual branch order, because I didn't want to kill things in master that turned out to be in use in XFA. Original Review URL: https://codereview.chromium.org/883393007 TBR=jam@chromium.org Review URL: https://codereview.chromium.org/903893002
2015-02-05Fix segv in CPDF_DataAvail::CheckRoot() when /Root object is a string.Tom Sepez
Handles the case of this malformed PDF without crashing. Note that to get a reproducible test case, a small fix is applied to our .py script which results in some whitespace/numbering difs across the resources (down the road, we ought to generate them on the fly in an intermediate directory). BUG=454695 R=jun_fang@foxitsoftware.com, thestig@chromium.org Review URL: https://codereview.chromium.org/895933003
2015-02-05Add namespace and-re-arrange PDFium's local copy of chromium /base.Tom Sepez
Any projects DEPS'd into chromium and requiring a /base subset should have a local copy of that subset in a separate namespace. This will avoid future naming conflicts. Re-arrange the directory structure to better identify what came from chromium's base, and to make drop-in replacement easier for files that contain hard-coded "base/" in their #include directives. R=jam@chromium.org Review URL: https://codereview.chromium.org/900753002
2015-02-04Prevent base::CheckedNumeric from leaking outside of pdfium.Tom Sepez
Headers in /include directories should be free of implementation details from third_party. Put the types into a new header outside of /include. Requires https://codereview.chromium.org/902443003/ before a version containing this patch is rolled into chromium. R=jam@chromium.org Review URL: https://codereview.chromium.org/896023003
2015-02-03Replace CFX_SmartPointer cast operator with Get() method.Tom Sepez
This is part of the project to kill off C-style casts in the code base. Remove implict T* cast operator, and replace potentially unsafe C-style casts with Get() method. R=thestig@chromium.org Review URL: https://codereview.chromium.org/889673003
2015-02-03Fix stack exhaustion in CPDF_DataAvail::HaveResourceAncestor()Tom Sepez
BUG=https://code.google.com/p/pdfium/issues/detail?id=113 R=thestig@chromium.org Review URL: https://codereview.chromium.org/880043004
2015-01-31Fix heap buffer overflow in CPDF_SampledFunc::v_CallJUN FANG
This issue was caused by integer overflow in CPDF_SampledFunc::v_Call. The root cause of this issue is that the content in the test pdf file was damaged. The solution is to check whether an integer is overflow before using it. BUG=452455 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/886953002
2015-01-29Fix infinite recursion in CPDF_RenderStatus::RenderSingleObject().Tom Sepez
Introduce a local static to track the recursion depth, thereby removing the burden for callers to track and pass a level parameter correctly through all call paths. Also increase the depth tolerated, since we know there were paths that were under-counting this value. BUG=451265 R=thestig@chromium.org Review URL: https://codereview.chromium.org/868253009
2015-01-27Kill scattered extern _PDF_CharType declarations.chromium/2292chromium/2291chromium/2290Tom Sepez
While we're at it, avoid an indirection through a pointer, and use a name that isn't reserved for the compiler (leading _ CAP). This is a small portion of the associated bug: BUG=https://code.google.com/p/pdfium/issues/detail?id=112 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/880663003
2015-01-26Fix infinite recursion in CPDF_Parser::ParseIndirectObjectAt().Tom Sepez
A suitably corrupted file can cause the parser(s) to repeatedly re-read sections of the file at increasing parser recursion depth until the stack is exhausted. There is supposed to be a check for this based upon the parser "level", but not all call paths pass or update the level as required. Much as I hate per-class statics, this introduces one to track the depth so that the check is enforced no matter how screwy the call path might be that leads the parser to re-enter itself. This is more palatable than trying to find all these paths and fix them. We know this is OK since there is only one thread in here modifying the static. BUG=451830 R=thestig@chromium.org Review URL: https://codereview.chromium.org/875263002
2015-01-23Fix null crash in CheckTrailer.Tom Sepez
We are making checks in the incorrect order. Also adds two test cases, one for the this crash, and another for the original issue that motivated the patch. Original Patch by Bo at https://codereview.chromium.org/866003003/ BUG=450871 R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/872563002
2015-01-22Use IPDF_DataAvail interface to hide CPDF_DataAvail.Tom Sepez
Currently, no callers go through the Interface, which makes having a separate interface class kind of pointless. After converting callers away from using the CPDF_DataAvail concrete class, it can be moved from the header to the .cpp file. R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/873523002
2015-01-09Fix -Wnon-virtual-dtor compiler warnings.Tom Sepez
This is done by explicitly adding a virtual dtor to interface classes, since the cost is small given that there are already virtual functions. The exceptions are for classes that have a Release() or Delete() method, in which case it is non-virtual and protected to indicate that the virtual class is never the deletion point. BUG= R=brucedawson@chromium.org, thestig@chromium.org Review URL: https://codereview.chromium.org/810883005
2015-01-05Cleanup: Get rid of CRLF line endings.Lei Zhang
R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/837533003
2014-12-30Get rid of FX_LPCSTR cast.Bo Xu
Follow up on https://codereview.chromium.org/733693003 R=brucedawson@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/809993004
2014-12-19Update freetype to 2.5.4.Bo Xu
Put freetype into third_party directory, cleaning up header files. Previously freetype header files are in core/src/fxge/freetype and core/include/thirdparties. There were also multiple fx_freetype.h. This patch removes the additional Foxit wrapper to make further update easier. Notice, for original freetype source code, the following files are modified and need to be updated accordingly in future update: third_party/freetype/include/config/ftmodule.h third_party/freetype/include/config/ftoption.h BUG=407341 R=thestig@chromium.org Review URL: https://codereview.chromium.org/815103002
2014-12-17Fix a bug that occurs when an object has the same object number with the ↵JUN FANG
root object Before this fix, the root will be released when an indirect object has the same object number with the root. However, the root object is loaded when the trailer is parsed. It shall not be updated or replaced anymore. BUG=425040 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/803103002
2014-12-12Simplify PDFium by removing code that's not used in the open source repo.John Abd-El-Malek
-remove parameter from FPDF_InitLibrary -remove a bunch of ifdefs that are unused R=tsepez@chromium.org Review URL: https://codereview.chromium.org/801913002
2014-12-11m_pColorSpace can not be NULL for image object with DCTDecode filterBo Xu
BUG=411842 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/792113003
2014-12-10Do not do strict check of BitsPerComponent for RunLengthDecode filterBo Xu
BUG=438421 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/790363002
2014-12-10Lab colorspace needs to be 3 componentBo Xu
BUG=429134 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/791223002
2014-12-09Trailer should be a dictionary objectBo Xu
BUG=https://code.google.com/p/pdfium/issues/detail?id=86 a "<<" token should follow "trailer" but "<" will trick the parser to make trailer a hex string object. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/787753002
2014-12-08Getting rid of more (FX_LPCWSTR) casts and fixing two bugs revealed by this.Bruce Dawson
Since casts to FX_LPCWSTR have been shown to hide bugs I tried removing more of them, targeting those places where a cast was used to force a conversion from CFX_WideString to FX_LPCWSTR, replacing these casts with calls to the newly added .c_str() function. This revealed two places where the cast was hiding a bug -- where ->c_str() was required instead! This removes ~33 FX_LPCWSTR casts and there are ~31 left, many of which will go away in some future change. Also includes this change: Removing unnecessary casts from wchar_t* to wchar_t*, by various names. Original patch from Bruce Dawson(brucedawson@chromium.org) R=bo_xu@foxitsoftware.com, tsepez@chromium.org Review URL: https://codereview.chromium.org/733693003
2014-12-03Cleanup: Remove an unused function.Lei Zhang
R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/775903002
2014-11-19Fix blank page issues caused by too strict checkchromium/2250chromium/2249chromium/2248chromium/2247chromium/2246chromium/2245chromium/2244chromium/2243chromium/2242chromium/2241chromium/2240chromium/2239chromium/2238chromium/2237Jun Fang
Before this fix, PDF parser aborts the parsering process when detecting an error. For this case, PDF parser just gives up parsering when it detects that the length of image stream is incorrect. The solution to this case is to find the tag "endstream" and "endobj" to calculate the length rather than aborting the parsering process. BUG=433339 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/743263002
2014-11-18Fixing operator so that bCheckRight isn't always true. Unknown effect!Bruce Dawson
VC++'s /analyze points out that this expression: FX_BOOL bCheckRight = type != 'D' || type != 'W';" is always true. This means that the tests for the right edge of a word Original patch from Bruce Dawson(brucedawson@chromium.org) BUG=427616 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/731673003
2014-11-17Zero initialize ch to avoid possible bug - conditions are very subtle.Bruce Dawson
Whether ch and iRet are read without being initialized depends on complex preconditions and cannot be determined by looking at these function. Therefore it seems prudent to zero initialize them to avoid any risk. BUG=427616 R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/727083002
2014-11-06Fix bug with reading from uninitialized variable found by VC++'s /analyze.Tom Sepez
The flag variable is conditionally initialized but unconditionally read. Warning was: src\fpdfapi\fpdf_page\fpdf_page_pattern.cpp(274) : warning C6001: Using uninitialized memory 'flag'. BUG=427616 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/703213004
2014-10-29Resolve compilation error with G++ 4.9.Tom Sepez
Add a check for zero-length keys to avoid hitting the equivalent of |""[1]|. BUG=https://code.google.com/p/pdfium/issues/detail?id=58 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/665223003
2014-10-21Change the clear order of pDocPage and pDocRenderBo Xu
pTransfer function is released in pDocRender cleanup but is still being accessed in ~CPDF_GeneralStateData in pDocPage cleanup. BUG=419320 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/662063003
2014-10-14Store the address of the page data map's value for proper referencing.Bo Xu
CPDF_Pattern objects are counted and maintained in m_PatternedMap. When a CPDF_Pattern object "pattern" is deleted, it's address is marked as NULL in m_PatternMap. This patch stores the address of CPDF_Pattern's adderss in all objects that references "pattern", to ensure valid referencing after deletion. BUG=416319, 419976, 418392 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/656753002