Age | Commit message (Collapse) | Author |
|
This issue was introduced in https://codereview.chromium.org/886953002/.
BUG=454280
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/869343008
|
|
Original Review URL: https://codereview.chromium.org/880233005
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/916953002
|
|
This issue was caused by integer overflow in CPDF_SampledFunc::v_Call.
The root cause of this issue is that the content in the test pdf file
was damaged. The solution is to check whether an integer is overflow
before using it.
BUG=452455
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/886953002
|
|
Original Review URL: https://codereview.chromium.org/902943003
TBR=jam@chromium.org
Review URL: https://codereview.chromium.org/895903005
|
|
None of these are currently reachable because the IsSafeMode
method always returns true. This, in turn, will let us kill
off some file (as in fopen()) based parsing. That, in turn,
will let us kill of some more now-unreachable code.
In general, we don't want to have unsafe modes.
BUG=https://code.google.com/p/pdfium/issues/detail?id=116
R=jam@chromium.org
Review URL: https://codereview.chromium.org/883393007
|
|
Original Review URL: https://codereview.chromium.org/895933003
BUG=454695
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/901013003
|
|
Original revieww URL: https://codereview.chromium.org/900753002
TBR=jam@chromium.org
Review URL: https://codereview.chromium.org/880603004
|
|
Original review URL: https://codereview.chromium.org/896023003
TBR=jam@chromium.org
Review URL: https://codereview.chromium.org/897023005
|
|
Original Review URL: https://codereview.chromium.org/889673003
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/900693003
|
|
Original Review URL: https://codereview.chromium.org/880043004
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/893333003
|
|
This brings in:
14b2bb0 Fix infinite recursion in CPDF_RenderStatus::RenderSingleObject().
1d43e82 Add minimized test cases for stack exhaustion crash to repository.
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/893493002
|
|
TBR=brucedawson@chromium.org
Original Review URL: https://codereview.chromium.org/880663003
Review URL: https://codereview.chromium.org/884473003
|
|
Orignal Review URL: https://codereview.chromium.org/875263002
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/880753002
|
|
This includes:
fa370ac Fix test naming in previous commit.
e0bbe4a Fix null crash in CheckTrailer.
TBR=bo_xu@foxitsoftware.com
Review URL: https://codereview.chromium.org/870173002
|
|
Original CL at https://codereview.chromium.org/873523002/
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/871773002
|
|
Original at URL: https://codereview.chromium.org/810883005
Note that the new code in XFA introduces many more of these, to be handled
separately.
TBR=brucedawson@chromium.org
TBR=thestig@chromium.org
BUG=https://code.google.com/p/pdfium/issues/detail?id=102
Review URL: https://codereview.chromium.org/842223004
|
|
Get rid of FX_LPCSTR cast.
Follow up on https://codereview.chromium.org/733693003
R=brucedawson@chromium.org, tsepez@chromium.org
Review URL: https://codereview.chromium.org/809993004
|
|
Getting rid of more (FX_LPCWSTR) casts and fixing two bugs revealed by this.
Since casts to FX_LPCWSTR have been shown to hide bugs I tried removing
more of them, targeting those places where a cast was used to force a
conversion from CFX_WideString to FX_LPCWSTR, replacing these casts with
calls to the newly added .c_str() function. This revealed two places
where the cast was hiding a bug -- where ->c_str() was required instead!
This removes ~33 FX_LPCWSTR casts and there are ~31 left, many of which
will go away in some future change.
Also includes this change:
Removing unnecessary casts from wchar_t* to wchar_t*, by various names.
Original patch from Bruce Dawson(brucedawson@chromium.org)
TBR=bo_xu@foxitsoftware.com, tsepez@chromium.org
Review URL: https://codereview.chromium.org/811593007
|
|
Fixing operator so that bCheckRight isn't always true. Unknown effect!
VC++'s /analyze points out that this expression:
FX_BOOL bCheckRight = type != 'D' || type != 'W';"
is always true. This means that the tests for the right edge of a word
Original patch from Bruce Dawson(brucedawson@chromium.org)
BUG=427616
TBR=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/822763003
|
|
Zero initialize ch to avoid possible bug - conditions are very subtle.
Whether ch and iRet are read without being initialized depends on complex
preconditions and cannot be determined by looking at these function.
Therefore it seems prudent to zero initialize them to avoid any risk.
BUG=427616
TBR=bo_xu@foxitsoftware.com
Review URL: https://codereview.chromium.org/727083002
Review URL: https://codereview.chromium.org/793763005
|
|
Update freetype to 2.5.4.
Put freetype into third_party directory, cleaning up header files.
Previously freetype header files are in core/src/fxge/freetype and core/include/thirdparties. There were also multiple fx_freetype.h.
This patch removes the additional Foxit wrapper to make further update easier.
Notice, for original freetype source code, the following files are modified and need to be updated accordingly in future update:
third_party/freetype/include/config/ftmodule.h
third_party/freetype/include/config/ftoption.h
BUG=407341
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/815103002
|
|
Before this fix, the root will be released when an indirect object has the
same object number with the root. However, the root object is loaded when
the trailer is parsed. It shall not be updated or replaced anymore.
BUG=425040
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/803103002
|
|
Simplify PDFium by removing code that's not used in the open source repo.
-remove parameter from FPDF_InitLibrary
-remove a bunch of ifdefs that are unused
Fix build after previous commit.
TBR=tsepez@chromium.org
BUG=
Review URL: https://codereview.chromium.org/809513002
|
|
m_pColorSpace can not be NULL for image object with DCTDecode filter
BUG=411842
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/792113003
|
|
Do not do strict check of BitsPerComponent for RunLengthDecode filter
BUG=438421
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/790363002
|
|
Lab colorspace needs to be 3 component
BUG=429134
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/791223002
|
|
Trailer should be a dictionary object
BUG=https://code.google.com/p/pdfium/issues/detail?id=86
a "<<" token should follow "trailer" but "<" will trick the parser to make trailer a hex string object.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/787753002
|
|
Follow-up to work on (wide) string literals.
R=bo_xu@foxitsoftware.com
Review URL: https://codereview.chromium.org/751113003
|
|
Fix blank page issues caused by too strict check
Before this fix, PDF parser aborts the parsering process when detecting an error.
For this case, PDF parser just gives up parsering when it detects that the length of
image stream is incorrect. The solution to this case is to find the tag "endstream"
and "endobj" to calculate the length rather than aborting the parsering process.
BUG=433339
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/743263002
|
|
Fix bug with reading from uninitialized variable found by VC++'s /analyze.
The flag variable is conditionally initialized but unconditionally read.
Warning was:
src\fpdfapi\fpdf_page\fpdf_page_pattern.cpp(274) : warning C6001:
Using uninitialized memory 'flag'.
BUG=427616
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/703213004
Review URL: https://codereview.chromium.org/680173005
|
|
Add a check for zero-length keys to avoid hitting the equivalent of |""[1]|.
BUG=https://code.google.com/p/pdfium/issues/detail?id=58
R=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/665223003
|
|
pTransfer function is released in pDocRender cleanup but is still being accessed in
~CPDF_GeneralStateData in pDocPage cleanup.
BUG=419320
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/662063003
|
|
CPDF_Pattern objects are counted and maintained in m_PatternedMap.
When a CPDF_Pattern object "pattern" is deleted, it's address is marked as NULL in m_PatternMap.
This patch stores the address of CPDF_Pattern's adderss in all objects that references "pattern",
to ensure valid referencing after deletion.
BUG=416319, 419976, 418392
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/656753002
|
|
CPDF_StreamContentParser::Parse.
This is just a bit of defensive programming; I'm not sure the situation can
occur in the current code, but the following code is likely to set off a red
flag to anyone who reads it:
CPDF_StreamParser syntax(pData, dwSize);
m_pSyntax = &syntax;
since the extent of the local |syntax| is far less than the pointer member
|m_pSyntax|. NULL it out before syntax goes out of scope.
R=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/652063002
|
|
BUG=421196
R=bo_xu@foxitsoftware.com
Review URL: https://codereview.chromium.org/656463006
|
|
BUG=408532
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/524443002
|
|
Images are basic resource and are referred or used by other objects in some cases. Images should be released after the objects who uses these objects. In this case, an image object is accessed in the process of CPDF_TilingPattern's destroy. Unlikely, this image has been destroyed before.
BUG=414046
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/582993002
|
|
This was introduced at PDFium revision 12a9940. There was a subtle logic
change for null |parray|.
BUG=415438
R=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/579363002
|
|
pattern
BUG=414661
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/572853006
|
|
BUG=414155
R=thakis@chromium.org
Review URL: https://codereview.chromium.org/574463002
|
|
BUG=387970
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/551503003
|
|
m_pDocument in CPDF_Color
If not forced clear, the counter of CPDF_Pattern will take care the count of referenced instance.
When forced clear, clear color first to make sure pattern still exists when referencing it.
BUG=411154
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/554913003
|
|
BUG=411163
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/551513005
|
|
When |m_nComponents| is changed from loading stream information,
previously allocated memory that depends on |m_nComponents| needes to be freed
and allocated again to enforce memory size consistency.
BUG=409695
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/528163002
|
|
BUG=409692
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/534763002
|
|
This will prevent using freed pattern object.
This is a better solution than https://pdfium.googlesource.com/pdfium/+/1b9c5c4dc41956b8c5ab17b9a882adf8a2513768
and in essence revert that patch
BUG=409373
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/522483003
|
|
m_bpc is assigned.
The problem of using GetValidBpc() in each function call is it could result in mismatch as seen in this case:
in ContinueToLoadMask(), m_bpc is re-assigned to 1 if m_bImageMask==1 regardless of the value from GetValidBpc().
This will result in mismatch if another function use the value from GetValidBpc().
The solution could be checking m_bImageMask in another function to make sure m_bpc is consistent, but that makes the code too cumbersome.
Also, we have to bring and are bringing in more and more GetValidBpc check, and this will continue with other buggy documents. So better to fix it now.
The original rational to use GetValidBpc() in where m_bpc is used is to respect the "raw" data from parsing.
However, if it will be ignored anyway and using value from GetValidBpc(), we'd better correct it at the very beginning.
BUG=408541
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/518443002
|
|
CPDF_DocPageData::~CPDF_DocPageData() will force to release all resources, so no need to do it here, which can result in heap-use-after-free trouble.
BUG=408164
R=jun_fang@foxitsoftware.com, tsepez@chromium.org
Review URL: https://codereview.chromium.org/513063003
|
|
BUG=408141, 408147
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/508253003
|
|
BUG=408154
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/509613005
|