summaryrefslogtreecommitdiff
path: root/core/src
AgeCommit message (Collapse)Author
2015-04-13Fix a heap overflow in CJBig2_Context::parseSymbolDictchromium/2371chromium/2370chromium/2369JUN FANG
BUG=476107 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1080893002
2015-04-11Fix a heap buffer overflow issue in CPDF_CMap::GetNextCharJUN FANG
Add a check to make sure offset is less than the size of string in the function of GetNextChar(). BUG=471651 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1067073003
2015-04-10Better fix for snprintf non-termination on windows.Tom Sepez
Replaces https://codereview.chromium.org/1062983002/ BUG=469244 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1077903002
2015-04-10Fix a stack overflow in CPDF_Parser::LoadCrossRefV5JUN FANG
A stack overflow was triggered by checked_cast due to invalid index in pdf files like 'Index[45 -1661]'. BUG=473400 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1054303005
2015-04-10Don't call FPDF_InitLibrary() in individual unit_tests.Tom Sepez
The initialization sequence becomes more complicated as v8 evolves and when we move to XFA (where pdfium_unittests are currently broken). Centralize this initialization in a few places, like the embedder_test framework and the pdfium_test binary, and convert tests that require it into embedder_tests rather than unit_tests. Change on master first before moving to XFA. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1071343002
2015-04-09Fix a global buffer overflow in GCPDF_CIDFont::_CharCodeFromUnicodechromium/2368chromium/2367chromium/2366chromium/2365chromium/2364Jun Fang
There is not a code page (CP) used for converting unicode to mutli-bytes if the coding scheme is CID coding. Only return 0 if CID can't be retrieved. The difference on Windows and other platforms should be the function used for converting rather than others. BUG=466790 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1074653002
2015-04-07Fix a stack overflow issue caused by an invalid usage of snprintfJun Fang
BUG=469244 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1062983002
2015-04-03Update the path of header file to avoid a compiling error in chromechromium/2363chromium/2362chromium/2361chromium/2360chromium/2359chromium/2358JUN FANG
BUG=N/A R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1059233005
2015-04-03No-op change to poke the bots after being out of sequence.Tom Sepez
Adds a comment and changes some whitespace. TBR=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1059373002
2015-04-03Fix a compiling error in fpdf_parser_parser_embeddertest.cppJun Fang
BUG=N/A R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1057383002
2015-04-03Add embedder test comparing with the last patch.JUN FANG
When there is a wrong keyword like '??ze' in the dictionary of the trailer, PDFium can't recognize it and aborts further parsing. After this change, PDFium continues even it can't get the right size at this moment. It will rebuild the cross reference table later since the size of the table is missing. BUG=459580 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1055323003
2015-04-02Fix uninitialized face in fx_ge_font.cppJUN FANG
MSAN reported this issue when I tried to reproduce 460936 in the last version of freetype on Linux. BUG=N/A R=thestig@chromium.org Review URL: https://codereview.chromium.org/1050333002
2015-03-30Fix no text displayed issue when font embedded and font subsetting enabledchromium/2356chromium/2355chromium/2354chromium/2353chromium/2352JUN FANG
BUG=465322 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1045553004
2015-03-26Use correctly-typed error codes for fx_codec_jpx_unittestTom Sepez
Needed to fix the failed pdfium_unittests on windows. Ironically, I created these constants so I wouldn't mix up size_t's and off_t's in these tests, but I didn't apply them consistently. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1036743005
2015-03-20Fix missing include for std::minTom Sepez
Build broken on trybot at http://build.chromium.org/p/tryserver.chromium.win/builders/win8_chromium_rel/builds/66012/steps/compile%20%28with%20patch%29/logs/stdio R=thestig@chromium.org TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1026843002
2015-03-19Fix subtle issues in opj_skip_from_memory and add unit tests.Tom Sepez
Follow on to https://codereview.chromium.org/990683002/. This more closely mimics what fseek() actually does, so as to avoid subtle bugs down the road. Move the DecodeData struct into a header so the test can use it, and provide a constructor for it. Along the way, I added include guards, removed the p_ prefix from some non-pointer vars, fixed some IWYU, and resolved some signed/unsigned comparison warnings with careful casting. BUG=452671 R=jun_fang@foxitsoftware.com, thestig@chromium.org Review URL: https://codereview.chromium.org/1016203002
2015-03-17Revert "Fix a problem that JP2 image is not displayed because index color ↵Tom Sepez
space is used" This reverts commit 5a0e504d53195892458d819e52c62bea0c710bd5. Original review URL https://codereview.chromium.org/1009513003 Reason for revert: New "corpus" tests show that this is no longer rendering some images. See, e.g. http://chromegw/i/client.pdfium/builders/linux/builds/144/steps/corpus%20tests/logs/stdio for those that diff'd. TBR=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1016823003
2015-03-16Fix a problem that JP2 image is not displayed because index color space is usedJUN FANG
There are two issues in this bug. One is that JP2 image is not displayed because it aborts loading Jpx bitmap when the number of components in color space is different with that one in JPX images. I found that the number of components in color space isn't updated after it's initialized. For index color space, the component shall inherit from its base color space. The second issue is that displayed color is not correct after I fixed the first issue. The root cause is that sRGB is used in JPX image, it doesn't need to map from index to RGB again. BUG=464215 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1009513003
2015-03-16Fix a bug that JPX images can't be shownJUN FANG
In the process of opj_end_decompress, it will return fail when the end of coding stream is reached. However it returns true in the same scenario implemented in openJPEG. So the final solution is from openJPEG. Return true when the end of coding stream is reached. BUG=452671 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/990683002
2015-03-16Fix potential integer overflow in fpdf_render_image.cppJUN FANG
BUG=382661 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1007643002
2015-03-12Revert "Kill CFX_GrowOnlyPool."Tom Sepez
This reverts commit 090d683489bfa3f36f1e2624c310ff9ca5836038. Symbol appears in files that are not compiled anywhere, it would seem. Reverting to remove these first. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1001023003
2015-03-12Kill CFX_GrowOnlyPool.Tom Sepez
It's unused, and when the time comes, we'll want to put pdfium onto a hardened allocator like partitionAlloc anyways. Along the way, merge adjacent #ifdef __cplusplus blocks, remove a pointless check for __cplusplus inside a .cpp file, and remove a redundant cast. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1008483002
2015-03-10Kill remaining sprintfsTom Sepez
I thought I had done this already, apart from the third-party libraries, but there were a couple remaining (the third-party libraries will still call this, they should be tweaked upstream as needed). R=thestig@chromium.org Review URL: https://codereview.chromium.org/999543002
2015-03-06Fix multiply defined macro in zlib.h on linux_chromium_clobber_rel_ng builder.Tom Sepez
Speculative fix since the issue doesn't reproduce locally. TBR=brettw@chromium.org Review URL: https://codereview.chromium.org/988883002
2015-03-06Make conversions for CPDF_Link explicit.Tom Sepez
Precursor to taking a second shot at cleaning up the FPDF_* APIs. A FPDF_LINK is a CPDF_Dictionary, and a CPDF_Link is a structure holding a FPDF_LINK. This goes against the convention that FPDF_ types get cast to CPDF_* types, so we want to make it clear where objects are getting constructed. R=thestig@chromium.org Review URL: https://codereview.chromium.org/985503005
2015-03-06Make conversion between CPDF_Dest and its object explicit.Tom Sepez
Precursor to taking a second shot at cleaning up the FPDF_* APIs. A FPDF_Dest is a CPDF_Array, and a CPDF_Dest is a structure holding a FPDF_Dest. This goes against the convention that FPDF_ types get cast to CPDF_* types, so we want to make it clear where objects are getting constructed, etc. R=thestig@chromium.org Review URL: https://codereview.chromium.org/984703004
2015-03-05Make conversion between CPDF_Action and its dictionary explicit.Tom Sepez
Precursor to taking a second shot at cleaning up the FPDF_* APIs. A FPDF_Action is a CPDF_Dictionary, and a CPDF_Action is a structure holding a FPDF_Action. This goes against the convention that FPDF_ types get cast to CPDF_* types, so we want to make it clear where objects are getting constructed, etc. Also tidy fpdf_actionhandler.cpp because it bugs me. R=thestig@chromium.org Review URL: https://codereview.chromium.org/984773002
2015-02-27Do hit tests against Annots in reverse order.Lei Zhang
BUG=chromium:445408 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/952423002
2015-02-27Upgrade openjpeg to revision 2997.JUN FANG
BUG=457493 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/960183004
2015-02-24Add small flate decode unit test.Tom Sepez
As we remove flate encoded sections from test cases (to promote clarity), we should first have a simple unit test for the underlying functionality. R=thestig@chromium.org Review URL: https://codereview.chromium.org/845313006
2015-02-13Fix JPX image rendering that regressed due to several security fixes.Lei Zhang
BUG=453723 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/892553002
2015-02-12Fix an error 'Use-of-uninitialized-value in CPDF_Function::Call'JUN FANG
This issue was introduced in https://codereview.chromium.org/886953002/. BUG=454280 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/869343008
2015-02-11CPDF_Object() constructor should set its internal m_Type variable.Tom Sepez
Follow-on from https://codereview.chromium.org/911293002/ Currently, all the subclass constructors are reaching up into the parent class to do this. Fix this, just because. R=thestig@chromium.org Review URL: https://codereview.chromium.org/880233005
2015-02-09Fix some typos in fpdf_render_loadimage.cpp.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/885223004
2015-02-06Cleanup: Fix some unused-function warnings.Lei Zhang
BUG=pdfium:29 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/891113002
2015-02-06Cleanup parts of fpdf_render_loadimage.cpp.Lei Zhang
- Add functions to do pitch calculation. - Delete dead code. - Don't bother checking pointers before deleting them. - Don't bother setting pointers to NULL in dtors. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/890883006
2015-02-05Kill off some more unreachable fopen's.Tom Sepez
The bstring's read from file is unused. The load from file paths aren't taken. R=jam@chromium.org Review URL: https://codereview.chromium.org/902943003
2015-02-05Merge to master: Kill off some dodgy JS callbacksTom Sepez
Note that this work was done opposite the usual branch order, because I didn't want to kill things in master that turned out to be in use in XFA. Original Review URL: https://codereview.chromium.org/883393007 TBR=jam@chromium.org Review URL: https://codereview.chromium.org/903893002
2015-02-05Fix segv in CPDF_DataAvail::CheckRoot() when /Root object is a string.Tom Sepez
Handles the case of this malformed PDF without crashing. Note that to get a reproducible test case, a small fix is applied to our .py script which results in some whitespace/numbering difs across the resources (down the road, we ought to generate them on the fly in an intermediate directory). BUG=454695 R=jun_fang@foxitsoftware.com, thestig@chromium.org Review URL: https://codereview.chromium.org/895933003
2015-02-05Add namespace and-re-arrange PDFium's local copy of chromium /base.Tom Sepez
Any projects DEPS'd into chromium and requiring a /base subset should have a local copy of that subset in a separate namespace. This will avoid future naming conflicts. Re-arrange the directory structure to better identify what came from chromium's base, and to make drop-in replacement easier for files that contain hard-coded "base/" in their #include directives. R=jam@chromium.org Review URL: https://codereview.chromium.org/900753002
2015-02-04Prevent base::CheckedNumeric from leaking outside of pdfium.Tom Sepez
Headers in /include directories should be free of implementation details from third_party. Put the types into a new header outside of /include. Requires https://codereview.chromium.org/902443003/ before a version containing this patch is rolled into chromium. R=jam@chromium.org Review URL: https://codereview.chromium.org/896023003
2015-02-03Replace CFX_SmartPointer cast operator with Get() method.Tom Sepez
This is part of the project to kill off C-style casts in the code base. Remove implict T* cast operator, and replace potentially unsafe C-style casts with Get() method. R=thestig@chromium.org Review URL: https://codereview.chromium.org/889673003
2015-02-03Fix stack exhaustion in CPDF_DataAvail::HaveResourceAncestor()Tom Sepez
BUG=https://code.google.com/p/pdfium/issues/detail?id=113 R=thestig@chromium.org Review URL: https://codereview.chromium.org/880043004
2015-01-31Fix heap buffer overflow in CPDF_SampledFunc::v_CallJUN FANG
This issue was caused by integer overflow in CPDF_SampledFunc::v_Call. The root cause of this issue is that the content in the test pdf file was damaged. The solution is to check whether an integer is overflow before using it. BUG=452455 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/886953002
2015-01-30Don't export any OpenJPEG methods from PDFium.John Abd-El-Malek
It's only used internally. This also avoids errors from the verify_order script when linking PDFium into Chromium BUG=453844 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/887193002
2015-01-30Use system FreeType on Linux.John Abd-El-Malek
This saves 406KB in the binary size of the plugin. More importantly, it gets rid of the linker flag preventing bundling PDFium into the Chromium binary. BUG=453844 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/826613004
2015-01-29Fix infinite recursion in CPDF_RenderStatus::RenderSingleObject().Tom Sepez
Introduce a local static to track the recursion depth, thereby removing the burden for callers to track and pass a level parameter correctly through all call paths. Also increase the depth tolerated, since we know there were paths that were under-counting this value. BUG=451265 R=thestig@chromium.org Review URL: https://codereview.chromium.org/868253009
2015-01-27Kill scattered extern _PDF_CharType declarations.chromium/2292chromium/2291chromium/2290Tom Sepez
While we're at it, avoid an indirection through a pointer, and use a name that isn't reserved for the compiler (leading _ CAP). This is a small portion of the associated bug: BUG=https://code.google.com/p/pdfium/issues/detail?id=112 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/880663003
2015-01-26Fix infinite recursion in CPDF_Parser::ParseIndirectObjectAt().Tom Sepez
A suitably corrupted file can cause the parser(s) to repeatedly re-read sections of the file at increasing parser recursion depth until the stack is exhausted. There is supposed to be a check for this based upon the parser "level", but not all call paths pass or update the level as required. Much as I hate per-class statics, this introduces one to track the depth so that the check is enforced no matter how screwy the call path might be that leads the parser to re-enter itself. This is more palatable than trying to find all these paths and fix them. We know this is OK since there is only one thread in here modifying the static. BUG=451830 R=thestig@chromium.org Review URL: https://codereview.chromium.org/875263002
2015-01-23Fix null crash in CheckTrailer.Tom Sepez
We are making checks in the incorrect order. Also adds two test cases, one for the this crash, and another for the original issue that motivated the patch. Original Patch by Bo at https://codereview.chromium.org/866003003/ BUG=450871 R=bo_xu@foxitsoftware.com Review URL: https://codereview.chromium.org/872563002