summaryrefslogtreecommitdiff
path: root/core/src
AgeCommit message (Collapse)Author
2015-05-21Merge to XFA: Fix an endless loop in CJBig2_HuffmanTable::parseFromCodedBufferJUN FANG
This issue is trigged by the conversion from unsigned int to signed int. A large unsigned int is converted to int. It's represented as a negative int which is used in the condition of while later. BUG=482639 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1146913003
2015-05-20Merge to XFA: Integer overflow in CJBig2_Image::expandJUN FANG
1. New size should be larger than old size in JBig2_Realloc. 2. Arguments are integers but parameters are size_t in JBIG2_memset. After integer overflows, it will be presented as a huge unsigned number on 64 bits system. BUG=483981 R=brucedawson@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1148643002
2015-05-20Merge to XFA: Remove FX_Alloc() null checks now that it can't return NULL.Tom Sepez
Original Review URL: https://codereview.chromium.org/1142713005 R=thestig@chromium.org TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1143663008
2015-05-19Merge to XFA: Fix Heap Overflow in CJBig2_Image::expandJUN FANG
Integer overflow in CJBig2_Image::expand. It causes the size of reallocated is not expected. BUG=483981 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1131023008
2015-05-18Merge to XFA: Cleanup if early return from ↵Tom Sepez
opj_j2k_copy_default_tcp_and_create_tcd(). Original Review URL: https://codereview.chromium.org/1138033007 BUG=486538 TBR=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1142133002
2015-05-18Merge to XFA: Change FX_Alloc to FX_Try_Alloc in _JpegEncodeJUN FANG
This CL is used for: 1. keeping the same logic as before (the behaviour of FX_Alloc was changed for OOM). 2. fixing a potential integer overflow. BUG=N/A R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1126013006
2015-05-18Merge to XFA: Add safe FX_Alloc2D() macroTom Sepez
Original Review URL: https://codereview.chromium.org/1143663004 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1136673005
2015-05-15Merge to XFA: Abort on OOM by default in FX_Alloc().Tom Sepez
Original Review URL: https://codereview.chromium.org/1128043009 Original Review URL: https://codereview.chromium.org/1142463005 R=thestig@chromium.org TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1144683002
2015-05-15Merge to XFA: Fix leaks in embedder test's FlateEncode() usage and in ↵Lei Zhang
FlateEncode(). For FlateEncode(), error handling code leaked memory. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1144603002 (cherry picked from commit 1962d61b28df03284e3e5c6de6a19f397a066e68) Review URL: https://codereview.chromium.org/1125413008
2015-05-15Merge to XFA: Initialize members of CPDF_TextPageFind class.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1137933004 (cherry picked from commit acae9257203971ee1e34d8d7573b7ba9a50041af) BUG= Review URL: https://codereview.chromium.org/1135793003
2015-05-15Merge to XFA: Fix leaks in the embedder tests themselves.Lei Zhang
Also change EmbedderTest::TearDown() to match the destruction order in Chromium's PDF code. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1138143003 (cherry picked from commit 61ffad8df484ab9b3f7d2f5519ec470fbc023b88) Review URL: https://codereview.chromium.org/1138973004
2015-05-15Merge to XFA: Remove FX_NEW_VECTOR() macros.Tom Sepez
Original Review URL: https://codereview.chromium.org/1135273004 R=thestig@chromium.org TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1134003007
2015-05-15Merge to XFA: Fix potential UAF in ConcatInPlace.Tom Sepez
Original Review URL: https://codereview.chromium.org/1130763007 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1123333004
2015-05-14Merge to XFA: Make CFX_StringData be scoped by CFX_Bytestring and add methods.Tom Sepez
Original Review URL: https://codereview.chromium.org/1142533002 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1135673003
2015-05-13Fix integer overflow in conversion from float to integer.JUN FANG
BUG=471991 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1141613002
2015-05-13Merge to XFA: Fix comparison of CFX_ByteString and CFX_WideString.Tom Sepez
Original Review URL: https://codereview.chromium.org/1141763002 BUG=pdfium:160 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1140093003
2015-05-11Merge to XFA: Create top-level public/ header directory.Tom Sepez
Original Review URL: https://codereview.chromium.org/1135913002 BUG=pdfium:154 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1136703003
2015-05-08Merge to XFA: Fix a bunch of -Wunused-but-set-variable warnings.Lei Zhang
Also fix a few nits and other errors along the way. Review URL: https://codereview.chromium.org/1098583002 Review URL: https://codereview.chromium.org/1135713004 (cherry picked from commit f0a169e6fd5718995fa6ef8749c8d16cdad84985) (cherry picked from commit 470408c2ffe71e99cebad0d1d6887f1723f02cef) R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1133453006
2015-05-08Merge to XFA: Move function prototypes to new doc_utils.h fileTom Sepez
Original Review URL: https://codereview.chromium.org/1128193004 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1137783002
2015-05-07Merge to XFA: Make CFX_StockFontArray more robust.Lei Zhang
- Check bounds when accessing array. - Remove potential memory leak. - Merge duplicate code. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1094763002 (cherry picked from commit ee2fe42f9bf3ac6afc4f05f79629a3e34179a2b9) Review URL: https://codereview.chromium.org/1128803003
2015-05-06Merge to XFA: Support arrays in nonstd::unique_ptr<>.Tom Sepez
Original Review URL: https://codereview.chromium.org/1130053003 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1124353002
2015-05-06Merge to XFA:Remove FX_STRSIZE casts, use safe conversionsTom Sepez
Original Review URL: https://codereview.chromium.org/1124043003 BUG=pdfium:153 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1132443002
2015-05-06Merge to XFA: Fix a couple of divide by zero crashes in PNG/TIFF predictors.Lei Zhang
BUG=484002 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1124563002 (cherry picked from commit 6ab919ff310fb02bab8cf43d92a5553b11cbbb61) Review URL: https://codereview.chromium.org/1130903002
2015-05-06Merge to XFA: Replace FX_NEW with new, remote tests from fxcodecLei Zhang
Review URL: https://codereview.chromium.org/1084303002 (cherry picked from commit cfc1a654ef3e8b65bc447815d35932c185bf1422) R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1125363002
2015-05-06Merge to XFA: Replace FX_NEW with new, remove tests from fpdfapiLei Zhang
Very few places where a change is required, but remove FX_NEW to show they've been audited. Review URL: https://codereview.chromium.org/1075953004 (cherry picked from commit 5c357a5d3d873be6b0ab01d7bec82f79d0a09f0e) R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1125183006
2015-05-06Merge to XFA: Fix a regression with cut off images.Lei Zhang
This regressed in commit 3f41851 due to shadow variables. BUG=478164 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1101443004 (cherry picked from commit 97d10aff654e42c1b7c3d2abf33fbcf8d341799e) Review URL: https://codereview.chromium.org/1127163003
2015-05-05Merge to XFA: Make sure string constructors are efficient on literalsTom Sepez
Besides the merge, there's one place where a wchar vs. wstring comparison was being made that no longer compiled. Original Review URL: https://codereview.chromium.org/1117263004 BUG=pdfium:151 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1116163003
2015-05-04Merge to XFA: Fix issues with != and == in fx_basic_wstringTom Sepez
Original Review URL: https://codereview.chromium.org/1127753002 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1119753004
2015-05-04Merge to XFA: Fix issuse with != and == shown by fx_basic_bstring unit tests.Tom Sepez
Original Review URL: https://codereview.chromium.org/1125703004 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1126643003
2015-05-01Merge to XFA: Backfill some FX String/StringC unit tests for == and !=.Tom Sepez
Original Review URL: https://codereview.chromium.org/1118973005 Original Review URL: https://codereview.chromium.org/1122573002 R=thestig@chromium.org TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1126433002
2015-05-01Merge to XFA: CFX_ByteString/WideString header changesTom Sepez
Original Review URL: https://codereview.chromium.org/1117413002 Original Review URL: https://codereview.chromium.org/1118983003 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1125493002
2015-04-30Merge to XFA: Take adavange of unused bytes at end of CFX stringsTom Sepez
Original Review URL: https://codereview.chromium.org/1112423003 Original Review URL: https://codereview.chromium.org/1120703003 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1120813003
2015-04-28Merge to XFA: Make CFX_WideString::LockBuffer() completely unused.Tom Sepez
Original Review URL: https://codereview.chromium.org/1053613004 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1115493002
2015-04-27Merge to XFA: SEGV in CFX_BaseSegmentedArray::Iterate().Tom Sepez
Original Review URL: https://codereview.chromium.org/1110653002 R=thestig@chromium.org TBR=thestig@chromium.org BUG=481363 Review URL: https://codereview.chromium.org/1110763002
2015-04-27Merge to XFA: Fix windows-specific usage of CFX_WideStr::operator LPCWSTR().Tom Sepez
Original Review URL: https://codereview.chromium.org/1103343002 R=brucedawson@chromium.org TBR=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1105253002
2015-04-27Merge to XFA: Reduce usage of operator LPCWSTR from CFX_WideString().Tom Sepez
Original Review URL: https://codereview.chromium.org/1101933003 TBR=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1108903002
2015-04-23Merge to XFA: Fix segmentation fault 'denial of service condition'JUN FANG
BUG=467392 R=thestig@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1064713008
2015-04-22Merge to XFA: Add missing operators for CFX_xxxString combo patch.Tom Sepez
This pulls in: Review URL: https://codereview.chromium.org/1099193002 Review URL: https://codereview.chromium.org/1090303003 Review URL: https://codereview.chromium.org/1084293003 Review URL: https://codereview.chromium.org/1099213002 Plus one fix to an XFA file to fix compilation. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1095893005
2015-04-21Merge to XFA: Kill CFX_StringBufTemplate.Tom Sepez
Original Review URL: https://codereview.chromium.org/1098203002 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1080633008
2015-04-21Merge to XFA: Fix a crashier due to images with abnormal sizeJUN FANG
BUG=453553 R=thestig@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1093323003
2015-04-20Merge to XFA: Remove Release() combo patch.Tom Sepez
Includes: Original Review URL: https://codereview.chromium.org/1098043002 Original Review URL: https://codereview.chromium.org/1097843003 Original Review URL: https://codereview.chromium.org/1093213002 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1092033004
2015-04-17Merge to XFA: Set m_FontType in CPDF_Font() constructor.Tom Sepez
Original Review URL: https://codereview.chromium.org/1060813003 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1060843005
2015-04-17Fix an issue 'heap use after free'JUN FANG
This fix is for covering more scenarios. Some faces like Foxit defined faces and MM faces are managed in built-in manager. They are released in built-in manager not in fontMgr. BUG=452793 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1095733003
2015-04-16Fix heap use after free in FT_Stream_ReleaseFrameJUN FANG
Adjust the release order of resource to fix this issue. BUG=452793 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1082023002
2015-04-15Merge to XFA: Fix offset outside bounds of constant string warningsJUN FANG
BUG=380476 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1061013003
2015-04-14Fix two new / free mismatchesTom Sepez
R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1085963002
2015-04-14Merge to XFA: Kill CFX_Object.Tom Sepez
Not just a simple merge, but changes to remove CFX_Object from XFA. Original Review URL: https://codereview.chromium.org/1088733002 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1087053002
2015-04-13Merge to XFA: Fix a heap overflow in CJBig2_Context::parseSymbolDictJUN FANG
BUG=476107 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1080893002
2015-04-11Merge to XFA: Fix a heap buffer overflow issue in CPDF_CMap::GetNextCharJUN FANG
Add a check to make sure offset is less than the size of string in the function of GetNextChar(). BUG=471651 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1067073003
2015-04-10Merge to XFA: Better fix for snprintf non-termination on windows.Tom Sepez
TBR=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1073313003