Age | Commit message (Collapse) | Author |
|
This caused a revert of the PDFium roll.
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1165863003
|
|
Its fine to program to interfaces, but since the sole concrete implementation
is in the same header as the interface, the code is bypassing it anyways. We
can de-virtualize some things along the way, and remove two non-existent
function prototypes from one of the headers.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1158053003
|
|
Get rid of leading _CAPITAL identifiers.
A large number of these didn't actually match the filename.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1160443004
|
|
Tiny bit of tidying I noticed while trying to figure out include rules.
In other words,
cd core/include
git grep 'include.*include'
git grep 'include.*src'
Should produce no output, and
cd fpdfsdk/include
git grep 'include.*include' | grep -v ../core/include
git grep 'include.*src'
Should produce no output as well.
Fix some IWYU, header guards, include ordering, whitespace along the way.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1162453003
|
|
BUG=459215
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1160663002
|
|
Two "set but unused", one of which is surely an artifact from
copying code around, and the other which ought to be used for
the sake of clarity.
Two are unknown "optimize" pragmas, remove them since the code
has been shipped for years on other platforms under full optimization.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1148353002
|
|
This issue is trigged by the conversion from unsigned int to signed int.
A large unsigned int is converted to int. It's represented as a negative
int which is used in the condition of while later.
BUG=482639
R=brucedawson@chromium.org
Review URL: https://codereview.chromium.org/1146913003
|
|
1. New size should be larger than old size in JBig2_Realloc.
2. Arguments are integers but parameters are size_t in JBIG2_memset.
After integer overflows, it will be presented as a huge
unsigned number on 64 bits system.
BUG=483981
R=brucedawson@chromium.org, tsepez@chromium.org
Review URL: https://codereview.chromium.org/1148643002
|
|
Fixes the ordering of some assignments broken when converting to checked
numerics in CFX_PathData::AddPointCount().
Original Review URL: https://codereview.chromium.org/1142713005
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1135893008
|
|
This reverts commit eb6527763171cdb4b0fbfea5a20d691f4d67b660.
Reason for revert: broke javascript tests.
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1145843005
|
|
This permits some functions to become void's since
they, in turn, can't fail.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1142713005
|
|
Integer overflow in CJBig2_Image::expand.
It causes the size of reallocated is not
expected.
BUG=483981
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1131023008
|
|
The opj_j2k_copy_default_tcp_and_create_tcp() function memcpy's a top-level
struct, and then replaces pointers to memory owned by the original struct
with new blocks of memory. Unfortunately, an early return can leave the
copy with pointers to memory it doesn't own, which causes problems when
cleaning up the partially-initialized struct.
The referenced bug is triggered when we get a return at original
line 7969 or 7385 due to OOM.
Moral of the story: creating a "copy constructor" equivalent
based on memcpy() instead of copying field by field for structs
containing pointers is usually a bad idea.
BUG=486538
R=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/1138033007
|
|
This CL is used for:
1. keeping the same logic as before (the behaviour
of FX_Alloc was changed for OOM).
2. fixing a potential integer overflow.
BUG=N/A
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1126013006
|
|
This avoids unchecked multiplications when computing a size argument
to malloc(). Such an overflow is very scary, and can result in
exploitable bugs.
Along the way, kill off some return checks, since we know this can't
return NULL.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1143663004
|
|
For FlateEncode(), error handling code leaked memory.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1144603002
|
|
Triggering allocation failure can be ... slow. See
http://build.chromium.org/p/client.pdfium/builders/win/builds/126
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1142463005
|
|
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1137933004
|
|
Also change EmbedderTest::TearDown() to match the destruction order in
Chromium's PDF code.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1138143003
|
|
Add a FX_TryAlloc() for those few cases where we might need to continue
in face of OOM.
Remove FX_AllocNL() (the context of its use would suggest that NL
means "No Limit"). This is used for some big allocations, so replace
it with TryAlloc(). Large allocations may be worth trying to continue
from, since there are few and they have a large chance of failing.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1128043009
|
|
There isn't much point in having macros that obscure obvious
language features.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1135273004
|
|
If ConcatCopy somehow gets a zero nNewlen, it returns early, without
allocating a new m_Data. ConcatInPlace then frees the old one, leaving
m_Data dangling.
Also be concerned about the multiplication in the widestring version.
So use wmemcpy and let the library cope with it.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1130763007
|
|
Also fix typos and remove trailing spaces/tabs.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1141123002
|
|
This is a precondition for someday combining Byte/Wide strings
via templates.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1142533002
|
|
BUG=471991
R=brucedawson@chromium.org
Review URL: https://codereview.chromium.org/1141613002
|
|
Also corrects some ASSERT_'s to EXPECT_'s in the test.
BUG=pdfium:160
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1141763002
|
|
The checked conversion can be re-enabled now that there is a public
API free of private headers like this one.
This reverts commit 6661fd4c26106cd530d187b36f29be7e5c98b70f.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1133323003
|
|
These are the only files that embedders of PDFium should be including.
They are entirely self-contained, and compile cleanly against -Wall so
as to not offend the code that may include them.
Having done this, we can see that chromium is pulling in two additional
files from the fpdfsdk/include/pdfwindow directory, which is not guaranteed
to work.
A few files are renamed, adding an "_" to make the names consistent.
The exception is fpdfview, which is doc'd as such in the doc.
Naturally, paths will need updating in a handful of files in chrome
when this rolls in.
BUG=pdfium:154
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1135913002
|
|
... rather than redundantly declaring them in several .cpp files, and
hoping that the linker lines things up for you.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1128193004
|
|
This is a fix to hide pdfium's safe_conversions.h from the
higher-level callers.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1132163002
|
|
- fread() returns the number of items read.
- fix a memory leak in error handling.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1135713004
|
|
Also fix a few nits and other errors along the way.
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1098583002
|
|
This mimics the std:: behaviour.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1130053003
|
|
Reason for revert: No longer needed in face of 9ea57a43faea
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1122423006
|
|
BUG=pdfium:153
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1124043003
|
|
This gets included in chromium's pdfium_engine.cc, and thus must pass a
higher error level. There's probably a follow-up to check why the FPDF_ api
doesn't insulate chromium from this file.
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1127043004
|
|
BUG=484002
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1124563002
|
|
Separate out the overload when the length is not known, and be sure that
strlen() call is in the header so that strlen("foo") => 3 (since many
compilers support this optimization).
Also delete some unused types.
BUG=pdfium:151
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1117263004
|
|
Part two. Fix same issue in wide strings as in their bytestring
counterparts.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1127753002
|
|
I spent at least 2 minutes grep'ing for a class or struct (on the other
branch) that was delcared using this.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1129433002
|
|
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1125703004
|
|
Continuation of https://codereview.chromium.org/1122573002
Applies similar test to immutable versions of strings.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1118973005
|
|
... and there are a few inconsistencies which we can now fix. Also add a
comment about why these strings aren't headed for the dust-bin long term.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1122573002
|
|
Also prevent theoretical roll-over where long smaller than intptr_t.
See bug for discussion.
BUG=pdfium:149
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1117413002
|
|
(Also makes the calculation robust in face of changes to the header).
BUG=pdfium:149
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1118983003
|
|
Follow-on to https://codereview.chromium.org/1120703003/
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1112423003
|
|
Given the representation of StringData, it seems sub-optimal not to be doing this.
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1120703003
|
|
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast
simplification. There's an additional copy now in one place, so
shoot me.
BUG=pdfium:144
R=thestig@chromium.org
Committed: https://pdfium.googlesource.com/pdfium/+/ee7412f5aef353e5c6f1a64d0e1708ed926869d9
Committed: https://pdfium.googlesource.com/pdfium/+/5a256ad29483eb2b13e6e2c89fe0f77a9103f68f
Review URL: https://codereview.chromium.org/1053613004
|
|
This reverts commit 5a256ad29483eb2b13e6e2c89fe0f77a9103f68f.
Reason for revert: broke JS tests.
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1112673002
|
|
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast
simplification. There's an additional copy now in one place, so
shoot me.
BUG=pdfium:144
R=thestig@chromium.org
Committed: https://pdfium.googlesource.com/pdfium/+/ee7412f5aef353e5c6f1a64d0e1708ed926869d9
Review URL: https://codereview.chromium.org/1053613004
|