summaryrefslogtreecommitdiff
path: root/core
AgeCommit message (Collapse)Author
2015-05-20Integer overflow in CJBig2_Image::expandJUN FANG
1. New size should be larger than old size in JBig2_Realloc. 2. Arguments are integers but parameters are size_t in JBIG2_memset. After integer overflows, it will be presented as a huge unsigned number on 64 bits system. BUG=483981 R=brucedawson@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1148643002
2015-05-19Re-land: Remove FX_Alloc() null checks now that it can't return NULL.Tom Sepez
Fixes the ordering of some assignments broken when converting to checked numerics in CFX_PathData::AddPointCount(). Original Review URL: https://codereview.chromium.org/1142713005 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1135893008
2015-05-19Revert "Remove FX_Alloc() null checks now that it can't return NULL."Tom Sepez
This reverts commit eb6527763171cdb4b0fbfea5a20d691f4d67b660. Reason for revert: broke javascript tests. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1145843005
2015-05-19Remove FX_Alloc() null checks now that it can't return NULL.Tom Sepez
This permits some functions to become void's since they, in turn, can't fail. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1142713005
2015-05-19Fix Heap Overflow in CJBig2_Image::expandJUN FANG
Integer overflow in CJBig2_Image::expand. It causes the size of reallocated is not expected. BUG=483981 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1131023008
2015-05-18Cleanup if early return from opj_j2k_copy_default_tcp_and_create_tcd().Tom Sepez
The opj_j2k_copy_default_tcp_and_create_tcp() function memcpy's a top-level struct, and then replaces pointers to memory owned by the original struct with new blocks of memory. Unfortunately, an early return can leave the copy with pointers to memory it doesn't own, which causes problems when cleaning up the partially-initialized struct. The referenced bug is triggered when we get a return at original line 7969 or 7385 due to OOM. Moral of the story: creating a "copy constructor" equivalent based on memcpy() instead of copying field by field for structs containing pointers is usually a bad idea. BUG=486538 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1138033007
2015-05-18Change FX_Alloc to FX_Try_Alloc in _JpegEncodeJUN FANG
This CL is used for: 1. keeping the same logic as before (the behaviour of FX_Alloc was changed for OOM). 2. fixing a potential integer overflow. BUG=N/A R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1126013006
2015-05-18Add safe FX_Alloc2D() macroTom Sepez
This avoids unchecked multiplications when computing a size argument to malloc(). Such an overflow is very scary, and can result in exploitable bugs. Along the way, kill off some return checks, since we know this can't return NULL. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1143663004
2015-05-15Fix leaks in embedder test's FlateEncode() usage and in FlateEncode().Lei Zhang
For FlateEncode(), error handling code leaked memory. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1144603002
2015-05-15Disable allocation tests that hose the bot.Tom Sepez
Triggering allocation failure can be ... slow. See http://build.chromium.org/p/client.pdfium/builders/win/builds/126 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1142463005
2015-05-15Initialize members of CPDF_TextPageFind class.Lei Zhang
R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1137933004
2015-05-15Fix leaks in the embedder tests themselves.Lei Zhang
Also change EmbedderTest::TearDown() to match the destruction order in Chromium's PDF code. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1138143003
2015-05-15Abort on OOM by default in FX_Alloc().Tom Sepez
Add a FX_TryAlloc() for those few cases where we might need to continue in face of OOM. Remove FX_AllocNL() (the context of its use would suggest that NL means "No Limit"). This is used for some big allocations, so replace it with TryAlloc(). Large allocations may be worth trying to continue from, since there are few and they have a large chance of failing. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1128043009
2015-05-15Remove FX_NEW_VECTOR() macros.Tom Sepez
There isn't much point in having macros that obscure obvious language features. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1135273004
2015-05-15Fix potential UAF in ConcatInPlace.Tom Sepez
If ConcatCopy somehow gets a zero nNewlen, it returns early, without allocating a new m_Data. ConcatInPlace then frees the old one, leaving m_Data dangling. Also be concerned about the multiplication in the widestring version. So use wmemcpy and let the library cope with it. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1130763007
2015-05-14Fix another batch of compiler warnings.Lei Zhang
Also fix typos and remove trailing spaces/tabs. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1141123002
2015-05-14Make CFX_StringData be scoped by CFX_Bytestring and add methods.chromium/2421chromium/2420chromium/2419chromium/2418chromium/2417chromium/2416chromium/2415chromium/2414chromium/2413chromium/2412chromium/2411chromium/2410chromium/2409chromium/2408chromium/2407chromium/2406chromium/2405chromium/2404Tom Sepez
This is a precondition for someday combining Byte/Wide strings via templates. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1142533002
2015-05-13Fix integer overflow in conversion from float to integer.JUN FANG
BUG=471991 R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1141613002
2015-05-13Fix comparison of CFX_ByteString and CFX_WideString against empty literals.Tom Sepez
Also corrects some ASSERT_'s to EXPECT_'s in the test. BUG=pdfium:160 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1141763002
2015-05-12Restore checked strlen conversions.Tom Sepez
The checked conversion can be re-enabled now that there is a public API free of private headers like this one. This reverts commit 6661fd4c26106cd530d187b36f29be7e5c98b70f. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1133323003
2015-05-11Create top-level public/ header directory.Tom Sepez
These are the only files that embedders of PDFium should be including. They are entirely self-contained, and compile cleanly against -Wall so as to not offend the code that may include them. Having done this, we can see that chromium is pulling in two additional files from the fpdfsdk/include/pdfwindow directory, which is not guaranteed to work. A few files are renamed, adding an "_" to make the names consistent. The exception is fpdfview, which is doc'd as such in the doc. Naturally, paths will need updating in a handful of files in chrome when this rolls in. BUG=pdfium:154 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1135913002
2015-05-08Move function prototypes to new doc_utils.h fileTom Sepez
... rather than redundantly declaring them in several .cpp files, and hoping that the linker lines things up for you. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1128193004
2015-05-08Fix compilation under chromium checkouts.Tom Sepez
This is a fix to hide pdfium's safe_conversions.h from the higher-level callers. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1132163002
2015-05-08Fix errors from commit f0a169e.Lei Zhang
- fread() returns the number of items read. - fix a memory leak in error handling. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1135713004
2015-05-08Fix a bunch of -Wunused-but-set-variable warnings.Lei Zhang
Also fix a few nits and other errors along the way. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1098583002
2015-05-06Support arrays in nonstd::unique_ptr<>.Tom Sepez
This mimics the std:: behaviour. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1130053003
2015-05-06Manual revert of ad2a822ce5c3Tom Sepez
Reason for revert: No longer needed in face of 9ea57a43faea TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1122423006
2015-05-06Remove FX_STRSIZE casts, use safe conversionsTom Sepez
BUG=pdfium:153 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1124043003
2015-05-06Fix fx_string.h compile error under chromium checkouts.chromium/2398chromium/2397chromium/2396Tom Sepez
This gets included in chromium's pdfium_engine.cc, and thus must pass a higher error level. There's probably a follow-up to check why the FPDF_ api doesn't insulate chromium from this file. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1127043004
2015-05-06Fix a couple of divide by zero crashes in PNG/TIFF predictors.Lei Zhang
BUG=484002 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1124563002
2015-05-05Make sure string constructors are efficient on literalsTom Sepez
Separate out the overload when the length is not known, and be sure that strlen() call is in the header so that strlen("foo") => 3 (since many compilers support this optimization). Also delete some unused types. BUG=pdfium:151 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1117263004
2015-05-04Fix issues with != and == in fx_basic_wstringTom Sepez
Part two. Fix same issue in wide strings as in their bytestring counterparts. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1127753002
2015-05-04Kill FX_DEFINEHANDLETom Sepez
I spent at least 2 minutes grep'ing for a class or struct (on the other branch) that was delcared using this. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1129433002
2015-05-04Fix issuse with != and == shown by fx_basic_bstring unit tests.Tom Sepez
R=thestig@chromium.org Review URL: https://codereview.chromium.org/1125703004
2015-05-01Backfill some FX StringC unit tests for == and !=.Tom Sepez
Continuation of https://codereview.chromium.org/1122573002 Applies similar test to immutable versions of strings. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1118973005
2015-05-01Backfill some FX String unit tests for == and !=.Tom Sepez
... and there are a few inconsistencies which we can now fix. Also add a comment about why these strings aren't headed for the dust-bin long term. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1122573002
2015-05-01Save 4 bytes per CFX_ByteString where intptr_t smaller than long.Tom Sepez
Also prevent theoretical roll-over where long smaller than intptr_t. See bug for discussion. BUG=pdfium:149 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1117413002
2015-05-01Save 8 bytes in each CFX_ByteString/WideString (on "LP64" platforms).Tom Sepez
(Also makes the calculation robust in face of changes to the header). BUG=pdfium:149 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1118983003
2015-04-30Take adavange of unused bytes at end of widestringTom Sepez
Follow-on to https://codereview.chromium.org/1120703003/ R=thestig@chromium.org Review URL: https://codereview.chromium.org/1112423003
2015-04-30Try to take advantage of unused bytes at end of CFX_ByteString.Tom Sepez
Given the representation of StringData, it seems sub-optimal not to be doing this. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1120703003
2015-04-28Make CFX_WideString::LockBuffer() completely unused.Tom Sepez
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast simplification. There's an additional copy now in one place, so shoot me. BUG=pdfium:144 R=thestig@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/ee7412f5aef353e5c6f1a64d0e1708ed926869d9 Committed: https://pdfium.googlesource.com/pdfium/+/5a256ad29483eb2b13e6e2c89fe0f77a9103f68f Review URL: https://codereview.chromium.org/1053613004
2015-04-28Revert "Make CFX_WideString::LockBuffer() completely unused."Tom Sepez
This reverts commit 5a256ad29483eb2b13e6e2c89fe0f77a9103f68f. Reason for revert: broke JS tests. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1112673002
2015-04-28Make CFX_WideString::LockBuffer() completely unused.Tom Sepez
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast simplification. There's an additional copy now in one place, so shoot me. BUG=pdfium:144 R=thestig@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/ee7412f5aef353e5c6f1a64d0e1708ed926869d9 Review URL: https://codereview.chromium.org/1053613004
2015-04-27Revert "Make CFX_WideString::LockBuffer() completely unused."Tom Sepez
This reverts commit ee7412f5aef353e5c6f1a64d0e1708ed926869d9. Reason for revert: VS compile broke. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1106333003
2015-04-27Make CFX_WideString::LockBuffer() completely unused.Tom Sepez
Then remove CFX_{Wide,Byte}String::LockBuffer(). Prelude to a vast simplification. There's an additional copy now in one place, so shoot me. BUG=pdfium:144 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1053613004
2015-04-27SEGV in CFX_BaseSegmentedArray::Iterate() when CS has malformed dictionary.Tom Sepez
Failure to check document-controlled value before using it. BUG=481363 R=palmer@chromium.org, thestig@chromium.org Review URL: https://codereview.chromium.org/1110653002
2015-04-27Fix windows-specific usage of CFX_WideStr::operator LPCWSTR().Tom Sepez
Carry-on from https://codereview.chromium.org/1108903002/ R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1103343002
2015-04-27Reduce usage of operator LPCWSTR from CFX_WideString().Tom Sepez
This involves adding some explicit c_str() calls. Doing so flagged PDF_EncodeText() and FindOptionValue() as having suboptimal signatures, in that we are often throwing away a perfectly fine length and recomputing it. There are still some platform-specific code that needs the operator. R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1101933003
2015-04-27Revert "Kill operator LPCWSTR from CFX_WideString()."Tom Sepez
This reverts commit 15a62973b9b89c3e229cc0ab501c45967f91b325. Reason for revert: broke build on windows, mac. I must have missed some platform-specific conversions. TBR=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1108883002
2015-04-27Kill operator LPCWSTR from CFX_WideString().Tom Sepez
This involves adding some explicit c_str() calls. Doing so flagged PDF_EncodeText() and FindOptionValue() as having suboptimal signatures, in that we are often throwing away a perfectly fine length and recomputing it. R=brucedawson@chromium.org Review URL: https://codereview.chromium.org/1101933003