summaryrefslogtreecommitdiff
path: root/core
AgeCommit message (Collapse)Author
2017-01-27Limit parsing recursion levels in CPDF_StreamParserNicolas Pena
We currently only limit the array recursion levels. This recursion level may also be reset when parsing. This is insufficient to protect against stack overflows. BUG=681920 Change-Id: I69bd0c912fb45c0e68b9b9fa961d43f0adc9bdd3 Reviewed-on: https://pdfium-review.googlesource.com/2434 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-26Cleanup CPDF_StructElement.tsepez
Pre-cursor to properly ref-counting it. Rename to match the CPDF_/IPDF_ conventions. Move CPDF_ structure out of IPDF-defining headers. Break friendships. Review-Url: https://codereview.chromium.org/2640923006
2017-01-25Calculate code_store safely in CGifLZWDecoder::DecodeNicolas Pena
BUG=682628 Change-Id: I8e88cc0c8392b078afb73f9549ea4dea9a5717fd Reviewed-on: https://pdfium-review.googlesource.com/2390 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-25Remove last usage of IFX_Retainable.chromium/2993Tom Sepez
Change-Id: Id2ece818c80e8cce4748b9a237871131a7acd6d1 Reviewed-on: https://pdfium-review.googlesource.com/2354 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-24Use std::vector for fx_ucd.h arrays.chromium/2992tsepez
Review-Url: https://codereview.chromium.org/2650773003
2017-01-24Replace some loose (ptr, len) pairs with CFX_ByteStringC in fpdfapi.tsepez
These separate scalars are an anti-pattern given the ability to pass a single entity and later operate on it sensibly. Review-Url: https://codereview.chromium.org/2652033002
2017-01-24Undefined shift in CPDF_PSEngine::DoOperatortsepez
Also fix an unsafe negation in same block. BUG=641551 BUG=681091 Review-Url: https://codereview.chromium.org/2649283002
2017-01-24Fix CPDF_InterForm::CheckRequiredFields and its callers.Nicolas Pena
The method is used twice in fpdfsdk/cpdfsdk_interform.cpp and twice in fpdfsdk/javascript/Document.cpp, but not in a compatible way. Changed the method so that it now returns true when checks pass, which is the more natural thing to do, considering the name of the method. BUG=pdfium:659 Change-Id: Iacf3049f328df1d4db3fbfc995acf184230ebf48 Reviewed-on: https://pdfium-review.googlesource.com/2297 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-24Use std::vector for CFX_RectF arraystsepez
Review-Url: https://codereview.chromium.org/2653743002
2017-01-23Fix bug found by fuzzer in A85 encoder (bad shift).rbpotter
A85 encoder is not called yet; fix before adding calls to this code in Chromium. BUG=682550 Review-Url: https://codereview.chromium.org/2649263002
2017-01-23Update safe numerics package to get bitwise opstsepez
Fix callers conventions to avoid ambiguity. Fix bad bounds check unmasked by change. Directly include headers no longer pulled in by numerics itself. Review-Url: https://codereview.chromium.org/2640143003
2017-01-20Replace CFX_ByteArray with CFX_ArrayTemplate<uint8_t>chromium/2990chromium/2989chromium/2988tsepez
Also replace CFX_Int32Array typedef with CFX_ArrayTemplate<int32_t>. Removing the typedefs makes subsequent conversion to std::vector<> easier on a case-by-case basis. Review-Url: https://codereview.chromium.org/2649563003
2017-01-20Remove CFX_Points, CFX_PointsF in favor of std::vectortsepez
CFX_Points was unused. Review-Url: https://codereview.chromium.org/2645523006
2017-01-19use unique_ptr in fpdf_font_cid.cpptsepez
Also return CFX_MaybeOwned<> from functions so to make cleanup automatic, avoiding a theoretical leak. Review-Url: https://codereview.chromium.org/2641853004
2017-01-18Bad indexing in CPDF_Document::FindPageIndex when page tree corrupt.tsepez
Moving to std::vector from the more forgiving CFX_ArrayTemplate revealed the dubious page tree traversal, which depends on the correctness of the /Count entries to properly summarize the total descendants under a given node. The only "correct" thing to do is to throw away these counts as parsed, and re-compute them, perhaps in CountPages(). But I'm not willing to do that since it may break unknown documents in the wild. Pass out-params as pointers while we're at it. BUG=680376 Review-Url: https://codereview.chromium.org/2636403003
2017-01-17Stop using Encoding array to get unicode from charcode in Type 3 fontschromium/2985npm
We should not fill out the m_Encoding for Type3 fonts. This way, we stop getting garbage characters from text extraction. Guessing that unicode == charcode (in the absence of ToUnicode) is our best bet. BUG=pdfium:642 Review-Url: https://codereview.chromium.org/2643543002
2017-01-17Avoid endless loop deleting CFGAS_GEFont.tsepez
It's a ref-counted class, so if we're in the destructor, the ref count has hit zero. We can't make a new ref pointer to itself here, as it will re-invoke the destructor when it goes out of scope. This should have been an obvious anti-pattern in hindsight. The object in question can't be in the m_pFontManager, since the font manager retains a reference, and we wouldn't get to this destructor while that is present. So the cleanup isn't required. Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp. I also converted to use unique_ptrs in a few places near this issue. Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr is not a good idea as it doesn't bump the ref count. Also protect and friend the CFGAS_GEFont destructor, to make sure random deletes don't happen. Also kill off a const cast, and remove unnecessary conversion to retain_ptr when we already have one. TEST=look for absence of -11 in XFA corpus test logs, bots not currently noticing the segv. Argh. Review-Url: https://codereview.chromium.org/2631703003
2017-01-16Return early when gif_img_row_bytes is 0chromium/2984Nicolas Pena
We can get into a loop when gif_img_row_bytes is 0 since Decode will return 3 when the second parameter is 0, and there is a while(ret!=0). BUG=681170 Change-Id: I63502a8487c07030fce2373f74cec6b4f0c98297 Reviewed-on: https://pdfium-review.googlesource.com/2211 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-16Check blue,green,red bit count in bmp_decode_rgbNicolas Pena
If the values are going to overflow, return error code, which seems to be 2. BUG=668822 Change-Id: I89b3fcf277e98d65b8c3438e6d9bb84fe62a8de9 Reviewed-on: https://pdfium-review.googlesource.com/2213 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-16Return error when bits_left is too bigNicolas Pena
BUG=680062 Change-Id: I9e2fd960915cd1de5e0cc15aeabf9ccf27e5a795 Reviewed-on: https://pdfium-review.googlesource.com/2212 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-16Add default substitution for narrow fontsNicolas Pena
BUG=669893 Change-Id: I0977c031d5b272ce5182da6b3020ac092e30aef4 Reviewed-on: https://pdfium-review.googlesource.com/2210 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-16Use FX_Alloc() properly in fxcodec.tsepez
It already has a sizeof() and a cast built into the macro, so we don't need to do sizeof() and cast on each usage. Review-Url: https://codereview.chromium.org/2625133009
2017-01-12Add postscript pathrbpotter
This patch adds the additional functions required to make postscript printing functional. The most significant additions are are two added compression functions and a new API for setting the postscript level. Not currently called from Chromium, Chromium patch to come. BUG= Review-Url: https://codereview.chromium.org/2612243005
2017-01-11Make tiff_read return actual length readNicolas Pena
The return value is used to determine whether TIFFReadFile fails. If we return just the length, libtiff will try reading uninitilized values afterwards, on corrupted files. BUG=679230, 670928 Change-Id: I579adc9d8a00e8cafab45dbdb728f1cb702da051 Reviewed-on: https://pdfium-review.googlesource.com/2172 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-10Remove CFX_ArrayTemplate in cfx_psrender.tsepez
Use unique_ptr while we're at it. Review-Url: https://codereview.chromium.org/2618373003
2017-01-10Restrict code size in CGifLZWDecoderchromium/2978Nicolas Pena
The code_size variable is the number of bits. We should make sure that the size is at most 31 to avoid having undefined shifts etc. BUG=620661 Change-Id: Ia533386d01de93a55048cfd63d63989b2731a210 Reviewed-on: https://pdfium-review.googlesource.com/2161 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-10Remove some CFX_ArrayTemplate in fpdfapi and fpdfdoctsepez
Also use unique_ptr in one spot while we're at it. Review-Url: https://codereview.chromium.org/2625483002
2017-01-10Remove more _LP* typedefs.tsepez
Code is much clearer when we use the actual types rather than this convention. Review-Url: https://codereview.chromium.org/2618993002
2017-01-09Check validity of width and height in CCodec_TiffContext::LoadFrameInfoNicolas Pena
We are using pdfium::base::checked_cast to get the width and height, but we may overflow and abort. Therefore, we should instead early return if the obtained width and height are not valid int32_t's. BUG=655056 Change-Id: Ic0c6b88a16dc3d547fe82736bb14ed3122cd356a Reviewed-on: https://pdfium-review.googlesource.com/2160 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-09HardClip all points used when building pathsNicolas Pena
CAgg_PathData::BuildPath already HardClips x, y. We need to do this to any other points used, otherwise we risk having huge numbers, and when calling agg methods on these we'll be super slow. BUG=670524, 678767 Change-Id: I35c1cee7bd6481ea57e0df27b2c5202d1cca3301 Reviewed-on: https://pdfium-review.googlesource.com/2158 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-09Do not parse references with invalid objnumnpm
We should not have valid objects where the object number is CPDF_Object::kInvalidObjNum. BUG=pdfium:609 Review-Url: https://codereview.chromium.org/2610393004
2017-01-09Remove CFX_ArrayTemplate from fpdftext and fxcodec.tsepez
Remove unused m_Segments. Review-Url: https://codereview.chromium.org/2618863004
2017-01-09Remove CFX_ArrayTemplate from fpdfapitsepez
Review-Url: https://codereview.chromium.org/2611413002
2017-01-09Tidy cfgas_fontmgr, remove custom sorting code.tsepez
Review-Url: https://codereview.chromium.org/2610813010
2017-01-06Remove CFX_MapPtrToPtr and templates.chromium/2976chromium/2975tsepez
All usage is now replaced with stl equivalents. Move one definition from fx_basic.h to where it's actually needed. Review-Url: https://codereview.chromium.org/2612773007
2017-01-06Revert postscript code removal.rbpotter
Revert CL http://crrev.com/2608663003 in preparation for adding postscript generation to Pdfium. Note postscript generation code will not be called until additional patches land. These patches will also include modifications needed to make this code functional (currently missing a few compression functions). BUG= Review-Url: https://codereview.chromium.org/2615703002
2017-01-05Remove two unused members in cpdf_streamcontentparser.tsepez
Review-Url: https://codereview.chromium.org/2617683003
2017-01-05Banish CFX_Points, CFX_PointsF, and CFX_RectFArray to XFA-side only.tsepez
Removes more array template usage fron non-XFA code. Review-Url: https://codereview.chromium.org/2614013002
2017-01-05Fix bCJK calculation in Windows MapFontnpm
I think the bCJK variable calculation is wrong. If not, then it is not necessary, since currently it will always be set to false. CL that added this code: https://codereview.chromium.org/1306883002/ Review-Url: https://codereview.chromium.org/2611843008
2017-01-05Remove unused CPDF_ImageCacheEntry::GetCachedBitmapNicolas Pena
GetCachedBitmap method is not being used. This removal simplifies some of the code. Change-Id: I075c245c3511e8a1b595c8ba148991f7c838f504 Reviewed-on: https://pdfium-review.googlesource.com/2154 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-04Kill render_int.hchromium/2973chromium/2972Nicolas Pena
CPDF_DIBSource was already in its own file, but files needed renaming. Change-Id: Ib3ac787a0bb33d3f78ecdcdfcdbc938867857a14 Reviewed-on: https://pdfium-review.googlesource.com/2152 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-04Add missing operator<() to CFX_RetainPtr.tsepez
Use std::less<>() rather than a direct ptr1 < ptr2 comparison to be strictly correct in face of unspecified behaviour when ptr1 and ptr2 don't point within the same "object" (e.g. segment of memory on a brain-dead segmented architecture). This will allow their use as keys in maps. Review-Url: https://codereview.chromium.org/2616683002
2017-01-03Add CFX_RetainPtr Leak() and Unleak() methodstsepez
Required to pass pointers across C-APIs. Need this to clean up CPDFXFA_Page and retain ptrs. Review-Url: https://codereview.chromium.org/2583093003
2017-01-03Check for overflow in JBig2 Huffman decoderDan Sinclair
This CL updates the Huffman decoder in the JBig2 codex to check the low field does not overflow. BUG=chromium:675236 Change-Id: I7f5f6fe8329df4ece6f317fac521fe2373686479 Reviewed-on: https://pdfium-review.googlesource.com/2131 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-03Kill last use of CFX_PtrList.tsepez
I'd been waiting on this hoping the code would be refactored out of existence, but it looks to be used. Use tests against x.end() in place of a "null position". This is greatly complicated by the use of "tail position", which now calcluated by std::prev(x.end()) unless the list is empty. Review-Url: https://codereview.chromium.org/2592163002
2017-01-03Force stop of page tree traversal when max level reachedNicolas Pena
The previous implementation, FindPDFPage, was already doing this since the recursive call was always with return. Currently, we were trying to keep going even after reaching max level. The problem is that if the page tree is not a tree, we might loop forever. This could also be solved by keeping track of the dictionaries that have been visited, but this solution takes much less space. BUG=672172 Change-Id: Ia37aea58e92b6068de69f26736c612aa6a0ff4b3 Reviewed-on: https://pdfium-review.googlesource.com/2138 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-02Use vector of unique_ptrs for page node children.tsepez
Also be sure that a loop terminates without relying on specific behaviour of the callers. Review-Url: https://codereview.chromium.org/2598473002
2016-12-28Make CFX_Observable copy constructable.chromium/2969chromium/2968chromium/2967chromium/2966tsepez
Fix some naming to make things clearer. Review-Url: https://codereview.chromium.org/2587233002
2016-12-19Missing null initializer in CPDF_StreamParser::ReadInlineStreamchromium/2965chromium/2964chromium/2963chromium/2962chromium/2961chromium/2960chromium/2959chromium/2958tsepez
TBR=dsinclair@chromium.org BUG=675752 Review-Url: https://codereview.chromium.org/2585113004
2016-12-19Relax the EncryptMetadata check.chromium/2957tsepez
BUG=pdfium:644 Review-Url: https://codereview.chromium.org/2581873002