Age | Commit message (Collapse) | Author |
|
We currently only limit the array recursion levels. This recursion
level may also be reset when parsing. This is insufficient to protect
against stack overflows.
BUG=681920
Change-Id: I69bd0c912fb45c0e68b9b9fa961d43f0adc9bdd3
Reviewed-on: https://pdfium-review.googlesource.com/2434
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Pre-cursor to properly ref-counting it.
Rename to match the CPDF_/IPDF_ conventions.
Move CPDF_ structure out of IPDF-defining headers.
Break friendships.
Review-Url: https://codereview.chromium.org/2640923006
|
|
BUG=682628
Change-Id: I8e88cc0c8392b078afb73f9549ea4dea9a5717fd
Reviewed-on: https://pdfium-review.googlesource.com/2390
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: Id2ece818c80e8cce4748b9a237871131a7acd6d1
Reviewed-on: https://pdfium-review.googlesource.com/2354
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2650773003
|
|
These separate scalars are an anti-pattern given the ability to pass a single entity and later operate on it sensibly.
Review-Url: https://codereview.chromium.org/2652033002
|
|
Also fix an unsafe negation in same block.
BUG=641551
BUG=681091
Review-Url: https://codereview.chromium.org/2649283002
|
|
The method is used twice in fpdfsdk/cpdfsdk_interform.cpp and twice in
fpdfsdk/javascript/Document.cpp, but not in a compatible way. Changed
the method so that it now returns true when checks pass, which is the
more natural thing to do, considering the name of the method.
BUG=pdfium:659
Change-Id: Iacf3049f328df1d4db3fbfc995acf184230ebf48
Reviewed-on: https://pdfium-review.googlesource.com/2297
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2653743002
|
|
A85 encoder is not called yet; fix before adding
calls to this code in Chromium.
BUG=682550
Review-Url: https://codereview.chromium.org/2649263002
|
|
Fix callers conventions to avoid ambiguity.
Fix bad bounds check unmasked by change.
Directly include headers no longer pulled in by numerics itself.
Review-Url: https://codereview.chromium.org/2640143003
|
|
Also replace CFX_Int32Array typedef with CFX_ArrayTemplate<int32_t>.
Removing the typedefs makes subsequent conversion to std::vector<>
easier on a case-by-case basis.
Review-Url: https://codereview.chromium.org/2649563003
|
|
CFX_Points was unused.
Review-Url: https://codereview.chromium.org/2645523006
|
|
Also return CFX_MaybeOwned<> from functions so to make cleanup automatic,
avoiding a theoretical leak.
Review-Url: https://codereview.chromium.org/2641853004
|
|
Moving to std::vector from the more forgiving CFX_ArrayTemplate
revealed the dubious page tree traversal, which depends on the
correctness of the /Count entries to properly summarize the total
descendants under a given node.
The only "correct" thing to do is to throw away these counts as parsed,
and re-compute them, perhaps in CountPages(). But I'm not willing to do
that since it may break unknown documents in the wild.
Pass out-params as pointers while we're at it.
BUG=680376
Review-Url: https://codereview.chromium.org/2636403003
|
|
We should not fill out the m_Encoding for Type3 fonts. This way, we
stop getting garbage characters from text extraction. Guessing that
unicode == charcode (in the absence of ToUnicode) is our best bet.
BUG=pdfium:642
Review-Url: https://codereview.chromium.org/2643543002
|
|
It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.
The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.
Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.
Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.
Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.
Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.
TEST=look for absence of -11 in XFA corpus test logs, bots not
currently noticing the segv. Argh.
Review-Url: https://codereview.chromium.org/2631703003
|
|
We can get into a loop when gif_img_row_bytes is 0 since Decode will
return 3 when the second parameter is 0, and there is a while(ret!=0).
BUG=681170
Change-Id: I63502a8487c07030fce2373f74cec6b4f0c98297
Reviewed-on: https://pdfium-review.googlesource.com/2211
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
If the values are going to overflow, return error code, which seems to
be 2.
BUG=668822
Change-Id: I89b3fcf277e98d65b8c3438e6d9bb84fe62a8de9
Reviewed-on: https://pdfium-review.googlesource.com/2213
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
BUG=680062
Change-Id: I9e2fd960915cd1de5e0cc15aeabf9ccf27e5a795
Reviewed-on: https://pdfium-review.googlesource.com/2212
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
BUG=669893
Change-Id: I0977c031d5b272ce5182da6b3020ac092e30aef4
Reviewed-on: https://pdfium-review.googlesource.com/2210
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
It already has a sizeof() and a cast built into the macro,
so we don't need to do sizeof() and cast on each usage.
Review-Url: https://codereview.chromium.org/2625133009
|
|
This patch adds the additional functions required to make postscript
printing functional. The most significant additions are are two added
compression functions and a new API for setting the postscript level.
Not currently called from Chromium, Chromium patch to come.
BUG=
Review-Url: https://codereview.chromium.org/2612243005
|
|
The return value is used to determine whether TIFFReadFile fails. If we
return just the length, libtiff will try reading uninitilized values
afterwards, on corrupted files.
BUG=679230, 670928
Change-Id: I579adc9d8a00e8cafab45dbdb728f1cb702da051
Reviewed-on: https://pdfium-review.googlesource.com/2172
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Use unique_ptr while we're at it.
Review-Url: https://codereview.chromium.org/2618373003
|
|
The code_size variable is the number of bits. We should make sure that
the size is at most 31 to avoid having undefined shifts etc.
BUG=620661
Change-Id: Ia533386d01de93a55048cfd63d63989b2731a210
Reviewed-on: https://pdfium-review.googlesource.com/2161
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Also use unique_ptr in one spot while we're at it.
Review-Url: https://codereview.chromium.org/2625483002
|
|
Code is much clearer when we use the actual types
rather than this convention.
Review-Url: https://codereview.chromium.org/2618993002
|
|
We are using pdfium::base::checked_cast to get the width and height,
but we may overflow and abort. Therefore, we should instead early
return if the obtained width and height are not valid int32_t's.
BUG=655056
Change-Id: Ic0c6b88a16dc3d547fe82736bb14ed3122cd356a
Reviewed-on: https://pdfium-review.googlesource.com/2160
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
CAgg_PathData::BuildPath already HardClips x, y. We need to do this to
any other points used, otherwise we risk having huge numbers, and when
calling agg methods on these we'll be super slow.
BUG=670524, 678767
Change-Id: I35c1cee7bd6481ea57e0df27b2c5202d1cca3301
Reviewed-on: https://pdfium-review.googlesource.com/2158
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
We should not have valid objects where the object number is
CPDF_Object::kInvalidObjNum.
BUG=pdfium:609
Review-Url: https://codereview.chromium.org/2610393004
|
|
Remove unused m_Segments.
Review-Url: https://codereview.chromium.org/2618863004
|
|
Review-Url: https://codereview.chromium.org/2611413002
|
|
Review-Url: https://codereview.chromium.org/2610813010
|
|
All usage is now replaced with stl equivalents.
Move one definition from fx_basic.h to where it's actually needed.
Review-Url: https://codereview.chromium.org/2612773007
|
|
Revert CL http://crrev.com/2608663003 in preparation for adding
postscript generation to Pdfium.
Note postscript generation code will not be called until additional
patches land. These patches will also include modifications needed to
make this code functional (currently missing a few compression functions).
BUG=
Review-Url: https://codereview.chromium.org/2615703002
|
|
Review-Url: https://codereview.chromium.org/2617683003
|
|
Removes more array template usage fron non-XFA code.
Review-Url: https://codereview.chromium.org/2614013002
|
|
I think the bCJK variable calculation is wrong. If not, then it is not
necessary, since currently it will always be set to false.
CL that added this code: https://codereview.chromium.org/1306883002/
Review-Url: https://codereview.chromium.org/2611843008
|
|
GetCachedBitmap method is not being used. This removal
simplifies some of the code.
Change-Id: I075c245c3511e8a1b595c8ba148991f7c838f504
Reviewed-on: https://pdfium-review.googlesource.com/2154
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
CPDF_DIBSource was already in its own file, but files needed renaming.
Change-Id: Ib3ac787a0bb33d3f78ecdcdfcdbc938867857a14
Reviewed-on: https://pdfium-review.googlesource.com/2152
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Use std::less<>() rather than a direct ptr1 < ptr2 comparison to
be strictly correct in face of unspecified behaviour when ptr1 and
ptr2 don't point within the same "object" (e.g. segment of memory
on a brain-dead segmented architecture).
This will allow their use as keys in maps.
Review-Url: https://codereview.chromium.org/2616683002
|
|
Required to pass pointers across C-APIs. Need this to clean
up CPDFXFA_Page and retain ptrs.
Review-Url: https://codereview.chromium.org/2583093003
|
|
This CL updates the Huffman decoder in the JBig2 codex to check the low field
does not overflow.
BUG=chromium:675236
Change-Id: I7f5f6fe8329df4ece6f317fac521fe2373686479
Reviewed-on: https://pdfium-review.googlesource.com/2131
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
I'd been waiting on this hoping the code would be refactored out
of existence, but it looks to be used.
Use tests against x.end() in place of a "null position".
This is greatly complicated by the use of "tail position", which
now calcluated by std::prev(x.end()) unless the list is empty.
Review-Url: https://codereview.chromium.org/2592163002
|
|
The previous implementation, FindPDFPage, was already doing this since
the recursive call was always with return. Currently, we were trying to
keep going even after reaching max level. The problem is that if the
page tree is not a tree, we might loop forever. This could also be
solved by keeping track of the dictionaries that have been visited, but
this solution takes much less space.
BUG=672172
Change-Id: Ia37aea58e92b6068de69f26736c612aa6a0ff4b3
Reviewed-on: https://pdfium-review.googlesource.com/2138
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Also be sure that a loop terminates without relying on
specific behaviour of the callers.
Review-Url: https://codereview.chromium.org/2598473002
|
|
Fix some naming to make things clearer.
Review-Url: https://codereview.chromium.org/2587233002
|
|
TBR=dsinclair@chromium.org
BUG=675752
Review-Url: https://codereview.chromium.org/2585113004
|
|
BUG=pdfium:644
Review-Url: https://codereview.chromium.org/2581873002
|