| Age | Commit message (Collapse) | Author |
|---|
|
Avoids the possibility of having a stale pointer in the context.
Bug: 726653
Change-Id: I8b41d2ab04e7ab07e694431b53491b3d0861e4ee
Reviewed-on: https://pdfium-review.googlesource.com/6074
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Make CFX_RenderDevice, which owns the IFX_RenderDeviceDriver, responsible
for restoring driver state as part of its destruction so that its callers
don't have to do so out of turn.
Then re-order CPDF_PageRenderContext destruction order so that
the progressive renderer is destroyed before the device, and the
device destroyed before the options because of unowned pointers
to objects owned by these.
Bug: 726755
Change-Id: I9a6f23da12140b2758b86e6f33f715ad1c679c3f
Reviewed-on: https://pdfium-review.googlesource.com/6073
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
BUG=pdfium:720
R=npm@chromium.org
Change-Id: I2a43b34da6946265ca06502b9ff19ad352fd18cb
Reviewed-on: https://pdfium-review.googlesource.com/5953
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Avoid holding a stale pointer to it in CJBig2_GRDProc.
Bug: 726732
Change-Id: Ia3797a3e087f61bd2126f867fd5a282e873de5bc
Reviewed-on: https://pdfium-review.googlesource.com/6050
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Colorspaces need to be properly refcounted but in the mean time,
get rid of an obvious dangling pointer.
Bug: 726728
Change-Id: I6bd879b18f61f7f5defd2679ce896013eb218b9b
Reviewed-on: https://pdfium-review.googlesource.com/6072
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
This CL splits up font_int.h into files by classes. It also renames the
unittests to match the class being tested. Finally, it renames the ttgsubtable
files to match the class name.
Change-Id: I6187caa9e82d12b9a66e955113fe327d52042ae0
Reviewed-on: https://pdfium-review.googlesource.com/6090
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Use name that clues in bug triage folks as I'm writing
Probe -> severity low in each new bug report.
Also add comment from the unlanded chromium-side CL.
No functional change.
Change-Id: I49399e8450eaecd1369a85ea0212bdd69b1d0824
Reviewed-on: https://pdfium-review.googlesource.com/6070
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
CPDF_Parser::StartParse should release the current encrypt dict
before trashing it by calling RebuildCrossRef() at cpdf_parser.cpp:195.
This gives rise to the pattern that calls to ReleaseEncryptHandler()
are followed by SetEncryptDict(nullptr), so just move the later into
the former.
Bug: 726503
Change-Id: I38bc81f0c0416812035a8a2541c09e875f1fb49a
Reviewed-on: https://pdfium-review.googlesource.com/6030
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Add a GetBox() helper method.
Change-Id: I171b2e6714b6c001fad60baa0d4dff2f3c3c978f
Reviewed-on: https://pdfium-review.googlesource.com/6011
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
BUG=pdfium:719
R=npm@chromium.org
Change-Id: Ifd9330de265f8419d588b65fbd6a6187f17badd1
Reviewed-on: https://pdfium-review.googlesource.com/5950
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
BUG=pdfium:718
R=npm@chromium.org
Change-Id: Icdc1546c87a676a7d05330dece2c5eacd92c0c92
Reviewed-on: https://pdfium-review.googlesource.com/5951
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Change-Id: I061132b3de0f388f4f4c103ff0377405de2ecf29
Reviewed-on: https://pdfium-review.googlesource.com/6012
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3
Reviewed-on: https://pdfium-review.googlesource.com/5970
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: Id816174391ee3a5612fb22df0b4c15fb3112cc8d
Reviewed-on: https://pdfium-review.googlesource.com/5954
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Sed + minimal conversions to compile, including moving some
constructors into the .cpp file. Any that caused ASAN issues
during the tests were omitted rather than trying to resolve
the underlying issue.
Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335
Reviewed-on: https://pdfium-review.googlesource.com/5891
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: I6200968b0c72d2de32d51a741ac821084ad84f8a
Reviewed-on: https://pdfium-review.googlesource.com/5952
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL separates pageint.h and the supporting cpp files into indivudal
class files.
Change-Id: Idcadce41976a8cd5f0d916e6a5ebbc283fd36527
Reviewed-on: https://pdfium-review.googlesource.com/5930
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I30b59c794fc855fd36c33da3c60053ae08b3dac1
Reviewed-on: https://pdfium-review.googlesource.com/5910
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
In a way similar to the existing USE_SYSTEM_ZLIB. The default is of course
still the bundled lcms2.
Change-Id: I219b50854b3c7870b0f4d94574ba39f6cb26f556
Reviewed-on: https://pdfium-review.googlesource.com/5870
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: I4eab5e843580845753c5f80c05cf9490a85114b6
Reviewed-on: https://pdfium-review.googlesource.com/5890
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: Ia1151e0855accda0873251938a521df1913c73fa
Reviewed-on: https://pdfium-review.googlesource.com/5852
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I99d6b4df72e369652301c36e4046f03ef95ed07d
Reviewed-on: https://pdfium-review.googlesource.com/5837
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This CL splits up BiInterpolImpl into the three interpolations its made of. In
the interpolation, safe math is used, and a boolean keeps track of whether an
overflow has occurred. If it does, we consider the patch to be invalid and
immediately terminate the Draw method.
Bug: chromium:724885
Change-Id: I4944ee1d821d8dd46c04e6b145eabe19d2ad8a5a
Reviewed-on: https://pdfium-review.googlesource.com/5851
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Fix strange ownership issue in cpdf_type3char.cpp, and
describe the absolutely insane stuff happening there.
Change-Id: Iae70f9eca8f125ed3ef677729f1776ba9f10183c
Reviewed-on: https://pdfium-review.googlesource.com/5830
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: Ibdb20fca7e4daae9d61286df4801ac02faf3b281
Reviewed-on: https://pdfium-review.googlesource.com/5831
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Remove an explicit clear to re-order the member
destruction order.
Change-Id: I33da3f3de4b8e8e0cfbdceaf5140e98f5d6f904a
Reviewed-on: https://pdfium-review.googlesource.com/5791
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
The Gif module is only using the longjmp as a way to catch errors, so this CL
makes it use GifDecodeStatus::Error instead.
Change-Id: I9c97e63ed851d2a80e38f1d2cd9e8f297d608cb2
Reviewed-on: https://pdfium-review.googlesource.com/5850
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
CPDF_PageRenderCache::m_ImageCache is a map from streams to
an image cache entry containing a clump of data associated
with the stream. Oddly, the clump includes the stream key (which
we already have in order to get to the clump), but worse doesn't
ensure the existence of the CPDF_Image object which (maybe) owns
the stream key in question.
So replace the stream with a retained ptr to the image.
Also renamed an unrelated member to avoid confusion with the
CPDF_Object in play.
Bug: 724460
Change-Id: Id13d2c246918d4ff78c12b5bdb927f99c3f5e4e1
Reviewed-on: https://pdfium-review.googlesource.com/5771
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Change-Id: I88466943171f19259f84add69679741d44c8e123
Reviewed-on: https://pdfium-review.googlesource.com/5551
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I551b4210c95db0b916e9fe6cddf11e6c3d015c50
Reviewed-on: https://pdfium-review.googlesource.com/5790
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Use the correct values to calculate SHA512.
BUG=pdfium:727,chromium:725267
Change-Id: I63d257c1df6304019a70f53df4653d358d3db525
Reviewed-on: https://pdfium-review.googlesource.com/5770
Commit-Queue: Wei Li <weili@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Otherwise, the UnownedPtr destructor will try to probe it. ASAN
knows about the structure of std::vector and will flag it as such.
Bug: 724960
Change-Id: I2b24501704c3845a4b16edad191d7b8f41f77587
Reviewed-on: https://pdfium-review.googlesource.com/5750
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Sometimes, web links are written with other text such as punctuations
which makes the extracted web links invalid. We improve this by trimming
invalid chars at the end of host name only URLs. For example, host names
never ends with ';' or ','.
BUG=chromium:720578
Change-Id: Id619025b2153531376d268a69a3a89c3d49fce08
Reviewed-on: https://pdfium-review.googlesource.com/5692
Commit-Queue: Wei Li <weili@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Instead of allocating a chunk of memory and using qsort().
Change-Id: I95041f79cfe609a9d99493d59eb074599ec49230
Reviewed-on: https://pdfium-review.googlesource.com/5690
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Building a little-endian n-byte value via a single byte
store and a memset(0) is dubious, but don't clobber the
value we just stored.
Bug: 723625
Change-Id: I015ea3e01c63a534f2ca0a1c085ed67777330d82
Reviewed-on: https://pdfium-review.googlesource.com/5732
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Add Release() method, type-convertible compares and assigns, and
right hand vs. left hand comparisons.
Change-Id: I96b1112e328802143d314aa6c92948f26583fa90
Reviewed-on: https://pdfium-review.googlesource.com/5731
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
More straight forward than CFX_GEModule owning in and CPDF_ModuleMgr
holding a pointer to it.
Remove assumptions that the codec modules may return nullptr, and do
IWYU.
Change-Id: Iba7fc3c7ec223fd6d29a1ab74ed13d35689bc5d5
Reviewed-on: https://pdfium-review.googlesource.com/5654
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: Ib219e23efdcb128772c4c3138531363af53780a1
Reviewed-on: https://pdfium-review.googlesource.com/5652
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
One lifetime issue was fixed by passing CPDF_RenderStatus into
Continue() methods rather than holidng a pointer which was going
stale.
Bug:
Change-Id: I63b9dce4c1a0d1377cc407b5460535f7c916a040
Reviewed-on: https://pdfium-review.googlesource.com/5659
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change interform to avoid temp StringC with dangling ptr.
Change-Id: I8d8659973bcdf2cdbcaa6efa6012e4acce5f1604
Reviewed-on: https://pdfium-review.googlesource.com/5571
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This CL fixes a typo introduced in:
https://pdfium-review.googlesource.com/c/4495/3/core/fxge/dib/cfx_imagetransformer.cpp#395
Bug: chromium:723976
Change-Id: I629d1e61054805f768356fce44c25f40f9346beb
Reviewed-on: https://pdfium-review.googlesource.com/5634
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This regressed in commit e21fe98. When the image's bpc is a multiple of
8, there exists a colorspace, and there is a Decode parameter, the image
data source was incorrectly pointing to a data structure that only
contained black pixels.
BUG=chromium:718762
Change-Id: I5d3fa739e41726b4ed1ebc16465e17f83fff9f8d
Reviewed-on: https://pdfium-review.googlesource.com/5333
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
In particular, doing m_pPtr = nullptr; in your dtor to evade this
check will not longer work.
Fix slight mis-ordering observeds in CFX_Font and CPDFXFA_Context.
Change-Id: I3e6137159430333b091364021283a54a13d916b5
Reviewed-on: https://pdfium-review.googlesource.com/5570
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
The ToUnicode map should not be ignored when it exists. Doing so can cause a
charcode to be assigned an incorrect glyph index, and will result in garbled
text.
Previously, some bots failed with 'unable to open' the .png file.
Bug: chromium:665467
Change-Id: I435a73647eadcc3ba37bb0120f3b5cee381ae7a3
Reviewed-on: https://pdfium-review.googlesource.com/5610
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Bug:
Change-Id: I294e765916f35ef933142789179a06ffad67fc31
Reviewed-on: https://pdfium-review.googlesource.com/5494
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
|
|
This CL adds some checks to make sure the DecodeString method does not go out
out control:
If code is equal to code_table[code].prefix, it will try to loop forever.
Even if that's not the case, avoid reading a negative position from the stack.
Bug: chromium:722672
Change-Id: I638f91542ba21f3a9915198fef853cc3cf94f4f1
Reviewed-on: https://pdfium-review.googlesource.com/5513
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This reverts commit dde95d8be9bc2817e34429fc38ee6d89d6d5ab75.
Reason for revert: the test added is flaky
Original change's description:
> Small fix in CPDF_TrueTypeFont load
>
> The ToUnicode map should not be ignored when it exists. Doing so can cause a
> charcode to be assigned an incorrect glyph index, and will result in garbled
> text.
>
> Bug: chromium:665467
> Change-Id: I21c1bf560a0731d974191d4189ea730ef9868334
> Reviewed-on: https://pdfium-review.googlesource.com/5512
> Reviewed-by: Lei Zhang <thestig@chromium.org>
> Commit-Queue: Nicolás Peña <npm@chromium.org>
>
TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org,npm@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Bug: chromium:665467
Change-Id: I704a34f326d31018061bcfd857fb25f7e4ee4cc2
Reviewed-on: https://pdfium-review.googlesource.com/5493
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
In particular, prefer an explicit .release() call when handing
ownership of an object to a caller across a C-API.
Change-Id: Ic3784e9d0b2d378a08d388989eaea7c9166bacd1
Reviewed-on: https://pdfium-review.googlesource.com/5470
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
The ToUnicode map should not be ignored when it exists. Doing so can cause a
charcode to be assigned an incorrect glyph index, and will result in garbled
text.
Bug: chromium:665467
Change-Id: I21c1bf560a0731d974191d4189ea730ef9868334
Reviewed-on: https://pdfium-review.googlesource.com/5512
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
There are places where an object "child" has a raw pointer
back to object "owner" with the understanding that owner will
always outlive child.
Violating this constraint can lead to use after free, but this
requires finding two paths: one that frees the objects in the
wrong order, and one that uses the object after the free. The
purpose of this patch is to detect the constraint violation
even when the second path is not hit.
We create a template that is used in place of TYPE*. It's dtor,
when a memory tool is present, goes out and probes the first
byte of the object to which it points. Used in "child", this
allows the memory tool to prove that the "owner" is still alive
at the time the child is destroyed, and hence the constraint is
never violated.
Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417
Reviewed-on: https://pdfium-review.googlesource.com/5475
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
