Age | Commit message (Collapse) | Author |
|
CFX_DIBitmap::Create does an allocation of size roughly 4*width*height
even in xfa_codec_fuzzer.h. This CL fixes the memory limit accordingly.
Bug: 789359
Change-Id: Ib5cbd08510ecacb2fbd22cb23394d24a86110bc5
Reviewed-on: https://pdfium-review.googlesource.com/19890
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
|
|
This CL reduces the memory limit in pdf_codec_jbig2_fuzzer. Note that
MSAN requires the limit to be lower than the actual bot usage limit.
In the testcase, we get OOM just after CFX_DIBitmap::Create.
It also increases the limit in xfa_codec_fuzzer.h
Bug: 784155
Change-Id: I6fc8d9533ca7dc2b19bf84b9eac23284e05b1e6d
Reviewed-on: https://pdfium-review.googlesource.com/19571
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This CL removes the CollectionSize and updates call locations as needed.
Bug: pdfium:774
Change-Id: I813c500b3a17a194407ceb1304252b9b16fe1779
Reviewed-on: https://pdfium-review.googlesource.com/19590
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
|
|
This is a div by 0 issue
BUG=chromium:779890
Change-Id: I91ca2969ffe52fb486b1fab32abc8609cd6567a2
Reviewed-on: https://pdfium-review.googlesource.com/17250
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
BUG=chromium:779342
Change-Id: I2a087a08fe87594eb73d9d955955be0e66e5cdc2
Reviewed-on: https://pdfium-review.googlesource.com/17030
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This limits the size detected in the header to 1,000,000 pixels, which
will support 1000 x 1000 images. This is being done to remove
non-useful OOM reports for very large images and improve fuzzing
efficiency, since larger images are unlikely to cover new logic.
BUG=pdfium:925
Change-Id: I4a7fa7cf02cbb469048b752d45bc9f64a1b60a98
Reviewed-on: https://pdfium-review.googlesource.com/17010
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
|
|
There are multiple instances of subclasses that either act as an
invalid stream or one backed by a memory buffer. Merging all of these
into two shared stream classes and removing the others.
BUG=pdfium:911
Change-Id: I264602808c6dc0e5c878da462a5e00883fe43e51
Reviewed-on: https://pdfium-review.googlesource.com/15093
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
|
|
The core fix in this CL is a change to how LWZ decompression works, so
that when the min code table size and the color palette size are
different, color codes after the end of the defined color palette are
considered errors.
This CL also introduces a bunch of tweaks to the call return path,
since there were multiple locations where the GIF decode failing
status was being dropped on the floor, so the end widget would have a
bitmap with the default colour in it, instead of nothing.
BUG=chromium:616671
Change-Id: Id6f40d552dc24650c91e9903f710ff2fa63bc774
Reviewed-on: https://pdfium-review.googlesource.com/14630
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: Ia9738e14d90a813b6ec7abd72843248fd3a3bff0
Reviewed-on: https://pdfium-review.googlesource.com/11910
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
After this CL, fx_dib.h only has some definitions used in multiple places.
Definitions that were of restricted usage were moved out to the corresponding
place. Includes in fx_dib were reduced, thus revealing other needed includes.
Change-Id: I3607da0af81c491256d64c0aa085225631efbdcc
Reviewed-on: https://pdfium-review.googlesource.com/3594
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This reverts commit 31b08d4cdaa17d7a03f35e087096a77036af98ec.
Re-landing the patch after fixing skia build issue.
Change-Id: Ie7039890088b803a6ec5ce365d70f57277459b48
Reviewed-on: https://pdfium-review.googlesource.com/3245
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This reverts commit 0004f29bf6ee3c6060a272c79f14993e92e053c7.
Reason for revert: Breaks build with skia_paths enabled (which will break the chrome roll).
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:1858:38: error: no member named 'get' in 'CFX_RetainPtr<CFX_DIBitmap>'
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:1861:42: error: no member named 'get' in 'CFX_RetainPtr<CFX_DIBitmap>'
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2987:15: error: no viable overloaded '='
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2991:18: error: no viable overloaded '='
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2999:17: error: no viable overloaded '='
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:3001:43: error: no member named 'GetObject' in 'CFX_RetainPtr<CFX_DIBitmap>'
Original change's description:
> Refcount all CFX_DIBSources (and subclasses) all the time.
>
> There are currently several ownership models for these objects,
> including ad-hoc logic for sharing and deletion, and the
> now-redundant CFX_DIBitmapRef externally-counted handle to the DIBs.
>
> Replace them all with the internal refcount scheme.
>
> Change-Id: I2db399dfc19219eda384f94cc989353b78ce2872
> Reviewed-on: https://pdfium-review.googlesource.com/3166
> Reviewed-by: dsinclair <dsinclair@chromium.org>
> Commit-Queue: dsinclair <dsinclair@chromium.org>
>
TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org,pdfium-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: I678b1fbc5e666cf7a19372ebaff3270fb115ba5e
Reviewed-on: https://pdfium-review.googlesource.com/3243
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
There are currently several ownership models for these objects,
including ad-hoc logic for sharing and deletion, and the
now-redundant CFX_DIBitmapRef externally-counted handle to the DIBs.
Replace them all with the internal refcount scheme.
Change-Id: I2db399dfc19219eda384f94cc989353b78ce2872
Reviewed-on: https://pdfium-review.googlesource.com/3166
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The one step to make an actual concrete class is conditionalized
in fpdfview and is unconditional in the fuzzer.
Also replace the clumsy C-style callbacks with a delegate
interface as long as we are making new interfaces.
Change-Id: I733a437483ce5e0c34211cfbbda05105336f55b5
Reviewed-on: https://pdfium-review.googlesource.com/2887
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
We can remove a lot of "bOwnsStream" logic in the process.
Always pass these by const reference, in case the called method
wants to hang on to the stream (one exception is where we stick
a raw pointer into a void* slot in a context from another layer).
Review-Url: https://codereview.chromium.org/2451493002
|
|
- Add a template for fuzzers to remove redundancy.
- Sort fuzzers in alphabetical order.
Previous attempt: https://codereview.chromium.org/2480043002/
Review-Url: https://codereview.chromium.org/2481933003
|
|
BUG=660015
TBR=npm@chromium.org
Review-Url: https://codereview.chromium.org/2452523005
|
|
It's been troubling for some time that an IFX_FileStream might
actually be an in-memory buffer with no backing file.
Review-Url: https://codereview.chromium.org/2443723002
|
|
When fuzzing the image formats, its possible to get a read request which
would go negative. Handle the request and return FALSE for the read.
BUG=chromium:621836
Review-Url: https://codereview.chromium.org/2386343002
|
|
Note: pdfium bots don't seem to touch these files.
Review-Url: https://codereview.chromium.org/2379973005
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2382723003
|
|
The progressive decoder will attempt to verify that the provided image type
matches the actual image content. We need to disable this check when running
the fuzzer in order to target the fuzzing to specific decoders otherwise
each fuzzer will end up fuzzing all of the decoders.
BUG=chromium:587126
Review-Url: https://codereview.chromium.org/2061733002
|
|
Generalize the PNG fuzzer and add fuzzers for the other image types handled by
the progressive decoder.
BUG=chromium:617659, chromium:616842, chromium:616841, chromium:616839
Review-Url: https://codereview.chromium.org/2045613002
|