Age | Commit message (Collapse) | Author |
|
Fix memory ownership model for PDFium timers.
The |app| class owns the CJS_Timer as part of its vector<unique_ptr>
to them.
The CJS_Timer "owns" its slot in the global ID to timer map, and
removes itself when it is destroyed. Nothing else deletes
from the global map. Deleting from the global map is
accompanied by a callback to the embedder to clear its
resources.
Next, the proper way to remove a CJS_Timer is by going
through the app, and having the app erase its unique ptr,
which then deletes the CJS_Timer, which in turn cleans up the
global map. Provide a CJS_Timer::Cancel static method to
do this conveniently.
There is a alternate path to the CJS_timer via JS and its
CJS_TimerObj. CJS_TimerObj owns a TimerObj that currently
points to the CJS_Timer. If the timer fires, and cleans
itself up, this can go stale.
Make the TimerObj maintain a weak reference via global
timer ID rather than a direct pointer to the CJS_Timer, so
that if the timer fires and is destroyed, future attempts
to cancel find nothing.
There is another path, where if the JS timer object is GC'd, then we
just clean up its CJS_TimerObj without touching
the actual CJS_Timers. We could make this match the spec
by calling into the new cancel routine as described above,
but it seems weird to have a timer depend on whether a gc
happened or not.
A subsequent CL will rename these objects to more closely
match the conventions used by the other JS wrappers.
BUG=634716
Review-Url: https://codereview.chromium.org/2221513002
|
|
We must look the timer up a second time since the callback
may have released it.
BUG=634394
Review-Url: https://codereview.chromium.org/2214003003
|
|
Adds more questionable invocations of ClearTimeOut().
Also, checking that nothing happened is fragile. Log at least
one thing to show that the code ran.
Review-Url: https://codereview.chromium.org/2218473002
|
|
While we're at it, beef up existing test for non-cancellation.
In turn, fix test harness to implement intervals properly.
In turn, fix public documentation to be clearer about timers.
Also rename a few identifiers that sounded "off".
Review-Url: https://codereview.chromium.org/2211513002
|
|
The pointer a unique_ptr contains should be checked instead of the
pointer of the unique_ptr itself.
BUG=chromium:631912
Review-Url: https://codereview.chromium.org/2205573004
|
|
BUG=pdfium:496
Review-Url: https://codereview.chromium.org/2005653002
|
|
files. (patchset #1 id:1 of https://codereview.chromium.org/1946693002/ )"
This reverts commit a031357eaab7c934ac03717968cf78ff556c819b.
The reason to revert it is that some malformed or maliciously crafted PDF
files may cause crashes.
BUG=610973
Review-Url: https://codereview.chromium.org/1971013002
|
|
(patchset #1 id:1 of https://codereview.chromium.org/1946693002/ )
Reason for revert:
The culprit was found and confirmed, not this one.
Original issue's description:
> Revert of Relax a couple checks to allow certain non-standard PDF files. (patchset #1 id:1 of https://codereview.chromium.org/1926823002/ )
>
> Reason for revert:
> Speculatively revert due to high volume of crashes on Chromium.
>
> Original issue's description:
> > Relax a couple checks to allow certain non-standard PDF files.
> >
> > Some non-standard PDF files misuse the size of cross reference table,
> > and reuse some object number which the old one is still in use. PDFium
> > can relax the reusing of xref objects only since it is not referred in
> > the pdf document. When the size of cross reference table is larger
> > than defined, PDFium will try to continue other than abort.
> >
> > BUG=chromium:596947
> >
> > Committed: https://pdfium.googlesource.com/pdfium/+/cd1e9ff4f432cbc29ed279e6891fb7ddc2ea3734
>
> TBR=thestig@chromium.org,dsinclair@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=chromium:596947
>
> Committed: https://pdfium.googlesource.com/pdfium/+/5fc4f31285c3a88fc157fd2d9b9cf2eb5c7cabed
TBR=thestig@chromium.org,dsinclair@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:596947
Review-Url: https://codereview.chromium.org/1947983002
|
|
(patchset #1 id:1 of https://codereview.chromium.org/1926823002/ )
Reason for revert:
Speculatively revert due to high volume of crashes on Chromium.
Original issue's description:
> Relax a couple checks to allow certain non-standard PDF files.
>
> Some non-standard PDF files misuse the size of cross reference table,
> and reuse some object number which the old one is still in use. PDFium
> can relax the reusing of xref objects only since it is not referred in
> the pdf document. When the size of cross reference table is larger
> than defined, PDFium will try to continue other than abort.
>
> BUG=chromium:596947
>
> Committed: https://pdfium.googlesource.com/pdfium/+/cd1e9ff4f432cbc29ed279e6891fb7ddc2ea3734
TBR=thestig@chromium.org,dsinclair@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:596947
Review-Url: https://codereview.chromium.org/1946693002
|
|
Some non-standard PDF files misuse the size of cross reference table,
and reuse some object number which the old one is still in use. PDFium
can relax the reusing of xref objects only since it is not referred in
the pdf document. When the size of cross reference table is larger
than defined, PDFium will try to continue other than abort.
BUG=chromium:596947
Review-Url: https://codereview.chromium.org/1926823002
|
|
Some unknown software generates cross reference table with the
claimed object numbers are all off by one. Add a simple verification
function to detect this scenario, thus have a chance to rebuild
the correct cross reference table.
To avoid unnecessary checks and potiential performance hit, we only
check for the very first non free entry.
BUG=602650
Review URL: https://codereview.chromium.org/1910063004
|
|
The font_size.pdf file should not have been committed as it will be generated
at test time from the .in file.
Review URL: https://codereview.chromium.org/1908613004
|
|
https://codereview.chromium.org/1888673003/ )
Reason for revert:
Dr.Memory code is wrong.....
Original issue's description:
> Re-Reland Combined test runner.
>
> Original Commit Message:
>
> This CL revives the old CL to combine the test runners [1] which was reverted
> due to failing font_size tests. I've deleted the font_size.pdf as it is not
> needed and for testing. Pixel tests are either .in or .pdf files, not both.
>
> Original description:
> This CL takes the three test runners (corpus, javascript, pixel) and combines
> the code into a single test_runner file. Each of the individual runners still
> exists and calls the test runner with their data directory.
>
> With this change, the pixel and javascript test will now run in parallel if
> multiple processors are available.
>
> 1-https://codereview.chromium.org/1430623006/
>
> BUG=
>
> Committed: https://pdfium.googlesource.com/pdfium/+/84b26ec6ba8193235ce0df817dec5c0f1da29841
TBR=ochang@chromium.org,zhaoqin@chromium.org,tsepez@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1898353004
|
|
Original Commit Message:
This CL revives the old CL to combine the test runners [1] which was reverted
due to failing font_size tests. I've deleted the font_size.pdf as it is not
needed and for testing. Pixel tests are either .in or .pdf files, not both.
Original description:
This CL takes the three test runners (corpus, javascript, pixel) and combines
the code into a single test_runner file. Each of the individual runners still
exists and calls the test runner with their data directory.
With this change, the pixel and javascript test will now run in parallel if
multiple processors are available.
1-https://codereview.chromium.org/1430623006/
BUG=
Review URL: https://codereview.chromium.org/1888673003
|
|
Fixes a potential mismatch of |m_nComponents| between CPDF_DIBSource and
its CPDF_ColorSpace, from code attempting to recover from a failed decoder
initialisation in CPDF_DIBSource::CreateDecoder.
BUG=chromium:603518
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1892143003
|
|
https://codereview.chromium.org/1886753002/ )
Reason for revert:
Dr. Memory still broken: https://build.chromium.org/p/client.pdfium/builders/drm_win_xfa/builds/330/steps/pixel%20tests/logs/stdio
Original issue's description:
> Reland Combined test runner.
>
> This reverts commit 7a4374583efc0c41c826122aa26c1198c8d5cc37.
>
> Original Commit Message:
>
> This CL revives the old CL to combine the test runners [1] which was reverted
> due to failing font_size tests. I've deleted the font_size.pdf as it is not
> needed and for testing. Pixel tests are either .in or .pdf files, not both.
>
> Original description:
> This CL takes the three test runners (corpus, javascript, pixel) and combines
> the code into a single test_runner file. Each of the individual runners still
> exists and calls the test runner with their data directory.
>
> With this change, the pixel and javascript test will now run in parallel if
> multiple processors are available.
>
> 1-https://codereview.chromium.org/1430623006/
>
> Committed: https://pdfium.googlesource.com/pdfium/+/9cec54ab0a5461b3075c585f8f233dbfd06c2cbd
TBR=tsepez@chromium.org,ochang@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1890703002
|
|
This reverts commit 7a4374583efc0c41c826122aa26c1198c8d5cc37.
Original Commit Message:
This CL revives the old CL to combine the test runners [1] which was reverted
due to failing font_size tests. I've deleted the font_size.pdf as it is not
needed and for testing. Pixel tests are either .in or .pdf files, not both.
Original description:
This CL takes the three test runners (corpus, javascript, pixel) and combines
the code into a single test_runner file. Each of the individual runners still
exists and calls the test runner with their data directory.
With this change, the pixel and javascript test will now run in parallel if
multiple processors are available.
1-https://codereview.chromium.org/1430623006/
Review URL: https://codereview.chromium.org/1886753002
|
|
- Using |-skew| to get positive index, which doesn't work when skew is
INT_MIN
- Incorrect logic when determining when to use |-skew| as an index.
R=tsepez@chromium.org,weili@chromium.org
BUG=chromium:601362
Review URL: https://codereview.chromium.org/1875673004
|
|
https://codereview.chromium.org/1850273003/ )
Reason for revert:
Broke Dr. Memory
Original issue's description:
> Combined test runner.
>
> This CL revives the old CL to combine the test runners [1] which was reverted
> due to failing font_size tests. I've deleted the font_size.pdf as it is not
> needed and for testing. Pixel tests are either .in or .pdf files, not both.
>
> Original description:
> This CL takes the three test runners (corpus, javascript, pixel) and combines
> the code into a single test_runner file. Each of the individual runners still
> exists and calls the test runner with their data directory.
>
> With this change, the pixel and javascript test will now run in parallel if
> multiple processors are available.
>
> 1-https://codereview.chromium.org/1430623006/
>
> Committed: https://pdfium.googlesource.com/pdfium/+/03e8f12cd3788038225d0376a164a9993f6cb720
TBR=tsepez@chromium.org,thestig@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1867643002
|
|
This CL revives the old CL to combine the test runners [1] which was reverted
due to failing font_size tests. I've deleted the font_size.pdf as it is not
needed and for testing. Pixel tests are either .in or .pdf files, not both.
Original description:
This CL takes the three test runners (corpus, javascript, pixel) and combines
the code into a single test_runner file. Each of the individual runners still
exists and calls the test runner with their data directory.
With this change, the pixel and javascript test will now run in parallel if
multiple processors are available.
1-https://codereview.chromium.org/1430623006/
Review URL: https://codereview.chromium.org/1850273003
|
|
Review URL: https://codereview.chromium.org/1838543002
|
|
R=dsinclair@chromium.org
Review URL: https://codereview.chromium.org/1837543002
|
|
Added test case.
Several bugs going on here:
JS_LocalTime() ignoring argument and returning current time
and not factoring in the time zone adjustment.
Use of FXSYS_floor() silently casts result to float,
losing precision required to extract minutes and seconds.
Pre-existing wcsftime escapes not stripped.
BUG=pdfium:413
Review URL: https://codereview.chromium.org/1833053002
|
|
Code committed at 258f19f makes the test pass.
BUG=591137
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1779703003 .
|
|
BUG=pdfium:420
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1757373002 .
|
|
Add these tests before fixing bug 419.
R=dsinclair@chromium.org
Review URL: https://codereview.chromium.org/1761923002 .
|
|
Currently, there is a check that an object number is <= 0x1000000. If that
check fails, we end up putting the parser into a bad state and fail to load
documents. The object does not need to be in the XRef table, or referenced
from the document, just be in the document.
This Cl removes the size check and updates the various atoi calls to use a
uint32_t instead of an int32_t so we don't end up getting strange values when
converting from a string.
BUG=455199
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1755273002 .
|
|
Original Review URL: https://codereview.chromium.org/1654523002 .
(cherry picked from commit 3859258ebe9e81e1f766b57e7f78c786ae4ed495)
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1658753002 .
|
|
Review URL: https://codereview.chromium.org/1650623004 .
(cherry picked from commit 56d618ac9b4c82a9a350f21bbc6ec2ec6a95c8b0)
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1657533004 .
|
|
Original Review URL: https://codereview.chromium.org/1645413002 .
(cherry picked from commit 6902db5cbaf0afb8f2cb4df325e1a4e7d6acd53f)
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1648793006 .
|
|
Original Review URL: https://codereview.chromium.org/1652533002 .
(cherry picked from commit 1bce5f62f3292a6baf35491bf4c9b4fde2fb73e3)
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1652543003 .
|
|
Original Review URL: https://codereview.chromium.org/1641693003 .
(cherry picked from commit 66519af52b61ca158044651d0507d47efb364f87)
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1639253008 .
|
|
Original Review URL: https://codereview.chromium.org/1586203006 .
(cherry picked from commit f13d510cf267c27f4c123494de67670ec201cedc)
BUG=pdfium:361
R=ochang@chromium.org
TBR=ochang@chromium.org
Review URL: https://codereview.chromium.org/1603173004 .
|
|
There are multiple functions in CPDF_Object class which can cause infinite loop due to recursively calling circular indirect objects. Fix them by deference indirect object first.
BUG=pdfium:355
TBR=jun_fang@foxitsoftware.com, thestig@chromium.org
Review URL: https://codereview.chromium.org/1585533002 .
(cherry picked from commit 90853cb1dfd1bf3803ec21cfae3e93948137be61)
Review URL: https://codereview.chromium.org/1602103004 .
|
|
BUG=pdfium:361
TBR=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1586983005 .
(cherry picked from commit a943a2516e5483012e0fbef7e8fafbed1b22ed95)
Review URL: https://codereview.chromium.org/1582413007 .
|
|
Although trailer's size value is required by spec, other readers such as
Acrobat or libpoppler can handle without it. Loose up the check to be
more tolerant.
BUG=pdfium:213
R=thestig@chromium.org
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1582193002 .
(cherry picked from commit 34291b900ad0472eef582215cfce0d942a40fd16)
Review URL: https://codereview.chromium.org/1589783004 .
|
|
BUG=pdfium:360
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1585823003 .
(cherry picked from commit 5d5d9fe7bd1c9566b9d6570015b7c60894d9fc0c)
Review URL: https://codereview.chromium.org/1583073004 .
|
|
Original Review URL: https://codereview.chromium.org/1582383002 .
(cherry picked from commit 1a82d5c28be2ebdb7524a7249e43026546d0ebf0)
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1590053002 .
|
|
Original Review URL: https://codereview.chromium.org/1588733003 .
(cherry picked from commit 15367cbbb7b8bea2549212b3c9c1f01727c6ccb5)
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1584563005 .
|
|
CPDF_SyntaxParser::GetObject() may enter into an infinite loop when a
signature dictionary doesn't have 'Contents' field. Add a check to
avoid that.
BUG=pdfium:344
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1575833004 .
(cherry picked from commit d3ab0f383f6736657480a8bb418c5e715a1aed3b)
Review URL: https://codereview.chromium.org/1571333004 .
|
|
BUG=pdfium:343
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1569343002 .
(cherry picked from commit 149f1db8bba85bdf2b40d330c38f2478695ca0d5)
Review URL: https://codereview.chromium.org/1575663002 .
|
|
BUG=572871
TBR=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1564773003 .
(cherry picked from commit dcac57bc8b64fdc870d79d11a498ae7021cf8ae7)
Review URL: https://codereview.chromium.org/1569663002 .
|
|
BUG=pdfium:325
TBR=weili@chromium.org
Review URL: https://codereview.chromium.org/1543043003 .
(cherry picked from commit 2d88e91ca5538470c9f4bc098e7f1f1ea9013c37)
Review URL: https://codereview.chromium.org/1560903002 .
|
|
When cross reference sections form a loop, our code will enter an
infinite loop. Add detection and exit code for v4 cross reference loading.
V5 loading was done previously.
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1558093002 .
(cherry picked from commit aab8f462ea3368ed4825172231131e1a10db978d)
Review URL: https://codereview.chromium.org/1556423002 .
|
|
Original Review URL: https://codereview.chromium.org/1557173002 .
(cherry picked from commit 14fdb1d40741912e430db4318a9033764429659f)
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/1556983003 .
|
|
Also clean up while we're here.
BUG=557223
TBR=tsepez@chromium.org
Original Review URL: https://codereview.chromium.org/1512833008 .
(cherry picked from commit 08750d0400f1635ac33c3234cb11b192f31a1eeb)
Review URL: https://codereview.chromium.org/1521473003 .
|
|
BUG=pdfium:298
TBR=weili@chromium.org
Review URL: https://codereview.chromium.org/1496703005 .
(cherry picked from commit 93181f9a20db7ac706bb9405750303db93762a5b)
Review URL: https://codereview.chromium.org/1514783002 .
|
|
Loosen a check for earlier version of PDF files. When the bytes with
specified length are followed by 'endstream' keyword, even if there is
no EOL marker before the keyword, it signals the end of stream.
BUG=551258
TBR=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/1499433002 .
(cherry picked from commit 0ff66089c87ab6e3adaaff0ec69728ce7a8d8299)
Review URL: https://codereview.chromium.org/1504723002 .
|
|
RebuildCrossRef function returns false when we can not find file trailer
or any indirect object. This serves as a basic file format checking.
BUG=pdfium:215
TBR=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/1476163002 .
(cherry picked from commit f14da1d58e8e12633c7a47e6efd5ffe43bb37b4b)
Review URL: https://codereview.chromium.org/1486383002 .
|
|
This matches the type of the corresponding |CFX_DIBSource::m_Pitch|,
where integer overflow is checked for FX_DWORD. This change is
propagated to many other places.
Also, check for integer overflow in |CCodec_RLScanlineDecoder::Create|
during the calculation of |m_Pitch| since it aligns to 4 bytes while
overflow was was previously checked without this alignment.
TBR=tsepez@chromium.org
BUG=555784
Review URL: https://codereview.chromium.org/1460033002 .
(cherry picked from commit e7950df70a2fd658f466751b29483436cb31e829)
Review URL: https://codereview.chromium.org/1461363002 .
|