summaryrefslogtreecommitdiff
path: root/third_party
AgeCommit message (Collapse)Author
2016-11-15Create a subset of skia support for paths onlycaryclark
This is a continuation of https://codereview.chromium.org/2346483006/ This removes the need for agg, without providing full Skia support. It doesn't work yet, but it does compile and run for simple PDFs. R=dsinclair@google.com Review-Url: https://codereview.chromium.org/2491693002
2016-11-07Force compiler to deduce src type for checked_cast<dst, src>.tsepez
Otherwise, we might be silently doing an unsafe cast before applying the check if the actual argument doesn't match the exact src type. Review-Url: https://codereview.chromium.org/2484953003
2016-11-07lcms: backport upstream commit c0a98d86kcwu
This fixed several issues. BUG=chromium:654265,chromium:657282,chromium:654676,chromium:654313 Review-Url: https://codereview.chromium.org/2482523003
2016-11-07lcms: Fix memory leak in ReadSegmentedCurvekcwu
BUG=chromium:658223 Review-Url: https://codereview.chromium.org/2480013002
2016-11-02Take more current safe_math_impl.h from upstream.chromium/2908tsepez
Corresponds to version dfd77a987650965071d0fddfbe0b806ce62ba337. Major change is to handle div by 0 without exceptions. Safe shift is not yet present. TBR=thestig@chromium.org TBR=jschuh@chromium.org Review-Url: https://codereview.chromium.org/2473513002
2016-10-26libtiff: Fix unsigned vs signed comparison warning.thestig
tif_pixarlog.c revision 1.45. commitid: IX5L3QQ5Qtzcofcz BUG=chromium:654172 Review-Url: https://codereview.chromium.org/2452293002
2016-10-26libtiff: Prevent a buffer overflow in function PixarLogDecode.stackexploit
Fix potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images. The issue has been fixed in upstream (libtiff revision 1.44, author: erouault, commitid: 2SqWSFG5a8Ewffcz, date: 2016-06-28 23:12:19 +0800). This CL applies the official patch to tif_pixarlog.c. BUG=chromium:654172 R=dsinclair@chromium.org, thestig@chromium.org Review-Url: https://codereview.chromium.org/2453253003
2016-10-21Fix some div by 0s in safe_math_impl.hchromium/2898tsepez
The majority of these are already upstream in base/, the remainder will need upstreaming. Also pull some upstream changes to reduce diffing. Upstream CL is https://codereview.chromium.org/2440143003/ BUG=657436 Review-Url: https://chromiumcodereview.appspot.com/2441753003
2016-10-17lcms: Revise previous cmsStageAllocMatrix fixkcwu
Also fixed wrong patch file name. This is fixup of 958e57cb and d2023170 TEST=apply this change in lcms' repo and make check BUG=chromium:651849,chromium:654198 Review-Url: https://codereview.chromium.org/2424803002
2016-10-17lcms: reject NaN when reading float numberskcwu
LerpFloat functions expect input values are normal float. They first clamp values to the range of [0.0, 1.0] and then calculate interpolation with the input values. If the input value is NaN, it will lead to heap buffer overflow because the index to LutTable is calculated based on the said value and fclamp(NaN) is not in expected [0.0, 1.0] range. This patch rejects all NaN values earlier when reading float numbers. So it also changed behavior for cases other than LerpFloat. I think it is okay because NaN doesn't make sense for usual calculations. BUG=654676 Review-Url: https://codereview.chromium.org/2422553002
2016-10-12Fix else-line corrupted by non-ascii character when importkcwu
BUG=pdfium:619 Review-Url: https://codereview.chromium.org/2411123003
2016-10-11Fix cmdStageAllocMatrix parameter swap againkcwu
This is fixup of 958e57cb. BUG=chromium:651849,chromium:654198 Review-Url: https://codereview.chromium.org/2407113002
2016-10-10libtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip.stackexploit
The patch (https://codereview.chromium.org/2284063002) for Issue 618267 was insufficient. The integer overflow still could be triggered and could lead to heap buffer overflow. This CL strengthens integer overflow check in function _TIFFCheckRealloc. BUG=chromium:654169 R=ochang@chromium.org, tsepez@chromium.org, dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2405693002
2016-10-04Fix cmdStageAllocMatrix parameter swapkcwu
For cmdStageAllocMatrix, InputChans is length of Matrix, OutputChans is length of Offsets. The original code will allocate NewElem->Offset with length Cols=InputChans (cmslut.c:417). This results in heap buffer overflow later. BUG=chromium:651849 Review-Url: https://codereview.chromium.org/2384063006
2016-10-03Add ptr_util.h from base until std::make_unique<> availabletsepez
Review-Url: https://codereview.chromium.org/2386273004
2016-10-03Fix potentially uninitialized value.chromium/2880dsinclair
Depending on what ReadOK does it's possible for |dircount16| to be used without being initialized. The read code calls back into PDFium specific code which then calls into the stream reading code. Initialize the value to be sure it is set. BUG=chromium:651632 Review-Url: https://codereview.chromium.org/2389993002
2016-09-29Move core/fxcrt/include to core/fxcrtdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2382723003
2016-09-26Fix memory leak in lcms, MPEmatrix_Readkcwu
BUG=650277 Review-Url: https://codereview.chromium.org/2371723003
2016-09-22Fix memory leaks in lcmskcwu
found by libfuzzer Review-Url: https://codereview.chromium.org/2359243003
2016-09-22Fix use uninitialized value and stack buffer overflow readkcwu
Found by libfuzzer Review-Url: https://codereview.chromium.org/2362813002
2016-09-22Fix infinite loop when calling GrowNamedColorListkcwu
Handle the case that GrowNamedColorList return fail when list is too long. Otherwise the loop never ends. Found by libfuzzer Review-Url: https://codereview.chromium.org/2365663002
2016-09-15Use safe math when rendering line segments in AGG.dsinclair
It is possible for the calculations in outline_aa::render_line to overflow as the |p| variable is calculated. This Cl updates the routine to use checked math when calculating the value of |p|. BUG=chromium:647026 Review-Url: https://codereview.chromium.org/2347603002
2016-09-12Make CFX_Obeservable::Observer into a pointer-ish type;tsepez
This may be a better design because it avoids having a level of indirection that the Observer required. Review-Url: https://codereview.chromium.org/2326763002
2016-09-06Fix gn --check complaints about fxcrt. (try 2)thestig
Previous attempt: https://codereview.chromium.org/2289263005 It failed for the PDFium inside Chromium use case. This time the paths are relative. Review-Url: https://codereview.chromium.org/2308873002
2016-09-06Avoid leaking params if any entry bad.dsinclair
The call to png_set_pCAL can call into png_error for several reasons. This CL verifies that the params are valid before calling into png_set_pCAL. BUG=chromium:636214 Review-Url: https://codereview.chromium.org/2292313003
2016-08-31Revert of Fix gn gn --check complaints about fxcrt. (patchset #1 id:1 of ↵thestig
https://codereview.chromium.org/2289263005/ ) Reason for revert: Breaking non-standalone builds. Original issue's description: > Fix gn gn --check complaints about fxcrt. > > Committed: https://pdfium.googlesource.com/pdfium/+/6f9ae19b9b125af868077f4eee80a13e0c29c61e TBR=dpranke@chromium.org,dsinclair@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2301783002
2016-08-31Fix gn gn --check complaints about fxcrt.thestig
Review-Url: https://codereview.chromium.org/2289263005
2016-08-29Fix for #618267. Adding a method to determine if multiplication hastracy_jiang
overflow. BUG=618267 Review-Url: https://codereview.chromium.org/2284063002
2016-08-29openjpeg: Prevent an integer overflow in opj_jp2_apply_pclr.stackexploit
This patch also prevent a null pointer access problem. BUG=chromium:638829 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2270343002
2016-08-26Remove most things GYP.thestig
BUG=pdfium:559 Review-Url: https://codereview.chromium.org/2286653002
2016-08-19Introduce pdfium::FakeUniquePtr for keys to sets of unique ptrs.tsepez
Review-Url: https://codereview.chromium.org/2262473002
2016-08-09Fixup various overflow conditionsdsinclair
There were several overflows detected by the PDF from the linked bug. This Cl fixes up the base causes of each of them. BUG=chromium:635473 Review-Url: https://codereview.chromium.org/2226023002
2016-08-08openjpeg: Prevent negative x, y values in opj_tcd_init_tilechromium/2825ochang
BUG=632622 Review-Url: https://codereview.chromium.org/2223303002
2016-08-04openjpeg: Prevent overflows when using opj_aligned_malloc()gogil
BUG=628304 R=thestig@chromium.org, ochang@chromium.org Review-Url: https://codereview.chromium.org/2218783002
2016-08-04openjpeg: Prevent integer overflows during calculation of ↵gogil
|l_nb_code_blocks_size| BUG=628890 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2212973002
2016-08-04Fix libpng build for ARM.thestig
TBR=msarett@google.com Review-Url: https://codereview.chromium.org/2214543003
2016-08-03Update libpng to 1.6.22.thestig
Sync up with Chromium's copy of libpng. Review-Url: https://codereview.chromium.org/2132263002
2016-08-01Fix a memory leak in libtiff.thestig
BUG=633387 Review-Url: https://codereview.chromium.org/2204793002
2016-07-25Fix an integer overflow in opj_tcd_get_decoded_tile_size().chromium/2810chromium/2809ochang
Based on suggested patch by reporter. BUG=629919 Review-Url: https://codereview.chromium.org/2182683002
2016-07-21Convert source sets to static libraries.chromium/2808chromium/2807chromium/2806chromium/2805chromium/2804brettw
This improves build performance somewhat. This does not change the standalone targets since these don't affect the build time of Chrome and are small enough for it not to matter anyway. BUG=http://crbug.com/627637 Review-Url: https://codereview.chromium.org/2164633005
2016-07-06openjpeg: Prevent integer overflows during calculation of |l_nb_precinct_size|ochang
BUG=625541 Review-Url: https://codereview.chromium.org/2124073003
2016-06-20openjpeg: Prevent a buffer overflow in opj_j2k_read_SQcd_SQcc.stackexploit
BUG=chromium:619405 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2071773002
2016-06-13fix skia + windows + gncaryclark
The Skia Windows build for PDFium differs from the Skia Chromium build in that it uses FreeType within PDFium and Direct Write within Chromium. This allows Chrome to match the UI of Windows, and allows PDFium to use FreeType to measure and draw. When PDFium was updated to use gn, the settings from Chrome were used as the basis for the PDFium settings. Subsequently, PDFium built with Skia on Windows drew text incorrectly as it used FreeType to look up the font glyphs and Direct Write to draw them. This fixes the gn files, and also fixes an error that crept into the now less-used gyp files. R=dsinclair@chromium.org BUG= Review-Url: https://codereview.chromium.org/2055353002
2016-06-09Apply security fixes to libtiff that are not in 4.0.6.thestig
BUG=618164 Review-Url: https://codereview.chromium.org/2054993002
2016-06-06Differentiate GN config settings for core vs third party codeweili
Have different settings for core source code vs third_party code so it is a bit easier to fine tune settings. Review-Url: https://codereview.chromium.org/2041053003
2016-06-03LCMS: Update FROM_16_TO_8 macro not to raise UBSan errorochang
Cherry-picked from upstream commit 6da55e0b51124b795b707d318c0e03252222ba06 BUG=chromium:616253 Review-Url: https://codereview.chromium.org/2034123003
2016-05-20openjpeg: Prevent a buffer overflow in opj_j2k_read_SPCod_SPCoc.chromium/2747chromium/2746chromium/2745chromium/2744ochang
BUG=chromium:613160 Review-Url: https://codereview.chromium.org/2001663002
2016-05-19Fix a memory leak in opj_jp2_read_ihdr().thestig
BUG=603895 Review-Url: https://codereview.chromium.org/1992893003
2016-05-19Remove agg from skia buildcaryclark
This removes the last vestiges of antigrain from a Skia-specific build. R=dsinclair@chromium.org,tsepez@chromium.org,thestig@chromium.org,reed@google.com Review-Url: https://codereview.chromium.org/1998623002
2016-05-16Use chromium_code standard for PDFium GYP compilationweili
Define and use chromium_code to be used in standalone PDFium GYP build so that PDFium code can have more stringent warning level. This is also enabled on GN build by default so that GYP and GN builds can have consistent compilation results. Also enable chromium_code for PDFium compilation in Chromium since most of the warnings are cleared. The left ones are clearly marked and will be addressed soon. A few more clean-ups for the build: -- Remove the suppression of sign-compare warnings for Clang since the code is clean and the warning can be re-enabled. -- Re-enable "treat warning as errors" on Mac -- Add a flag to make GCC build works as well. BUG=pdfium:29, pdfium:475 Review-Url: https://codereview.chromium.org/1985843002