summaryrefslogtreecommitdiff
path: root/third_party
AgeCommit message (Collapse)Author
2017-11-29Revert "[CFI] Enable type generalization for LCMS"dsinclair
This reverts commit 7829b7048d5cf13a4f1a806fed57f2440d1b5dec. Reason for revert: Breaking the waterfall build. Looks like it's finding a leak it wasn't before? https://build.chromium.org/p/client.pdfium/builders/linux_xfa_asan_lsan/builds/2376/steps/embeddertests/logs/stdio Original change's description: > [CFI] Enable type generalization for LCMS > > Control Flow Integrity [1] indirect call checking verifies that function > pointers only call valid functions with a matching type signature. This > condition can be too strict, a common form of 'abstraction' relies on > function pointers being cast to generalize argument pointer types to > void*. > > In LCMS these failures occur because of casts of function pointers called > as both _cmsInterpFn16 (cmsInterpFunction.Lerp16) and _cmsOPTeval16Fn (as > an argument to _cmsPipelineSetOptimizationParameters) types making it > difficult to refactor out easily. Instead, enabling the type > generalization build config weakens the type checking performed for > CFI-icall to accomodate this common type of casts. > > [1] https://www.chromium.org/developers/testing/control-flow-integrity > > Bug: 785442 > Change-Id: Ib42fb1b4e152d5042b170698c2707ebb9e0cc1ee > Reviewed-on: https://pdfium-review.googlesource.com/19250 > Commit-Queue: dsinclair <dsinclair@chromium.org> > Reviewed-by: dsinclair <dsinclair@chromium.org> TBR=tsepez@chromium.org,dsinclair@chromium.org,vtsyrklevich@chromium.org Change-Id: Ib9c26eb017733d2bf02035415221475bfbfe55c9 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 785442 Reviewed-on: https://pdfium-review.googlesource.com/19730 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-11-29[CFI] Enable type generalization for LCMSVlad Tsyrklevich
Control Flow Integrity [1] indirect call checking verifies that function pointers only call valid functions with a matching type signature. This condition can be too strict, a common form of 'abstraction' relies on function pointers being cast to generalize argument pointer types to void*. In LCMS these failures occur because of casts of function pointers called as both _cmsInterpFn16 (cmsInterpFunction.Lerp16) and _cmsOPTeval16Fn (as an argument to _cmsPipelineSetOptimizationParameters) types making it difficult to refactor out easily. Instead, enabling the type generalization build config weakens the type checking performed for CFI-icall to accomodate this common type of casts. [1] https://www.chromium.org/developers/testing/control-flow-integrity Bug: 785442 Change-Id: Ib42fb1b4e152d5042b170698c2707ebb9e0cc1ee Reviewed-on: https://pdfium-review.googlesource.com/19250 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-11-23Roll pdfium/third_party/freetype/src/ 8f5568bfc..bec14f688 (5 commits)chromium/3278Nicolas Pena
https://chromium.googlesource.com/chromium/src/third_party/freetype2.git/+log/8f5568bfc4fd..bec14f688925 $ git log 8f5568bfc..bec14f688 --date=short --no-merges --format='%ad %ae %s' 2017-11-22 ewaldhew * src/psaux/psft.c (cf2_setGlyphWidth): Check format before setting. 2017-11-22 ewaldhew [psaux] Fix CFF advance widths. (#52466) 2017-11-15 vtsyrklevich * include/freetype/ftrender.h: Fix `FT_Renderer_RenderFunc' type. 2017-11-14 madigens Use Adobe hinting engine for `light' hinting of both CFF and Type 1. 2017-11-09 yuri_levchenko * CMakeLists.txt: Add `DISABLE_FORCE_DEBUG_PREFIX' option. Created with: roll-dep pdfium/third_party/freetype/src R=dsinclair@chromium.org,npm@chromium.org,thestig@chromium.org Bug: pdfium:941 Change-Id: I00579a3e26d9cabce7032e0b538de95a1029bac7 Reviewed-on: https://pdfium-review.googlesource.com/19310 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-07Fix PartitionAlloc cookies for small in-place reallocs.Lei Zhang
This ports the non-test portion of Chromium commit r514411 to PDFium. BUG=chromium:781473 Change-Id: Iab203edf3cb49a491aca5e524815a15e74f47581 Reviewed-on: https://pdfium-review.googlesource.com/17990 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-11-07Roll pdfium/third_party/freetype/src/ 91015cb41..8f5568bfc (5 commits)Nicolas Pena
https://chromium.googlesource.com/chromium/src/third_party/freetype2.git/+log/91015cb41d8f..8f5568bfc4fd $ git log 91015cb41..8f5568bfc --date=short --no-merges --format='%ad %ae %s' 2017-11-06 apodtele * src/base/ftobjs.c (FT_Load_Glyph): Relocate condition. 2017-11-06 apodtele * src/smooth/ftgrays.c (gray_set_cell): Fix uninitialized variables. 2017-10-21 ewaldhew [psaux] Fix PostScript interpreter rewinding in Type 1 mode. (#52251) 2017-11-03 mpsuzuki [truetype] Add more tricky fonts. 2017-11-01 apodtele [smooth] Fix complex rendering at high ppem. Created with: roll-dep pdfium/third_party/freetype/src R=dsinclair@chromium.org,npm@chromium.org,thestig@chromium.org Bug: pdfium:931 Change-Id: I304839c1a51e49284800de468d0f5f9389db8388 Reviewed-on: https://pdfium-review.googlesource.com/17982 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-07Prevent an OOM error in libtiff.Lei Zhang
BUG=chromium:781582 Change-Id: I17711956884d1902cbd86f2163155b256402ecda Reviewed-on: https://pdfium-review.googlesource.com/17891 Reviewed-by: Chris Palmer <palmer@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-11-03Remove flags param from FXMEM_DefaultAlloc() and friends.Lei Zhang
Change-Id: I24404be0065156a1cfdec31bafdf72c27fa70142 Reviewed-on: https://pdfium-review.googlesource.com/17792 Reviewed-by: Chris Palmer <palmer@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-11-02Only use the yield instruction on architectures that support it.Andrew Weintraub
This is a downstream patch of https://crrev.com/502028. Change-Id: Ib78784093332a81a7afd6959c66f5e266540f6d3 Reviewed-on: https://pdfium-review.googlesource.com/17350 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-11-02Remove use of deprecated 'register' keywordHans Wennborg
Bug: chromium:780692 Change-Id: I16e7d071b1375e8a31e785141a8af5b4c103f81b Reviewed-on: https://pdfium-review.googlesource.com/17390 Commit-Queue: Lei Zhang <thestig@chromium.org> Commit-Queue: Hans Wennborg <hans@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-10-24Roll pdfium/third_party/freetype/src/ ae7dc1f62..91015cb41 (35 commits)Henrique Nakashima
https://chromium.googlesource.com/chromium/src/third_party/freetype2.git/+log/ae7dc1f62d82..91015cb41d8f $ git log ae7dc1f62..91015cb41 --date=short --no-merges --format='%ad %ae %s' 2017-10-21 apodtele [smooth] Improve complex rendering at high ppem. 2017-10-20 apodtele [base] Improve tracing in FT_Load_Glyph, FT_*_Size. 2017-10-18 apodtele [base] Improve tracing in FT_Render_Glyph. 2017-10-16 ewaldhew [cff] Fix segfault on missing `psaux' (#52218) 2017-10-15 apodtele [base, cff] Fix MSVC warnings. 2017-10-14 apodtele [base] Netpbm image tracing. 2017-10-14 apodtele * builds/windows/ftdebug.c (FT_Message): Print to stderr. 2017-10-14 behdad [afshaper] Delay creating `hb_set' objects until needed. 2017-10-12 ewaldhew * devel/ftoption.h: Enable T1_CONFIG_OPTION_OLD_ENGINE by default. 2017-10-12 ewaldhew [type1, cid] Add hinting engine switch. 2017-10-12 ewaldhew Add T1_CONFIG_OPTION_OLD_ENGINE configuration option. 2017-10-12 ewaldhew Extract width parsing from Type 1 parser. 2017-10-12 wl [autofit] Better visualize table tracing in source code. 2017-10-09 wl * src/base/ftoutln.c (FT_Outline_Translate): Fix integer overflow. 2017-10-08 wl * src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Integer overflows. 2017-10-08 wl Document global size metrics needed for native bytecode hinting (#52165). 2017-10-08 wl Prevent creation of an incorrect documentation entry. 2017-10-07 wl [sfnt] Adjust behaviour of PS font names for variation fonts. 2017-10-07 wl [cff, truetype] Adjust behaviour of named instances. 2017-10-07 wl Make `FT_Set_Named_Instance' work. 2017-10-07 wl Make `FT_FACE_FLAG_VARIATION' work. 2017-10-07 wl New function `FT_Set_Named_Instance'. 2017-10-07 wl Add macros for checking whether a font variation is active. 2017-10-07 wl Add framework for setting named instance in MM service. 2017-10-07 wl [type1] Minor code shuffling. 2017-10-05 wl * src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Fix integer overflow. 2017-10-05 wl Fix compiler warnings. 2017-10-04 John.Tytgat [cff] Add support for `FSType'. 2017-10-02 wl CHANGES: Formatting. 2017-10-01 wl [smooth,type1] Formatting, whitespace. 2017-10-01 wl [psaux] Formatting, minor fixes, whitespace, copyright notices. 2017-09-30 wl [base,cff,cid] Whitespace, formatting. 2017-09-30 wl [include] Whitespace. 2017-09-30 apodtele Signedness fixes in bitmap presetting. 2017-09-29 apodtele Bitmap metrics presetting [2/2]. Created with: roll-dep pdfium/third_party/freetype/src R=dsinclair@chromium.org,npm@chromium.org,thestig@chromium.org Bug: pdfium:918 Change-Id: I51ec11a612e54b88ddac40b64428cfaabfaec448 Reviewed-on: https://pdfium-review.googlesource.com/16650 Reviewed-by: Nicolás Peña Moreno <npm@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-10-23Upgrade LibopenJPEG to 2.3chromium/3249Nicolas Pena
Bug: Change-Id: I4c968a4e5f41037d80e5dc64a1297cd2cbda31b1 Reviewed-on: https://pdfium-review.googlesource.com/16350 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-10-05Create FreeType roll scriptNicolas Pena
Change-Id: Ie93f74b683d35e859cc0e3a1dd5899fb073d8864 Reviewed-on: https://pdfium-review.googlesource.com/15570 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-10-02Remove extraneous ;sDan Sinclair
Bug: pdfium:912 Change-Id: Iea61260ccc972627950b470a44ab21dbd2b4045b Reviewed-on: https://pdfium-review.googlesource.com/15170 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-09-27Enable PRINTF_FORMAT for clangDan Sinclair
This ports https://chromium-review.googlesource.com/c/chromium/src/+/599127 from Chromium to PDFium. Because VC++ does not have format-string checking for user-defined functions during normal compiles, because clang-cl had its format-string checking disabled, because some files are only compiled on Windows, and because VC++'s /analyze doesn't build all targets, and because VC++'s format-string checking is more lenient than clang's... 50 warnings about format-string mismatches crept in to Chromium's build. Seven of these were somewhat serious, with four being wchar_t*/char* mismatches because of base::FilePath and the other three being size_t/%d mismatches. Now that all of the mismatches are corrected this change enables PRINTF_FORMAT checking with clang-cl so that these bugs never return. Bug: pdfium:909 Change-Id: I683592f5015b31b4dd04dfe81e6866389b544efe Reviewed-on: https://pdfium-review.googlesource.com/14834 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-09-27Remove FX_CPU=FX_WIN64 build flagDan Sinclair
The FX_WIN64 flag is a FX_OS flag, so comparing against FX_CPU doesn't make sense. Removed check. Bug: pdfium:906 Change-Id: I029de8cf89ade590f705556351416f4759bca87a Reviewed-on: https://pdfium-review.googlesource.com/14812 Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> Reviewed-by: Nicolás Peña Moreno <npm@chromium.org>
2017-09-27Cleanup FX macrosDan Sinclair
This CL renames the FX_OS defines to have _OS_ in their names and drops the _DESKTOP suffix. The FXM defines have been changed to just FX. Change-Id: Iab172fba541713b5f6d14fb8098baf68e3364c74 Reviewed-on: https://pdfium-review.googlesource.com/14833 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-09-20Get system lcms2 config using pkg-config.Lei Zhang
BUG=chromium:765914 Change-Id: I187507cd87ff5d88be37ce07216ffa3d7ff7bb83 Reviewed-on: https://pdfium-review.googlesource.com/14411 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-09-18Roll DEPS for build to e659d43.Lei Zhang
Add third_party/eu-strip, which is now required to build on Android. Since third_party/eu-strip is small and rarely updated, just check in a copy. Change-Id: Iba016d8d69c8426f1dacbeeef36b30ca743c46f0 Reviewed-on: https://pdfium-review.googlesource.com/13411 Commit-Queue: (000 09-08 - 09-18) dsinclair <dsinclair@chromium.org> Reviewed-by: (000 09-08 - 09-18) dsinclair <dsinclair@chromium.org>
2017-09-11Use the right allocate and free functions in OpenJPEG.Chris Palmer
This patch was authored by Ke Liu of Tencent's Xuanwu Lab. BUG=762374 Change-Id: Icb3ee98fb4c399b871ccf11e9920af7caf51be11 Reviewed-on: https://pdfium-review.googlesource.com/13610 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Chris Palmer <palmer@chromium.org>
2017-09-05Upgrade OpenJPEG to 2.2.0Nicolas Pena
This CL upgrades OpenJPEG by copying the files from 2.2.0 and then applying patches. Patch files that are no longer relevant are deleted. The relevant ones are applied manually due to changes in formatting in OpenJPEG. Patch 34 is added to account for opj_malloc changes in PDFium. Bug: chromium:718731 Change-Id: I3d316893eab5e235c9f71222a6818b8ae0c98383 Reviewed-on: https://pdfium-review.googlesource.com/12770 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-31Remove fx_basic.hDan Sinclair
This CL removes the fx_basic.h header and fixes up includes as needed. Change-Id: I49af32a8327bdbcda40c50a61ffbd75d06609040 Reviewed-on: https://pdfium-review.googlesource.com/12670 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-25Do not QuickFloor on cmsintrpNicolas Pena
In this CL, the flag CMS_DONT_USE_FAST_FLOOR is set to true because quickfloor could cause heap-buffer-overflow due to flooring errors. In the testcase for the bug, Input[2] is a number very close but smaller than 1 such that quickfloor returned 1 (whereas Input[2] >= 1.0 was false). Bug: chromium:752725 Change-Id: Ibb1763aa120a600e86602f1a46c4cd6d0d6bebd5 Reviewed-on: https://pdfium-review.googlesource.com/11310 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-23Reject oversized iCCP profile length in libpng.chromium/3195Lei Zhang
cherry-pick of https://github.com/glennrp/libpng/commit/92a7c79db2c962d04006b35e2603ba9d5ce75541 BUG=chromium:729673 Change-Id: I907b4920ed6d276a075a30269be1744aff678069 Reviewed-on: https://pdfium-review.googlesource.com/11690 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-22Add pdfium::Optional to third_party/baseRyan Harrison
It is intended to use this class instead of the std::pair<bool, Foo*> pattern that has been used for guarded pointer returns in PDFium. Change-Id: Id3e305d6cdb329c84e1d827c855423d3efae42c0 Reviewed-on: https://pdfium-review.googlesource.com/11610 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-08-21Roll yasm to 1.3.0.Lei Zhang
This basically copies https://chromium-review.googlesource.com/608869 Change-Id: I95acc3018e99a7822b9aaee7f83bc6080c0b3ec0 Reviewed-on: https://pdfium-review.googlesource.com/11336 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-14LCMS: upgrade to 2.8Nicolas Pena
This CL upgrades LCMS from version 2.6 to 2.8. All changes from LCMS original version 2.8 are stored in patch files: - Patch 0: memory management modifications to use PDFium methods. This was previously not in any patch, so the changes were manually applied. - Patches 1-5: new patch files corresponding to old changes that can be seen in the history, but did not previously have patch files. - Patches 6-25: previous patches (patch numbers shifted by 6). The one for from16-to-8-overflow.patch was deleted as it was already upstream. Some patches did not apply cleanly so their .patch files were modified. - Patch 26: as I just moved files directly, unsupported characters were moved in unchanged, so I had to fix all of them: e with tilde and other characters were replaced to allow compilation on Windows. - Patch 27: Went over the code and re-applied changes that included comments clearly indicating this was Foxit. These changes are all already seen in the initial PDFium commit. Change-Id: Ic1d84e54803ef9e6b280ef7619bbf0b757312fbf Reviewed-on: https://pdfium-review.googlesource.com/10590 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-10LCMS: rename folderNicolas Pena
Change-Id: I5f240cb0779648dc5427fecb5561086e7c0fb16a Reviewed-on: https://pdfium-review.googlesource.com/10650 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-03LibTIFF: fix defines in tiffconfNicolas Pena
This CL hardcodes the defines used in tiffconf so that the values can be used inside of '#if'. The CL that changed them was: https://pdfium-review.googlesource.com/c/9410 SIZEOF_VOIDP was a new variable in that CL. This CL uses __LP64__ to detect whether this value should be set to 8 or to 4. Bug: chromium:718494 Change-Id: I628d64cb7e2e94c47b8bcc1856abf5949d6578d4 Reviewed-on: https://pdfium-review.googlesource.com/10090 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-03Roll FreeType to 7e50824288fac5a36c2938fdb3e1c949ea53f982Nicolas Pena
Bug: chromium:738343 Change-Id: Ia5651c50c7f54a79533ebecbee8c020c289afda2 Reviewed-on: https://pdfium-review.googlesource.com/10031 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-28LibTIFF: upstream patch to fix null dereferenceNicolas Pena
This CL applies this patch that fixes a recent null dereference regression: https://github.com/vadz/libtiff/commit/57f4b28c00d78bd5d74768585d0e46b2e12e94f7 Bug: chromium:743621 Change-Id: I0f9d4321dc6ea71dd31cf0ba8420cc25d401f0d8 Reviewed-on: https://pdfium-review.googlesource.com/9490 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-27Define SIZEOF_VOIDP and other cleanup in tiffconfNicolas Pena
This CL uses sizeof to calculate sizes in tiffconf. It adds SIZEOF_VOIDP to allow LibTIFF to take codepaths reducing OOMs. Finally, it gets rid of _FX_WIN32_MOBILE_ since it's never defined. Bug: chromium:718494 Change-Id: I9e6fb2812487ccd7d08e56fd1954c716ddccd07b Reviewed-on: https://pdfium-review.googlesource.com/9410 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-20LibTIFF: remove a couple of patchesNicolas Pena
This CL removes two patches that correspond to non-security CF bugs. There are now only a few patches left: two patches to prevent overflow in _TIFFCheckRealloc (overflows here are dangerous as they can cause heap-buffer-overflows), one patch to prevent integer overflows which CF reported as a security issue, and one recent upstream patch (which would be removed in the next LibTIFF upgrade). Next steps: * Figure out how to reproduce the security issue from _TIFFCheckRealloc (samples from the bugs seem to just timeout on asan) and report bug upstream once it's confirmed that a change is needed. * Ditto integer overflow, except it was already reported upstream, so ping upstream once reproduction without the patch is possible again. Change-Id: I6f9096a6e69698d5ded6a59c4aca5e07b351e716 Reviewed-on: https://pdfium-review.googlesource.com/8532 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-20Upgrade LibTIFF to 4.0.8Nicolas Pena
This CL upgrades LibTIFF, removing patch files that correspond to bugs that have been resolved in 4.0.8. Change-Id: Id99d2fc9b3f25993dcb60cf1558b73674eb725bf Reviewed-on: https://pdfium-review.googlesource.com/8490 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-18Roll third_party/freetype/src cf8d9b4ce..38bdf22bf (9 commits)Dan Sinclair
https://chromium.googlesource.com/chromium/src/third_party/freetype2.git/+log/cf8d9b4ce3fa..38bdf22bfe68 $ git log cf8d9b4ce..38bdf22bf --date=short --no-merges --format='%ad %ae %s' 2017-07-13 wl [truetype] Improve code comment. 2017-07-13 wl [base] Fix memory leak. 2017-07-12 wl [base] Integer overflow. 2017-07-12 wl Document how to scale manually. 2017-07-12 wl CHANGES: Add information on global metrics rounding. 2017-07-12 wl * src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo. 2017-07-11 htl10 Changelog: typo, chromium issue id is 2276 instead of 2278 2017-07-07 wl [cff] Integer overflow. 2017-07-06 apodtele Tweak suggested use of `lsb_delta' and `rsb_delta'. TBR=thestig@chromium.org BUG: pdfium:812 Change-Id: Iaabe11da93752dcbe9c1e7ac80b6758010e074ba Reviewed-on: https://pdfium-review.googlesource.com/8030 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-13Libtiff OOM upstream patchNicolas Pena
This CL applies two upstream patches that help with OOM problems: https://github.com/vadz/libtiff/commit/1077fad562e03d1cad591dd10163dd80ad63ab0e https://github.com/vadz/libtiff/commit/0a619f1e553e46df8022b889ff44f8a1faa1e48d These do not yet fix the bug below. Bug: chromium:718494 Change-Id: If68c20f504b27c07dba2765f8e5ef708c1a54d7e Reviewed-on: https://pdfium-review.googlesource.com/7731 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-06-26Add comment in libtiff patchNicolas Pena
This CL adds a comment to point to the upstream bug of a patch fixing an OOM. The fix is fine for us but not accepted upstream so it should be ignored once upstream fixes the bug. Bug: chromium:681311 Change-Id: I6986fb7c851e260e84f764449ff1ee46441e71b4 Reviewed-on: https://pdfium-review.googlesource.com/6953 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-24core: allow building against system lcms2chromium/3111Miklos Vajna
In a way similar to the existing USE_SYSTEM_ZLIB. The default is of course still the bundled lcms2. Change-Id: I219b50854b3c7870b0f4d94574ba39f6cb26f556 Reviewed-on: https://pdfium-review.googlesource.com/5870 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-19Replace sanitizers:deps with exe_and_shlib_deps (pdfium)Tom Anderson
Roll build/ to f671d3b and replace "//build/config/sanitizers:deps" with "//build/config:exe_and_shlib_deps" Bug=chromium:723069 R=thestig@chromium.org Change-Id: Ib890f22a13769a594ce248637aeabc5ac3062ab2 Reviewed-on: https://pdfium-review.googlesource.com/5670 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-17Roll FreeType to 2.8Lei Zhang
Update ftoption.h with new (unused by us) setting: AF_CONFIG_OPTION_TT_SIZE_METRICS Change-Id: Ia8004e1ab1e72778319d23e7dfa8cbdcbebfdd34 Reviewed-on: https://pdfium-review.googlesource.com/5555 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-15Libtiff: upstream fix for heap buffer overflowNicolas Pena
Upstream patch: https://github.com/vadz/libtiff/commit/5a4eceed8d2f28d05f49add9ce647684d59d461a Bug: chromium:722071 Change-Id: Idef412edbeb3255375ab18c68721dbaf7c601119 Reviewed-on: https://pdfium-review.googlesource.com/5511 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-11LibOpenJPEG: undefined shift in opj_t1_dec_clnpassNicolas Pena
bpno_plus_one is used as a parameter bpno for a bunch of methods that calculate 1 << bpno. Thus, use a reduced value when it's large enough to cause undefined shift. bpno_plus_one itself remains unchanged so that the number of calls remains the same Bug: chromium:698526 Change-Id: I40431d41a04f3e2315bd3c80114cd0fcbd2815b4 Reviewed-on: https://pdfium-review.googlesource.com/5310 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-09LibOpenJPEG: restrict l_img_comp->prec to avoid undefined shiftNicolas Pena
The 38 value seems arbitrary, and the prec is used in OPJ_INT32 with 1 << (prec - 1). So limit it to be at most 31, and avoid undefined shifts. Bug: chromium:698498 Change-Id: I840f2e65231ac7847ed26bcaea36471a53be49e8 Reviewed-on: https://pdfium-review.googlesource.com/5173 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-08[LCMS] Upstream direct leak fixNicolas Pena
This CL applies the following upstream patch: https://github.com/mm2/Little-CMS/commit/02c95fa76bdc4f73113373070278666f47aff82f Bug: chromium:718500 Change-Id: I7898b22e44a5ea5c0d1c301233037fbaabb8e327 Reviewed-on: https://pdfium-review.googlesource.com/5092 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-08[lcms] Verify enough data to service request before allocatingDan Sinclair
If the count of items is large enough, there maybe not enough data in the file to read. This Cl verifies we'll have enough data before attempting to allocate the memory to store the results. Bug: chromium:718504 Change-Id: I82e7df3511e529c4bd72a772e9d6e607a0615927 Reviewed-on: https://pdfium-review.googlesource.com/5110 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-06core: allow building against system zlibMiklos Vajna
In a way similar to the existing USE_SYSTEM_LIBJPEG. The default is of course still the DEPS-based zlib checkout. Changes in v2: 1) Since Chromium doesn't have //third_party:zlib (AKA a "zlib" target in //third_party/BUILD.GN) all the targets that depended on //third_party:zlib now depend on third_party:zlib, which always points to PDFium's third_party/BUILD.GN. The targets that depended on //third_party:zlib in third_party/BUILD.GN just depend on :zlib instead. 2) Move the zlib bits out of !build_with_chromium block. Change-Id: Id73eb07591418ff2ae71b83b87c18af71b49a22a Reviewed-on: https://pdfium-review.googlesource.com/5030 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-05Fix undefined shift in opj_bio_readNicolas Pena
Bug: chromium:666683 Change-Id: I1c633d82e9ef75dd99ef032b4fc46fe8d3651cd1 Reviewed-on: https://pdfium-review.googlesource.com/5050 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-04Fix undefined shift in opj_get_all_encoding_parametersNicolas Pena
The value 1u << (l_pdx + l_level_no) is only used to calculate a minimum, so skip it when the shift doesn't even fit unsigned integer. Also use the uint min version since all values being considered are unsigned anyways. Bug: chromium:666892 Change-Id: I79c6e52022aa894033c5cdabec29c4b8313e293b Reviewed-on: https://pdfium-review.googlesource.com/4891 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-04-25Fix a self-inclusion in third_party/base/stl_util.h.Lei Zhang
Change-Id: I7a2fc956236005fca4848bd2be6db4585bc4e7d7 Reviewed-on: https://pdfium-review.googlesource.com/4477 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-04-21Fix Visual Studio build from GN generated filesDominik Röttsches
VS does not like to see <, > in the XML nodes of the build files. Work around this issue by replacing less-than and greater-than characters in the FreeType custom config include file path definitions with escaped quotes. BUG=pdfium:701 Change-Id: I879ade670158ccb4d435b65cde382c6e6b32e002 Reviewed-on: https://pdfium-review.googlesource.com/4330 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Cary Clark <caryclark@google.com> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-04-20Take ContainsValue() change from base stl_util.hTom Sepez
Allows us to apply this same predicate onto ordinary arrays. Change-Id: I917be09ed5e55167657c9af97f45f2ea2dbc6ab4 Reviewed-on: https://pdfium-review.googlesource.com/4270 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>