Age | Commit message (Collapse) | Author |
|
There are places where an object "child" has a raw pointer
back to object "owner" with the understanding that owner will
always outlive child.
Violating this constraint can lead to use after free, but this
requires finding two paths: one that frees the objects in the
wrong order, and one that uses the object after the free. The
purpose of this patch is to detect the constraint violation
even when the second path is not hit.
We create a template that is used in place of TYPE*. It's dtor,
when a memory tool is present, goes out and probes the first
byte of the object to which it points. Used in "child", this
allows the memory tool to prove that the "owner" is still alive
at the time the child is destroyed, and hence the constraint is
never violated.
Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417
Reviewed-on: https://pdfium-review.googlesource.com/5475
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This CL moves the FGAS stream code into core/fxcrt and renames to
CFX_SeekableStreamProxy.
Change-Id: I6641fe0cca45a128ef3ec281b0b40f8d60296387
Reviewed-on: https://pdfium-review.googlesource.com/4311
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
This CL replaces IFGAS_Stream with the only implementation CFGAS_Stream.
The CreateReadStream and CreateWriteStream methods are removed in favour
of calling MakeRetain directly.
Change-Id: I882a89258f642e24fc3d631587db05652bd53ded
Reviewed-on: https://pdfium-review.googlesource.com/4210
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This Cl removes the MakeSeekableReadStream call and, at the one place
it's used, creates an IFX_MemoryStream which is a seekable read stream.
Change-Id: I6b0b23636eff47f8caca5432313ba99703e21e4d
Reviewed-on: https://pdfium-review.googlesource.com/4037
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I96e0a20d66b9184d22f64d8e4ce0dadd5a78c1e8
Reviewed-on: https://pdfium-review.googlesource.com/2967
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
There is one use of the discrete array, GFGAS_GEFont. This CL replaces
that usage with a std::map and removes the fgas_util classes.
Change-Id: Ic45812168e9487ebac08abaa131c58080a949d69
Reviewed-on: https://pdfium-review.googlesource.com/2953
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
The map is one-to-one, so no need for a pointer to an
externally stored rect.
Change-Id: I4cd6f728cdadeb4c7b25b6f34f5d50bb5db89623
Reviewed-on: https://pdfium-review.googlesource.com/2896
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.
The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.
Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.
Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.
Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.
Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.
TEST=look for absence of -11 in XFA corpus test logs, bots not
currently noticing the segv. Argh.
Review-Url: https://codereview.chromium.org/2631703003
|
|
Review-Url: https://codereview.chromium.org/2616623005
|
|
We worry about cyclical references, but no leaks found.
Review-Url: https://codereview.chromium.org/2609423003
|
|
IFGAS_Streams are not part of the IFX_Stream hierarchy, but
can be made from such.
Review-Url: https://codereview.chromium.org/2559763002
|
|
We can remove a lot of "bOwnsStream" logic in the process.
Always pass these by const reference, in case the called method
wants to hang on to the stream (one exception is where we stick
a raw pointer into a void* slot in a context from another layer).
Review-Url: https://codereview.chromium.org/2451493002
|
|
It's a separate hierarchy unrelated to the IFX_*Stream classes.
Also rename CFX_Stream to CFGAS_Stream, and so forth.
Review-Url: https://codereview.chromium.org/2535723010
|
|
Removed some unused method, named files properly, cleaned up a bit.
Review-Url: https://codereview.chromium.org/2524493002
|