Age | Commit message (Collapse) | Author |
|
There are places where an object "child" has a raw pointer
back to object "owner" with the understanding that owner will
always outlive child.
Violating this constraint can lead to use after free, but this
requires finding two paths: one that frees the objects in the
wrong order, and one that uses the object after the free. The
purpose of this patch is to detect the constraint violation
even when the second path is not hit.
We create a template that is used in place of TYPE*. It's dtor,
when a memory tool is present, goes out and probes the first
byte of the object to which it points. Used in "child", this
allows the memory tool to prove that the "owner" is still alive
at the time the child is destroyed, and hence the constraint is
never violated.
Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417
Reviewed-on: https://pdfium-review.googlesource.com/5475
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Many of these are already unique_ptrs.
Change-Id: I3695d4ff5a8f7483ad994ac7657897fd55069cd5
Reviewed-on: https://pdfium-review.googlesource.com/4690
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The CFX_MemoryStream is the only implementation of IFX_MemoryStream.
This CL removes the interfaces and uses CFX_MemoryStream directly.
Change-Id: I2f43fa39e82dafa7673517d214ae15fd2d0df331
Reviewed-on: https://pdfium-review.googlesource.com/4391
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL cleans up the fx_extension file. The stream code was moved to
fx_stream. IFX_FileAccess was removed and CFX_CRTFileAccess split to its
own file. Code shuffled from header to cpp file.
Change-Id: I700fdfcc9797cf4e8050cd9ba010ad8854feefbf
Reviewed-on: https://pdfium-review.googlesource.com/4371
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl cleans up the unused defines in fx_codepage.h. The
FXFONT_CHARSET_ defines are replaced with fx_codepage defines, this
moves fx_codepage into core instead of xfa only. Static asserts are
added to verify the public/ charsets match the fx_codepage charsets.
Change-Id: Ie2f749e093de60a9a6743128a1fb087912e4cc96
Reviewed-on: https://pdfium-review.googlesource.com/4316
Commit-Queue: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
This CL moves the FGAS stream code into core/fxcrt and renames to
CFX_SeekableStreamProxy.
Change-Id: I6641fe0cca45a128ef3ec281b0b40f8d60296387
Reviewed-on: https://pdfium-review.googlesource.com/4311
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
This CL replaces IFGAS_Stream with the only implementation CFGAS_Stream.
The CreateReadStream and CreateWriteStream methods are removed in favour
of calling MakeRetain directly.
Change-Id: I882a89258f642e24fc3d631587db05652bd53ded
Reviewed-on: https://pdfium-review.googlesource.com/4210
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL moves the FX_GetCodePageFromCharset method into cfgas_fontmgr
anonymouse namespace.
Change-Id: I1232341b8639328035f12aebfb7a65a4fc0ba08f
Reviewed-on: https://pdfium-review.googlesource.com/4291
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This Cl removes the MakeSeekableReadStream call and, at the one place
it's used, creates an IFX_MemoryStream which is a seekable read stream.
Change-Id: I6b0b23636eff47f8caca5432313ba99703e21e4d
Reviewed-on: https://pdfium-review.googlesource.com/4037
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl drops the FXSYS_ from mem methods which are the same on all
platforms.
Bug: pdfium:694
Change-Id: I9d5ae905997dbaaec5aa0b2ae4c07358ed9c6236
Reviewed-on: https://pdfium-review.googlesource.com/3613
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl drops the FXSYS_ from wide string methods which are the same on
all platforms.
Bug: pdfium:694
Change-Id: I46a7af5913e7897f7c4ba712a76540c12105818f
Reviewed-on: https://pdfium-review.googlesource.com/3611
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
BUG=pdfium:688
Change-Id: I7787b29d0fedc48f1360ab041d43829d0e805462
Change-Id: I7787b29d0fedc48f1360ab041d43829d0e805462
Reviewed-on: https://pdfium-review.googlesource.com/3331
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
BUG=706824
Change-Id: I7f2138689d8e0d93fcb100c0215c8cf6bde427de
Reviewed-on: https://pdfium-review.googlesource.com/3392
Commit-Queue: Dominik Röttsches <drott@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Remove unnecessary FreeType include.
BUG=chromium:706824
Change-Id: If3006a047e9431d6bf4111da867a998994034f56
Reviewed-on: https://pdfium-review.googlesource.com/3391
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This Cl renames the the fgas_stream files to match the internal
ifgas_stream class. The majority of the code in ifgas_stream.cpp is
moved into the anonymouse namespace.
Change-Id: I0518103d61df077782d9ab26d0ac87485417f379
Reviewed-on: https://pdfium-review.googlesource.com/3370
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL moves the .h files to have names corresponding to the contained
classes. The .cpp files are moved alongside the .h files. Any extra
classes in the .h files have been split into their own files.
Change-Id: I14b4efc02417f0df946500e87b6c502e77020db8
Reviewed-on: https://pdfium-review.googlesource.com/3160
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
The methods are not called, so the data is not used. Removed.
Change-Id: I29e904da2a000fd5173d2f5240ad377613db200a
Reviewed-on: https://pdfium-review.googlesource.com/3050
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: Iddd99312aee6447c05be5633eead023a004e65e1
Reviewed-on: https://pdfium-review.googlesource.com/3034
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I96e0a20d66b9184d22f64d8e4ce0dadd5a78c1e8
Reviewed-on: https://pdfium-review.googlesource.com/2967
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
There is one use of the discrete array, GFGAS_GEFont. This CL replaces
that usage with a std::map and removes the fgas_util classes.
Change-Id: Ic45812168e9487ebac08abaa131c58080a949d69
Reviewed-on: https://pdfium-review.googlesource.com/2953
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: Ic6edc7740513075c2a738cc8897460af17bb0103
Reviewed-on: https://pdfium-review.googlesource.com/2895
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The map is one-to-one, so no need for a pointer to an
externally stored rect.
Change-Id: I4cd6f728cdadeb4c7b25b6f34f5d50bb5db89623
Reviewed-on: https://pdfium-review.googlesource.com/2896
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
In https://codereview.chromium.org/2559903002 we refactored the font manager
in XFA but got part of the negation wrong. Fixup logic.
Change-Id: Idd51ff846fe64a56908ec26bf2798c1df8433611
Reviewed-on: https://pdfium-review.googlesource.com/2891
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Doing so reveals places where there are needless copies
and conversions.
Change-Id: I24a868d40aa63836f4167eaf4541964049df7916
Reviewed-on: https://pdfium-review.googlesource.com/2555
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This Cl updates the code to use the constructors instead of creating an
empty object and calling Set(). It also removes the various memsets of
the CFX_Rect{F} classes.
Change-Id: I6e20cec00866a38372858dcba5a30d31103172e4
Reviewed-on: https://pdfium-review.googlesource.com/2550
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.
The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.
Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.
Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.
Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.
Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.
TEST=look for absence of -11 in XFA corpus test logs, bots not
currently noticing the segv. Argh.
Review-Url: https://codereview.chromium.org/2631703003
|
|
This Cl replaces the custom IFX_MemoryAllocator code with new/delete as needed.
Change-Id: Ie786f607c9e0b3035ffd87733bc3e29a4b6426d9
Reviewed-on: https://pdfium-review.googlesource.com/2164
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Code is much clearer when we use the actual types
rather than this convention.
Review-Url: https://codereview.chromium.org/2618993002
|
|
Review-Url: https://codereview.chromium.org/2610813010
|
|
Review-Url: https://codereview.chromium.org/2616623005
|
|
We worry about cyclical references, but no leaks found.
Review-Url: https://codereview.chromium.org/2609423003
|
|
Minimalist changes with the tidying of the code to
use better loop iterators as a follow-up.
Review-Url: https://codereview.chromium.org/2556963004
|
|
Also convernt one nearby array to vector as well.
Review-Url: https://codereview.chromium.org/2559903002
|
|
Review-Url: https://codereview.chromium.org/2562563002
|
|
IFGAS_Streams are not part of the IFX_Stream hierarchy, but
can be made from such.
Review-Url: https://codereview.chromium.org/2559763002
|
|
We can remove a lot of "bOwnsStream" logic in the process.
Always pass these by const reference, in case the called method
wants to hang on to the stream (one exception is where we stick
a raw pointer into a void* slot in a context from another layer).
Review-Url: https://codereview.chromium.org/2451493002
|
|
It's a separate hierarchy unrelated to the IFX_*Stream classes.
Also rename CFX_Stream to CFGAS_Stream, and so forth.
Review-Url: https://codereview.chromium.org/2535723010
|
|
Group related IFX_ classes.
Move #defines to .cpp file that uses them.
Replace loose function with static method.
Review-Url: https://codereview.chromium.org/2548583004
|
|
Also remove a bool that is always false.
Review-Url: https://codereview.chromium.org/2539203002
|
|
Removed some unused method, named files properly, cleaned up a bit.
Review-Url: https://codereview.chromium.org/2524493002
|
|
The -build/include setting was masking out build/include_what_you_use. This CL
restores them, fixes any build errors, and adds NOLINT as needed. As well,
the runtime/explicit and runtime/printf flags are aslo enabled and NOLINT'd.
lint cleanups
Change-Id: Ib013b3eb29c8d0e48cad74c5df9028684130719f
Reviewed-on: https://pdfium-review.googlesource.com/2030
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Review-Url: https://codereview.chromium.org/2512213002
|
|
IFGAS_FontMgr is an interface only for a class only defined on Windows,
plus a class only defined for non-Windows. I'm removing the interface,
renaming the class to have the same name in both cases, and cleaning up
a bit of unused methods.
Review-Url: https://codereview.chromium.org/2494883002
|
|
Review-Url: https://codereview.chromium.org/2467203003
|
|
It's been troubling for some time that an IFX_FileStream might
actually be an in-memory buffer with no backing file.
Review-Url: https://codereview.chromium.org/2443723002
|
|
- Nit fixes.
- Remove unused methods.
- Replace FX_BOOL with bool.
Review-Url: https://codereview.chromium.org/2419433004
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2383593002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2377393002
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2382723003
|
|
Review-Url: https://codereview.chromium.org/2362063003
|