Age | Commit message (Collapse) | Author |
|
There are places where an object "child" has a raw pointer
back to object "owner" with the understanding that owner will
always outlive child.
Violating this constraint can lead to use after free, but this
requires finding two paths: one that frees the objects in the
wrong order, and one that uses the object after the free. The
purpose of this patch is to detect the constraint violation
even when the second path is not hit.
We create a template that is used in place of TYPE*. It's dtor,
when a memory tool is present, goes out and probes the first
byte of the object to which it points. Used in "child", this
allows the memory tool to prove that the "owner" is still alive
at the time the child is destroyed, and hence the constraint is
never violated.
Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417
Reviewed-on: https://pdfium-review.googlesource.com/5475
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
This Cl cleans up more IFX_Pause parameters which are always null.
Change-Id: Ia48600f06216db64a2db8e6e97222a91bd4ba149
Reviewed-on: https://pdfium-review.googlesource.com/4890
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Rename CFGAS_TextStream to CFGAS_Stream. CFGAS_Stream is converted
to a base class instead of accepting an IFGAS_StreamImp. Things
which inherted from IFGAS_StreamImp now inherit from CFGAS_Stream.
The stream type inputs are changed to IFX_SeekableStream so that
they can accept the same type (IFX_SeekableStream is an
IFX_SeekableWriteStream and an IFX_SeekableReadStream). This way
the storage can be shared in the base class.
Change-Id: I06645071e68e2a4d4120c0e336529f2c18c2b705
Reviewed-on: https://pdfium-review.googlesource.com/4152
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
This Cl moves more of the CFX classes defined in the xfa/ directory to
the core/fxcrt directory and conditionally builds them.
Change-Id: I811e6c6acd31dfbe75b49880be43661f78334013
Reviewed-on: https://pdfium-review.googlesource.com/3372
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This reverts commit 31b08d4cdaa17d7a03f35e087096a77036af98ec.
Re-landing the patch after fixing skia build issue.
Change-Id: Ie7039890088b803a6ec5ce365d70f57277459b48
Reviewed-on: https://pdfium-review.googlesource.com/3245
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This reverts commit 0004f29bf6ee3c6060a272c79f14993e92e053c7.
Reason for revert: Breaks build with skia_paths enabled (which will break the chrome roll).
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:1858:38: error: no member named 'get' in 'CFX_RetainPtr<CFX_DIBitmap>'
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:1861:42: error: no member named 'get' in 'CFX_RetainPtr<CFX_DIBitmap>'
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2987:15: error: no viable overloaded '='
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2991:18: error: no viable overloaded '='
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2999:17: error: no viable overloaded '='
../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:3001:43: error: no member named 'GetObject' in 'CFX_RetainPtr<CFX_DIBitmap>'
Original change's description:
> Refcount all CFX_DIBSources (and subclasses) all the time.
>
> There are currently several ownership models for these objects,
> including ad-hoc logic for sharing and deletion, and the
> now-redundant CFX_DIBitmapRef externally-counted handle to the DIBs.
>
> Replace them all with the internal refcount scheme.
>
> Change-Id: I2db399dfc19219eda384f94cc989353b78ce2872
> Reviewed-on: https://pdfium-review.googlesource.com/3166
> Reviewed-by: dsinclair <dsinclair@chromium.org>
> Commit-Queue: dsinclair <dsinclair@chromium.org>
>
TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org,pdfium-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: I678b1fbc5e666cf7a19372ebaff3270fb115ba5e
Reviewed-on: https://pdfium-review.googlesource.com/3243
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
There are currently several ownership models for these objects,
including ad-hoc logic for sharing and deletion, and the
now-redundant CFX_DIBitmapRef externally-counted handle to the DIBs.
Replace them all with the internal refcount scheme.
Change-Id: I2db399dfc19219eda384f94cc989353b78ce2872
Reviewed-on: https://pdfium-review.googlesource.com/3166
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL moves the .h files to have names corresponding to the contained
classes. The .cpp files are moved alongside the .h files. Any extra
classes in the .h files have been split into their own files.
Change-Id: I14b4efc02417f0df946500e87b6c502e77020db8
Reviewed-on: https://pdfium-review.googlesource.com/3160
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|