Chromium Code Reviews Chromium Code Reviews
Issue 568803004:
PDF: Fix uninit memory access in PDFiumEngine. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "pdf/pdfium/pdfium_engine.h" | 5 #include "pdf/pdfium/pdfium_engine.h" |
| 6 | 6 |
| 7 #include <math.h> | 7 #include <math.h> |
| 8 | 8 |
| 9 #include "base/json/json_writer.h" | 9 #include "base/json/json_writer.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 543 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 554 PDFiumEngine::PDFiumEngine(PDFEngine::Client* client) | 554 PDFiumEngine::PDFiumEngine(PDFEngine::Client* client) |
| 555 : client_(client), | 555 : client_(client), |
| 556 current_zoom_(1.0), | 556 current_zoom_(1.0), |
| 557 current_rotation_(0), | 557 current_rotation_(0), |
| 558 doc_loader_(this), | 558 doc_loader_(this), |
| 559 password_tries_remaining_(0), | 559 password_tries_remaining_(0), |
| 560 doc_(NULL), | 560 doc_(NULL), |
| 561 form_(NULL), | 561 form_(NULL), |
| 562 defer_page_unload_(false), | 562 defer_page_unload_(false), |
| 563 selecting_(false), | 563 selecting_(false), |
| 564 mouse_down_state_(PDFiumPage::NONSELECTABLE_AREA, | |
| 565 PDFiumPage::LinkTarget()), | |
| 564 next_page_to_search_(-1), | 566 next_page_to_search_(-1), |
| 565 last_page_to_search_(-1), | 567 last_page_to_search_(-1), |
| 566 last_character_index_to_search_(-1), | 568 last_character_index_to_search_(-1), |
| 567 current_find_index_(-1), | 569 current_find_index_(-1), |
| 568 permissions_(0), | 570 permissions_(0), |
| 569 fpdf_availability_(NULL), | 571 fpdf_availability_(NULL), |
| 570 next_timer_id_(0), | 572 next_timer_id_(0), |
| 571 last_page_mouse_down_(-1), | 573 last_page_mouse_down_(-1), |
| 572 first_visible_page_(-1), | 574 first_visible_page_(-1), |
| 573 most_visible_page_(-1), | 575 most_visible_page_(-1), |
| (...skipping 741 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1315 return false; | 1317 return false; |
| 1316 | 1318 |
| 1317 SelectionChangeInvalidator selection_invalidator(this); | 1319 SelectionChangeInvalidator selection_invalidator(this); |
| 1318 selection_.clear(); | 1320 selection_.clear(); |
| 1319 | 1321 |
| 1320 int page_index = -1; | 1322 int page_index = -1; |
| 1321 int char_index = -1; | 1323 int char_index = -1; |
| 1322 PDFiumPage::LinkTarget target; | 1324 PDFiumPage::LinkTarget target; |
| 1323 PDFiumPage::Area area = GetCharIndex(event, &page_index, | 1325 PDFiumPage::Area area = GetCharIndex(event, &page_index, |
| 1324 &char_index, &target); | 1326 &char_index, &target); |
| 1325 mouse_down_state_ = MouseDownState(area, target); | 1327 mouse_down_state_.Set(area, target); |
| 1326 | 1328 |
| 1327 // Decide whether to open link or not based on user action in mouse up and | 1329 // Decide whether to open link or not based on user action in mouse up and |
| 1328 // mouse move events. | 1330 // mouse move events. |
| 1329 if (area == PDFiumPage::WEBLINK_AREA) | 1331 if (area == PDFiumPage::WEBLINK_AREA) |
| 1330 return true; | 1332 return true; |
| 1331 | 1333 |
| 1332 if (area == PDFiumPage::DOCLINK_AREA) { | 1334 if (area == PDFiumPage::DOCLINK_AREA) { |
| 1333 client_->ScrollToPage(target.page); | 1335 client_->ScrollToPage(target.page); |
| 1334 client_->FormTextFieldFocusChange(false); | 1336 client_->FormTextFieldFocusChange(false); |
| 1335 return true; | 1337 return true; |
|
raymes
2014/09/15 00:02:59
optional: I guess you might as well move this down
Lei Zhang
2014/09/15 15:26:09
Maybe in a separate CL.
Lei Zhang
2017/05/10 01:02:40
I forgot about this, but I was revisiting this CL,
| |
| 1336 } | 1338 } |
| 1337 | 1339 |
| 1338 if (page_index != -1) { | 1340 if (page_index != -1) { |
| 1339 last_page_mouse_down_ = page_index; | 1341 last_page_mouse_down_ = page_index; |
| 1340 double page_x, page_y; | 1342 double page_x, page_y; |
| 1341 pp::Point point = event.GetPosition(); | 1343 pp::Point point = event.GetPosition(); |
| 1342 DeviceToPage(page_index, point.x(), point.y(), &page_x, &page_y); | 1344 DeviceToPage(page_index, point.x(), point.y(), &page_x, &page_y); |
| 1343 | 1345 |
| 1344 FORM_OnLButtonDown(form_, pages_[page_index]->GetPage(), 0, page_x, page_y); | 1346 FORM_OnLButtonDown(form_, pages_[page_index]->GetPage(), 0, page_x, page_y); |
| 1345 int control = FPDPage_HasFormFieldAtPoint( | 1347 int control = FPDPage_HasFormFieldAtPoint( |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1403 if (event.GetButton() != PP_INPUTEVENT_MOUSEBUTTON_LEFT) | 1405 if (event.GetButton() != PP_INPUTEVENT_MOUSEBUTTON_LEFT) |
| 1404 return false; | 1406 return false; |
| 1405 | 1407 |
| 1406 int page_index = -1; | 1408 int page_index = -1; |
| 1407 int char_index = -1; | 1409 int char_index = -1; |
| 1408 PDFiumPage::LinkTarget target; | 1410 PDFiumPage::LinkTarget target; |
| 1409 PDFiumPage::Area area = | 1411 PDFiumPage::Area area = |
| 1410 GetCharIndex(event, &page_index, &char_index, &target); | 1412 GetCharIndex(event, &page_index, &char_index, &target); |
| 1411 | 1413 |
| 1412 // Open link on mouse up for same link for which mouse down happened earlier. | 1414 // Open link on mouse up for same link for which mouse down happened earlier. |
| 1413 if (mouse_down_state_ == MouseDownState(area, target)) { | 1415 if (mouse_down_state_.Matches(area, target)) { |
| 1414 if (area == PDFiumPage::WEBLINK_AREA) { | 1416 if (area == PDFiumPage::WEBLINK_AREA) { |
| 1415 bool open_in_new_tab = !!(event.GetModifiers() & kDefaultKeyModifier); | 1417 bool open_in_new_tab = !!(event.GetModifiers() & kDefaultKeyModifier); |
| 1416 client_->NavigateTo(target.url, open_in_new_tab); | 1418 client_->NavigateTo(target.url, open_in_new_tab); |
| 1417 client_->FormTextFieldFocusChange(false); | 1419 client_->FormTextFieldFocusChange(false); |
| 1418 return true; | 1420 return true; |
| 1419 } | 1421 } |
| 1420 } | 1422 } |
| 1421 | 1423 |
| 1422 if (page_index != -1) { | 1424 if (page_index != -1) { |
| 1423 double page_x, page_y; | 1425 double page_x, page_y; |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 1436 | 1438 |
| 1437 bool PDFiumEngine::OnMouseMove(const pp::MouseInputEvent& event) { | 1439 bool PDFiumEngine::OnMouseMove(const pp::MouseInputEvent& event) { |
| 1438 int page_index = -1; | 1440 int page_index = -1; |
| 1439 int char_index = -1; | 1441 int char_index = -1; |
| 1440 PDFiumPage::LinkTarget target; | 1442 PDFiumPage::LinkTarget target; |
| 1441 PDFiumPage::Area area = | 1443 PDFiumPage::Area area = |
| 1442 GetCharIndex(event, &page_index, &char_index, &target); | 1444 GetCharIndex(event, &page_index, &char_index, &target); |
| 1443 | 1445 |
| 1444 // Clear |mouse_down_state_| if mouse moves away from where the mouse down | 1446 // Clear |mouse_down_state_| if mouse moves away from where the mouse down |
| 1445 // happened. | 1447 // happened. |
| 1446 if (mouse_down_state_ != MouseDownState(area, target)) | 1448 if (!mouse_down_state_.Matches(area, target)) |
| 1447 mouse_down_state_ = MouseDownState(); | 1449 mouse_down_state_.Reset(); |
| 1448 | 1450 |
| 1449 if (!selecting_) { | 1451 if (!selecting_) { |
| 1450 PP_CursorType_Dev cursor; | 1452 PP_CursorType_Dev cursor; |
| 1451 switch (area) { | 1453 switch (area) { |
| 1452 case PDFiumPage::TEXT_AREA: | 1454 case PDFiumPage::TEXT_AREA: |
| 1453 cursor = PP_CURSORTYPE_IBEAM; | 1455 cursor = PP_CURSORTYPE_IBEAM; |
| 1454 break; | 1456 break; |
| 1455 case PDFiumPage::WEBLINK_AREA: | 1457 case PDFiumPage::WEBLINK_AREA: |
| 1456 case PDFiumPage::DOCLINK_AREA: | 1458 case PDFiumPage::DOCLINK_AREA: |
| 1457 cursor = PP_CURSORTYPE_HAND; | 1459 cursor = PP_CURSORTYPE_HAND; |
| (...skipping 1291 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2749 | 2751 |
| 2750 std::vector<pp::Rect> selection_rects = | 2752 std::vector<pp::Rect> selection_rects = |
| 2751 engine_->selection_[i].GetScreenRects( | 2753 engine_->selection_[i].GetScreenRects( |
| 2752 visible_rect.point(), | 2754 visible_rect.point(), |
| 2753 engine_->current_zoom_, | 2755 engine_->current_zoom_, |
| 2754 engine_->current_rotation_); | 2756 engine_->current_rotation_); |
| 2755 rects->insert(rects->end(), selection_rects.begin(), selection_rects.end()); | 2757 rects->insert(rects->end(), selection_rects.begin(), selection_rects.end()); |
| 2756 } | 2758 } |
| 2757 } | 2759 } |
| 2758 | 2760 |
| 2761 PDFiumEngine::MouseDownState::MouseDownState( | |
| 2762 const PDFiumPage::Area& area, | |
| 2763 const PDFiumPage::LinkTarget& target) | |
| 2764 : area_(area), target_(target) { | |
| 2765 } | |
| 2766 | |
| 2767 PDFiumEngine::MouseDownState::~MouseDownState() { | |
| 2768 } | |
| 2769 | |
| 2770 void PDFiumEngine::MouseDownState::Set(const PDFiumPage::Area& area, | |
| 2771 const PDFiumPage::LinkTarget& target) { | |
| 2772 area_ = area; | |
| 2773 target_ = target; | |
| 2774 } | |
| 2775 | |
| 2776 void PDFiumEngine::MouseDownState::Reset() { | |
| 2777 area_ = PDFiumPage::NONSELECTABLE_AREA; | |
| 2778 target_ = PDFiumPage::LinkTarget(); | |
| 2779 } | |
| 2780 | |
| 2781 bool PDFiumEngine::MouseDownState::Matches( | |
| 2782 const PDFiumPage::Area& area, | |
| 2783 const PDFiumPage::LinkTarget& target) const { | |
| 2784 if (area_ == area) { | |
| 2785 if (area == PDFiumPage::WEBLINK_AREA) | |
| 2786 return target_.url == target.url; | |
| 2787 if (area == PDFiumPage::DOCLINK_AREA) | |
| 2788 return target_.page == target.page; | |
| 2789 return true; | |
| 2790 } | |
| 2791 return false; | |
| 2792 } | |
| 2793 | |
| 2759 void PDFiumEngine::DeviceToPage(int page_index, | 2794 void PDFiumEngine::DeviceToPage(int page_index, |
| 2760 float device_x, | 2795 float device_x, |
| 2761 float device_y, | 2796 float device_y, |
| 2762 double* page_x, | 2797 double* page_x, |
| 2763 double* page_y) { | 2798 double* page_y) { |
| 2764 *page_x = *page_y = 0; | 2799 *page_x = *page_y = 0; |
| 2765 int temp_x = static_cast<int>((device_x + position_.x())/ current_zoom_ - | 2800 int temp_x = static_cast<int>((device_x + position_.x())/ current_zoom_ - |
| 2766 pages_[page_index]->rect().x()); | 2801 pages_[page_index]->rect().x()); |
| 2767 int temp_y = static_cast<int>((device_y + position_.y())/ current_zoom_ - | 2802 int temp_y = static_cast<int>((device_y + position_.y())/ current_zoom_ - |
| 2768 pages_[page_index]->rect().y()); | 2803 pages_[page_index]->rect().y()); |
| (...skipping 714 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3483 double* height) { | 3518 double* height) { |
| 3484 FPDF_DOCUMENT doc = FPDF_LoadMemDocument(pdf_buffer, pdf_buffer_size, NULL); | 3519 FPDF_DOCUMENT doc = FPDF_LoadMemDocument(pdf_buffer, pdf_buffer_size, NULL); |
| 3485 if (!doc) | 3520 if (!doc) |
| 3486 return false; | 3521 return false; |
| 3487 bool success = FPDF_GetPageSizeByIndex(doc, page_number, width, height) != 0; | 3522 bool success = FPDF_GetPageSizeByIndex(doc, page_number, width, height) != 0; |
| 3488 FPDF_CloseDocument(doc); | 3523 FPDF_CloseDocument(doc); |
| 3489 return success; | 3524 return success; |
| 3490 } | 3525 } |
| 3491 | 3526 |
| 3492 } // namespace chrome_pdf | 3527 } // namespace chrome_pdf |
| OLD | NEW |
