Chromium Code Reviews Chromium Code Reviews
Issue 892553002:
Fix JPX image rendering that regressed due to several security fixes. (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "../../../include/fxge/fx_ge.h" | 7 #include "../../../include/fxge/fx_ge.h" |
| 8 #include "../../../include/fxcodec/fx_codec.h" | 8 #include "../../../include/fxcodec/fx_codec.h" |
| 9 #include "../../../include/fpdfapi/fpdf_module.h" | 9 #include "../../../include/fpdfapi/fpdf_module.h" |
| 10 #include "../../../include/fpdfapi/fpdf_render.h" | 10 #include "../../../include/fpdfapi/fpdf_render.h" |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 112 CPDF_DIBSource::CPDF_DIBSource() | 112 CPDF_DIBSource::CPDF_DIBSource() |
| 113 { | 113 { |
| 114 m_pDocument = NULL; | 114 m_pDocument = NULL; |
| 115 m_pStreamAcc = NULL; | 115 m_pStreamAcc = NULL; |
| 116 m_pDict = NULL; | 116 m_pDict = NULL; |
| 117 m_bpp = 0; | 117 m_bpp = 0; |
| 118 m_Width = m_Height = 0; | 118 m_Width = m_Height = 0; |
| 119 m_pColorSpace = NULL; | 119 m_pColorSpace = NULL; |
| 120 m_bDefaultDecode = TRUE; | 120 m_bDefaultDecode = TRUE; |
| 121 m_bImageMask = FALSE; | 121 m_bImageMask = FALSE; |
| 122 m_bDoBpcCheck = TRUE; | |
| 122 m_pPalette = NULL; | 123 m_pPalette = NULL; |
| 123 m_pCompData = NULL; | 124 m_pCompData = NULL; |
| 124 m_bColorKey = FALSE; | 125 m_bColorKey = FALSE; |
| 125 m_pMaskedLine = m_pLineBuf = NULL; | 126 m_pMaskedLine = m_pLineBuf = NULL; |
| 126 m_pCachedBitmap = NULL; | 127 m_pCachedBitmap = NULL; |
| 127 m_pDecoder = NULL; | 128 m_pDecoder = NULL; |
| 128 m_nComponents = 0; | 129 m_nComponents = 0; |
| 129 m_bpc = 0; | 130 m_bpc = 0; |
| 130 m_bLoadMask = FALSE; | 131 m_bLoadMask = FALSE; |
| 131 m_Family = 0; | 132 m_Family = 0; |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 190 m_Width = m_pDict->GetInteger(FX_BSTRC("Width")); | 191 m_Width = m_pDict->GetInteger(FX_BSTRC("Width")); |
| 191 m_Height = m_pDict->GetInteger(FX_BSTRC("Height")); | 192 m_Height = m_pDict->GetInteger(FX_BSTRC("Height")); |
| 192 if (m_Width <= 0 || m_Height <= 0 || m_Width > 0x01ffff || m_Height > 0x01ff ff) { | 193 if (m_Width <= 0 || m_Height <= 0 || m_Width > 0x01ffff || m_Height > 0x01ff ff) { |
| 193 return FALSE; | 194 return FALSE; |
| 194 } | 195 } |
| 195 m_GroupFamily = GroupFamily; | 196 m_GroupFamily = GroupFamily; |
| 196 m_bLoadMask = bLoadMask; | 197 m_bLoadMask = bLoadMask; |
| 197 if (!LoadColorInfo(m_pStream->GetObjNum() != 0 ? NULL : pFormResources, pPag eResources)) { | 198 if (!LoadColorInfo(m_pStream->GetObjNum() != 0 ? NULL : pFormResources, pPag eResources)) { |
| 198 return FALSE; | 199 return FALSE; |
| 199 } | 200 } |
| 200 if (m_bpc == 0 || m_nComponents == 0) { | 201 if (m_bDoBpcCheck && (m_bpc == 0 || m_nComponents == 0)) { |
| 201 return FALSE; | 202 return FALSE; |
| 202 } | 203 } |
| 203 FX_SAFE_DWORD src_pitch = | 204 FX_SAFE_DWORD src_pitch = |
| 204 CalculatePitch8(m_bpc, m_nComponents, m_Width, m_Height); | 205 CalculatePitch8(m_bpc, m_nComponents, m_Width, m_Height); |
| 205 if (!src_pitch.IsValid()) { | 206 if (!src_pitch.IsValid()) { |
| 206 return FALSE; | 207 return FALSE; |
| 207 } | 208 } |
| 208 m_pStreamAcc = FX_NEW CPDF_StreamAcc; | 209 m_pStreamAcc = FX_NEW CPDF_StreamAcc; |
| 209 m_pStreamAcc->LoadAllData(pStream, FALSE, src_pitch.ValueOrDie(), TRUE); | 210 m_pStreamAcc->LoadAllData(pStream, FALSE, src_pitch.ValueOrDie(), TRUE); |
| 210 if (m_pStreamAcc->GetSize() == 0 || m_pStreamAcc->GetData() == NULL) { | 211 if (m_pStreamAcc->GetSize() == 0 || m_pStreamAcc->GetData() == NULL) { |
| 211 return FALSE; | 212 return FALSE; |
| 212 } | 213 } |
| 213 const CFX_ByteString& decoder = m_pStreamAcc->GetImageDecoder(); | 214 const CFX_ByteString& decoder = m_pStreamAcc->GetImageDecoder(); |
| 214 if (!decoder.IsEmpty() && decoder == FX_BSTRC("CCITTFaxDecode")) { | 215 if (decoder == FX_BSTRC("CCITTFaxDecode")) { |
| 216 m_bDoBpcCheck = TRUE; | |
| 215 m_bpc = 1; | 217 m_bpc = 1; |
|
Lei Zhang
2015/02/07 08:39:11
I don't have a test image, but I don't see how thi
| |
| 216 } | 218 } |
| 217 if (!CreateDecoder()) { | 219 if (!CreateDecoder()) { |
| 218 return FALSE; | 220 return FALSE; |
| 219 } | 221 } |
| 220 if (m_bImageMask) { | 222 if (m_bImageMask) { |
| 221 m_bpp = 1; | 223 m_bpp = 1; |
| 222 m_bpc = 1; | 224 m_bpc = 1; |
| 223 m_nComponents = 1; | 225 m_nComponents = 1; |
| 224 m_AlphaFlag = 1; | 226 m_AlphaFlag = 1; |
| 225 } else if (m_bpc * m_nComponents == 1) { | 227 } else if (m_bpc * m_nComponents == 1) { |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 309 m_Width = m_pDict->GetInteger(FX_BSTRC("Width")); | 311 m_Width = m_pDict->GetInteger(FX_BSTRC("Width")); |
| 310 m_Height = m_pDict->GetInteger(FX_BSTRC("Height")); | 312 m_Height = m_pDict->GetInteger(FX_BSTRC("Height")); |
| 311 if (m_Width <= 0 || m_Height <= 0 || m_Width > 0x01ffff || m_Height > 0x01ff ff) { | 313 if (m_Width <= 0 || m_Height <= 0 || m_Width > 0x01ffff || m_Height > 0x01ff ff) { |
| 312 return 0; | 314 return 0; |
| 313 } | 315 } |
| 314 m_GroupFamily = GroupFamily; | 316 m_GroupFamily = GroupFamily; |
| 315 m_bLoadMask = bLoadMask; | 317 m_bLoadMask = bLoadMask; |
| 316 if (!LoadColorInfo(m_pStream->GetObjNum() != 0 ? NULL : pFormResources, pPag eResources)) { | 318 if (!LoadColorInfo(m_pStream->GetObjNum() != 0 ? NULL : pFormResources, pPag eResources)) { |
| 317 return 0; | 319 return 0; |
| 318 } | 320 } |
| 319 if (m_bpc == 0 || m_nComponents == 0) { | 321 if (m_bDoBpcCheck && (m_bpc == 0 || m_nComponents == 0)) { |
| 320 return 0; | 322 return 0; |
| 321 } | 323 } |
| 322 FX_SAFE_DWORD src_pitch = | 324 FX_SAFE_DWORD src_pitch = |
| 323 CalculatePitch8(m_bpc, m_nComponents, m_Width, m_Height); | 325 CalculatePitch8(m_bpc, m_nComponents, m_Width, m_Height); |
| 324 if (!src_pitch.IsValid()) { | 326 if (!src_pitch.IsValid()) { |
| 325 return 0; | 327 return 0; |
| 326 } | 328 } |
| 327 m_pStreamAcc = FX_NEW CPDF_StreamAcc; | 329 m_pStreamAcc = FX_NEW CPDF_StreamAcc; |
| 328 m_pStreamAcc->LoadAllData(pStream, FALSE, src_pitch.ValueOrDie(), TRUE); | 330 m_pStreamAcc->LoadAllData(pStream, FALSE, src_pitch.ValueOrDie(), TRUE); |
| 329 if (m_pStreamAcc->GetSize() == 0 || m_pStreamAcc->GetData() == NULL) { | 331 if (m_pStreamAcc->GetSize() == 0 || m_pStreamAcc->GetData() == NULL) { |
| 330 return 0; | 332 return 0; |
| 331 } | 333 } |
| 334 const CFX_ByteString& decoder = m_pStreamAcc->GetImageDecoder(); | |
| 335 if (decoder == FX_BSTRC("CCITTFaxDecode")) { | |
| 336 m_bDoBpcCheck = TRUE; | |
| 337 m_bpc = 1; | |
| 338 } | |
| 332 int ret = CreateDecoder(); | 339 int ret = CreateDecoder(); |
| 333 if (ret != 1) { | 340 if (ret != 1) { |
| 334 if (!ret) { | 341 if (!ret) { |
| 335 return ret; | 342 return ret; |
| 336 } | 343 } |
| 337 if (!ContinueToLoadMask()) { | 344 if (!ContinueToLoadMask()) { |
| 338 return 0; | 345 return 0; |
| 339 } | 346 } |
| 340 if (m_bHasMask) { | 347 if (m_bHasMask) { |
| 341 StratLoadMask(); | 348 StratLoadMask(); |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 438 if (m_pDict->GetInteger("ImageMask")) { | 445 if (m_pDict->GetInteger("ImageMask")) { |
| 439 m_bImageMask = TRUE; | 446 m_bImageMask = TRUE; |
| 440 } | 447 } |
| 441 if (m_bImageMask || !m_pDict->KeyExist(FX_BSTRC("ColorSpace"))) { | 448 if (m_bImageMask || !m_pDict->KeyExist(FX_BSTRC("ColorSpace"))) { |
| 442 if (!m_bImageMask) { | 449 if (!m_bImageMask) { |
| 443 CPDF_Object* pFilter = m_pDict->GetElementValue(FX_BSTRC("Filter")); | 450 CPDF_Object* pFilter = m_pDict->GetElementValue(FX_BSTRC("Filter")); |
| 444 if (pFilter) { | 451 if (pFilter) { |
| 445 CFX_ByteString filter; | 452 CFX_ByteString filter; |
| 446 if (pFilter->GetType() == PDFOBJ_NAME) { | 453 if (pFilter->GetType() == PDFOBJ_NAME) { |
| 447 filter = pFilter->GetString(); | 454 filter = pFilter->GetString(); |
| 448 if (filter == FX_BSTRC("JPXDecode")) { | 455 if (filter == FX_BSTRC("JPXDecode") || |
| 456 filter == FX_BSTRC("CCITTFaxDecode")) { | |
| 457 m_bDoBpcCheck = FALSE; | |
| 449 return TRUE; | 458 return TRUE; |
| 450 } | 459 } |
| 451 } else if (pFilter->GetType() == PDFOBJ_ARRAY) { | 460 } else if (pFilter->GetType() == PDFOBJ_ARRAY) { |
| 452 CPDF_Array* pArray = (CPDF_Array*)pFilter; | 461 CPDF_Array* pArray = (CPDF_Array*)pFilter; |
| 453 if (pArray->GetString(pArray->GetCount() - 1) == FX_BSTRC("J PXDecode")) { | 462 if (pArray->GetString(pArray->GetCount() - 1) == FX_BSTRC("J PXDecode") || |
| 463 pArray->GetString(pArray->GetCount() - 1) == FX_BSTRC("C CITTFaxDecode")) { | |
| 464 m_bDoBpcCheck = FALSE; | |
| 454 return TRUE; | 465 return TRUE; |
| 455 } | 466 } |
| 456 } | 467 } |
| 457 } | 468 } |
| 458 } | 469 } |
| 459 m_bImageMask = TRUE; | 470 m_bImageMask = TRUE; |
| 460 m_bpc = m_nComponents = 1; | 471 m_bpc = m_nComponents = 1; |
| 461 CPDF_Array* pDecode = m_pDict->GetArray(FX_BSTRC("Decode")); | 472 CPDF_Array* pDecode = m_pDict->GetArray(FX_BSTRC("Decode")); |
| 462 m_bDefaultDecode = pDecode == NULL || pDecode->GetInteger(0) == 0; | 473 m_bDefaultDecode = pDecode == NULL || pDecode->GetInteger(0) == 0; |
| 463 return TRUE; | 474 return TRUE; |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 553 ICodec_ScanlineDecoder* FPDFAPI_CreateFaxDecoder(FX_LPCBYTE src_buf, FX_DWORD sr c_size, int width, int height, | 564 ICodec_ScanlineDecoder* FPDFAPI_CreateFaxDecoder(FX_LPCBYTE src_buf, FX_DWORD sr c_size, int width, int height, |
| 554 const CPDF_Dictionary* pParams); | 565 const CPDF_Dictionary* pParams); |
| 555 ICodec_ScanlineDecoder* FPDFAPI_CreateFlateDecoder(FX_LPCBYTE src_buf, FX_DWORD src_size, int width, int height, | 566 ICodec_ScanlineDecoder* FPDFAPI_CreateFlateDecoder(FX_LPCBYTE src_buf, FX_DWORD src_size, int width, int height, |
| 556 int nComps, int bpc, const CPDF_Dictionary* pParams); | 567 int nComps, int bpc, const CPDF_Dictionary* pParams); |
| 557 int CPDF_DIBSource::CreateDecoder() | 568 int CPDF_DIBSource::CreateDecoder() |
| 558 { | 569 { |
| 559 const CFX_ByteString& decoder = m_pStreamAcc->GetImageDecoder(); | 570 const CFX_ByteString& decoder = m_pStreamAcc->GetImageDecoder(); |
| 560 if (decoder.IsEmpty()) { | 571 if (decoder.IsEmpty()) { |
| 561 return 1; | 572 return 1; |
| 562 } | 573 } |
| 563 if (m_bpc == 0) { | 574 if (m_bDoBpcCheck && m_bpc == 0) { |
| 564 return 0; | 575 return 0; |
| 565 } | 576 } |
| 566 FX_LPCBYTE src_data = m_pStreamAcc->GetData(); | 577 FX_LPCBYTE src_data = m_pStreamAcc->GetData(); |
| 567 FX_DWORD src_size = m_pStreamAcc->GetSize(); | 578 FX_DWORD src_size = m_pStreamAcc->GetSize(); |
| 568 const CPDF_Dictionary* pParams = m_pStreamAcc->GetImageParam(); | 579 const CPDF_Dictionary* pParams = m_pStreamAcc->GetImageParam(); |
| 569 if (decoder == FX_BSTRC("CCITTFaxDecode")) { | 580 if (decoder == FX_BSTRC("CCITTFaxDecode")) { |
| 570 m_pDecoder = FPDFAPI_CreateFaxDecoder(src_data, src_size, m_Width, m_Hei ght, pParams); | 581 m_pDecoder = FPDFAPI_CreateFaxDecoder(src_data, src_size, m_Width, m_Hei ght, pParams); |
| 571 } else if (decoder == FX_BSTRC("DCTDecode")) { | 582 } else if (decoder == FX_BSTRC("DCTDecode")) { |
| 572 m_pDecoder = CPDF_ModuleMgr::Get()->GetJpegModule()->CreateDecoder(src_d ata, src_size, m_Width, m_Height, | 583 m_pDecoder = CPDF_ModuleMgr::Get()->GetJpegModule()->CreateDecoder(src_d ata, src_size, m_Width, m_Height, |
| 573 m_nComponents, pParams ? pParams->GetInteger(FX_BSTR("Color Transform"), 1) : 1); | 584 m_nComponents, pParams ? pParams->GetInteger(FX_BSTR("Color Transform"), 1) : 1); |
| (...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 882 } else { | 893 } else { |
| 883 m_pColorSpace->GetRGB(color_value, R, G, B); | 894 m_pColorSpace->GetRGB(color_value, R, G, B); |
| 884 } | 895 } |
| 885 SetPaletteArgb(i, ArgbEncode(255, FXSYS_round(R * 255), FXSYS_round( G * 255), FXSYS_round(B * 255))); | 896 SetPaletteArgb(i, ArgbEncode(255, FXSYS_round(R * 255), FXSYS_round( G * 255), FXSYS_round(B * 255))); |
| 886 } | 897 } |
| 887 } | 898 } |
| 888 } | 899 } |
| 889 void CPDF_DIBSource::ValidateDictParam() | 900 void CPDF_DIBSource::ValidateDictParam() |
| 890 { | 901 { |
| 891 m_bpc = m_bpc_orig; | 902 m_bpc = m_bpc_orig; |
| 892 » CPDF_Object * pFilter = m_pDict->GetElementValue(FX_BSTRC("Filter")); | 903 CPDF_Object * pFilter = m_pDict->GetElementValue(FX_BSTRC("Filter")); |
| 893 if (pFilter) { | 904 if (pFilter) { |
| 894 if (pFilter->GetType() == PDFOBJ_NAME) { | 905 if (pFilter->GetType() == PDFOBJ_NAME) { |
| 895 CFX_ByteString filter = pFilter->GetString(); | 906 CFX_ByteString filter = pFilter->GetString(); |
| 896 if (filter == FX_BSTRC("CCITTFaxDecode") || filter == FX_BSTRC("JBIG 2Decode")) { | 907 if (filter == FX_BSTRC("CCITTFaxDecode") || filter == FX_BSTRC("JBIG 2Decode")) { |
| 897 m_bpc = 1; | 908 m_bpc = 1; |
| 898 m_nComponents = 1; | 909 m_nComponents = 1; |
| 899 } | 910 } |
| 900 if (filter == FX_BSTRC("RunLengthDecode") || filter == FX_BSTRC("DCT Decode")) { | 911 if (filter == FX_BSTRC("RunLengthDecode") || filter == FX_BSTRC("DCT Decode")) { |
| 901 m_bpc = 8; | 912 m_bpc = 8; |
| 902 } | 913 } |
| 903 } else if (pFilter->GetType() == PDFOBJ_ARRAY) { | 914 } else if (pFilter->GetType() == PDFOBJ_ARRAY) { |
| 904 CPDF_Array *pArray = (CPDF_Array *)pFilter; | 915 CPDF_Array *pArray = (CPDF_Array *)pFilter; |
| 905 if (pArray->GetString(pArray->GetCount() - 1) == FX_BSTRC("CCITTFacD ecode") || | 916 if (pArray->GetString(pArray->GetCount() - 1) == FX_BSTRC("CCITTFaxD ecode") || |
| 906 pArray->GetString(pArray->GetCount() - 1) == FX_BSTRC("JBIG2 Decode")) { | 917 pArray->GetString(pArray->GetCount() - 1) == FX_BSTRC("JBIG2 Decode")) { |
| 907 m_bpc = 1; | 918 m_bpc = 1; |
| 908 m_nComponents = 1; | 919 m_nComponents = 1; |
| 909 } | 920 } |
| 910 if (pArray->GetString(pArray->GetCount() - 1) == FX_BSTRC("DCTDecode ")) { | 921 if (pArray->GetString(pArray->GetCount() - 1) == FX_BSTRC("DCTDecode ")) { |
| 911 // Previously, pArray->GetString(pArray->GetCount() - 1) == FX_B STRC("RunLengthDecode") was checked in the "if" statement as well, | 922 // Previously, pArray->GetString(pArray->GetCount() - 1) == FX_B STRC("RunLengthDecode") was checked in the "if" statement as well, |
| 912 // but too many documents don't conform to it. | 923 // but too many documents don't conform to it. |
| 913 m_bpc = 8; | 924 m_bpc = 8; |
| 914 } | 925 } |
| 915 } | 926 } |
| (...skipping 593 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1509 { | 1520 { |
| 1510 return ((CPDF_ProgressiveImageLoaderHandle*)LoadHandle)->Continue(pPause); | 1521 return ((CPDF_ProgressiveImageLoaderHandle*)LoadHandle)->Continue(pPause); |
| 1511 } | 1522 } |
| 1512 CPDF_ImageLoader::~CPDF_ImageLoader() | 1523 CPDF_ImageLoader::~CPDF_ImageLoader() |
| 1513 { | 1524 { |
| 1514 if (!m_bCached) { | 1525 if (!m_bCached) { |
| 1515 delete m_pBitmap; | 1526 delete m_pBitmap; |
| 1516 delete m_pMask; | 1527 delete m_pMask; |
| 1517 } | 1528 } |
| 1518 } | 1529 } |
| OLD | NEW |
