| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Updates doc/src/conf.py to point to the toc file to ensure
that everything is built for the PDF.
<log></log>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sphinx docs exemplar
Adds a source folder with a README to redo the docs
with Sphinx.
More Sphinx updates - added main skeleton htm pages
gitignore also removes .buildinfo & .doctrees
<log></log>
More Sphinx docs work
Sphinx updates for API page
Sphinx docs: some tidy up start of Use.htm
Sphinx docs: mostly more on Use.htm
Sphinx docs: Completes Use.rst, starts some other pages
Sphinx docs: Completes Devices.rst
Sphinx docs: Start of VectorDevices.rst
Sphinx docs: Completes VectorDevices.rst
Sphinx docs: Start of Drivers.rst
Sphinx docs: Completes Drivers.rst
Sphinx docs: Corrects some links in API.rst
Sphinx docs: Completes Make.rst section
Sphinx docs: Completes Install.rst section
Sphinx docs: Completes Lib.rst and adds footer to all rst files
Sphinx docs: Completes C-style.rst, changes description for "iff"
Sphinx docs: Completes P-style.rst
Sphinx docs: Starts Language.rst and tweaks some other rst files
Sphinx docs: Completes Language.rst and adds "title" directive to all rst files
Sphinx docs: completes Unix-lpr.rst, Fonts.rst, PS-files.rst, News.rst, third-party.rst
Also updates the title header layout for all the rst files
Sphinx docs: Deprecated.rst -> UnsupportedDevices.rst
Sphinx docs: Completes Source.rst
Sphinx docs: Multiple updates across many RST files
Sphinx docs: Completes Develop.rst
Sphinx docs: Fixes build errors and warnings
Sphinx docs: Some tidy up and start of UnsupportedDevices.rst
Sphinx docs: More updates to UnsupportedDevices.rst
Sphinx docs: More tidy up, adds the readthedocs.yaml
<log></log>
Sphinx docs: tidy up language-bindings favicon reference
<log></log>
Sphinx docs: more conf tidy up, fixes a link in Devices.rst
<log></log>
Sphinx docs: Updates News.rst to include News.htm
Updates News.htm to include just the body HTML ready
for insertion into the RST docs or to view standalone.
Updates README to add advice on editing & publishing docs
<log></log>
Sphinx docs: Removes old .htm files and any other seemingly redundant files in "doc"
Sphinx docs: Removes the built output from Sphinx as it is not required
<log></log>
Sphinx docs: Updates devices keywords to be styled with :title: tag
- This wraps these keywords with <cite> at the HTML level
- Also added a requirements.txt file for the .readthedocs.yaml
to use
Sphinx docs: Includes index.htm with prospective readthedocs website redirect
<log></log>
Sphinx docs: Removes README.md and moves info over into HowToBuildTheDocs.txt
Also tidies up a header underline which was too short
in UnsupportedDevices.rst
<log></log>
Sphinx docs: Removes Release.rst
Sphinx docs: Devices.rst - Add bbox notes from earlier 10.0.0 branch commit
See: - add a note about precision of bbox device commit
7f2719bff1d50e151918cf505fa695edc65e936f
Also indents some properties which were children of
a dictionary to make it more understandable.
<log></log>
Sphinx docs: Updates News.htm to reflect recent changes
<log></log>
Sphinx docs: Adds the generated Ghostscript documentation PDF
Generated via sphinx-build
<log></log>
Sphinx docs: Removes redundant link from Install.htm
<log></log>
Sphinx docs: Adds standalone TOC, start of Language Bindings docs
GhostAPI completed here for C sharp.
<log></log>
Sphinx docs: Adds GhostNET documentation
<log></log>
Sphinx docs: Completes the C# documentation
<log></log>
Sphinx docs: Completes Java Language Bindings introduction
<log></log>
Sphinx docs: Completes Java Language Bindings docs
Also fixes a syntax error in API.rst
Sphinx docs: Completes the Python Language Bindings docs
<log></log>
Sphinx docs: Republishes PDF version of docs
Now includes Language Bindings
<log><log>
Sphinx docs: Move language binding "Building GS" section to reference sections in Make.rst
<log></log>
Sphinx docs: Fixes bullet point syntax, and some other tweaks.
Also includes:
Putting "build" before "install" in the left nav
Some small syntax tweaks and improvments.
Sphinx docs: Updates reference: IRC channel -> Discord channel
Sphinx docs: Updates Python Language Bindings with links to C docs and other fixes
<log></log>
Sphinx docs: Completes tweaks for Python section and publishes amended PDF
<log></log>
Sphinx docs: Final tweak to Python section
<log></log>
|
|
|
|
| |
These rules should be updated as understanding dawns
|
| |
|
|
|
|
|
|
|
|
|
| |
This influences how pdfwrite works out whether or not to embed a given font.
With that flag not set, PDF base 14 fonts were getting embedded when, with the
version of PDF pdfwrite defaults to creating, they should not be.
Stems from Bug 705872.
|
|
|
|
|
|
|
| |
Don't dereference something that's not a pointer. I have no
idea how this passed testing, or why it has only started cauing
crashes recently, but clearly if I'm passing values that are
-1, 0 or 1, use them as is, don't dereference them.
|
|
|
|
|
| |
Postscript jobs require NOPAUSE in the dict, not just in the
main instance.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 1bdc4a87930b1180cebaa73ea8a9cc96c50d34e9 added a check on the
count of the number of pages (to try and avoid timeouts with OSS-fuzz
and huge declared page counts). Unfortunately the wrong dictionary
was queried for the count of intermediate page tree nodes leading to
a wildly incorrect number of pages.
This led to a load of errors being thrown, though all the pages were
rendered correctly.
Correct that here....
|
|
|
|
|
|
|
|
|
|
| |
Bug #705861 "Regression: image not centered when forcing A4 output"
The old PDF interpreter apparently centres the content on the scaled
page when using PDFFitPage, whereas we were maintaining the origin at
0,0.
Add code to duplicate this.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The change for bug 703694 in commit 0f38f27a7b3a1eb meant that
we no longer accepted
-sFoo="Bar Baz"
in an @file, and instead read that as:
-sFoo="Bar
This seems counterintuitive.
Here we tweak the code so that " is accepted to mean the start
of a quotation after an = sign too.
We also tweak the handling of '\' so that special case handling
only happens in @ files, not from the command line. And we
allow '\"' to mean literal '"'. '\' at the end of the line remains
meaning "continue parsing past the newline". All other cases
of '\' continue to mean literal '\'.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug #705784 "NULL pointer dereference in pdf/pdf_image.c:883 pdfi_data_image_params"
The function picking out the required image information wasn't type
checking some elements, which was comparatively safe (but still wrong)
before the change to handling some objects as low integer values rather
than pointers to objects. That change causes us to try and dereference
pointers to low memory and causes a crash.
We should type check all the image dictionary contents before use, this
commit just adds that. If we find an optional entry that isn't a valid
type we raise a warning but continue unless PDFSTOPONWARNING is set.
We ignore the invalid value which may still cause further errors or
incorrect rendering though.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A number of OSS-fuzz files timeout due to having an excessively large
/Count (eg 213804087) in the root node of the Pages tree.
This doesn't cause us any real problems, except that it takes a long
time to fail to render that many pages. On the other hand, validating
the entire pages tree for a large file with many nodes could take a
reasonable amount of time. Not huge but it would mean a performance hit
on sensible files just to avoid this penalty on broken files.
As a compromise; this commit checks the root node /Kids array, if it has
sufficient entries to match the /Count then we assume its a flat tree
and the Count is correct. If it has fewer then we assume it's a tree and
we check each of the entries in the /Kids array. If its a leaf node then
we add 1 to the running count. If it is an intermediate node then we add
the /Count of the node to the running count.
If the one-level check matches the root node /Count then we assume the
Count is correct. If it does not, then we assume that the count of
the first level is correct.
We could, if desired, validate the entire tree instead at this point
but I don't think it's worth it. If the tree is really broken then the
file is going to fail. This commit prevents the timeout and if the
corruption is limited to the Count of the root node then it will
recover from that.
|
|
|
|
|
|
|
| |
Bug #705853 "buffer overflow in /base/gsmchunk.c:1110 chunk_free_object (exploitable)"
The commit 4fdfca8cbadb1ab15005a6cfde53a59d1f642a7e updated one case of
this, in pdfi_oc_levels_set, but missed the one here. Fix that too.
|
| |
|
|
|
|
|
|
| |
Don't insert a round line join if the line segments are colinear
and not-reversed. Otherwise the large round join can show past
the end of dash segments.
|
|
|
|
|
|
| |
The previous fix was correct, but left the potential problem
open for other tiling types. Move/refine the test a bit to ensure
it works for all types.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug #705849 "New PDF interpreter errors out with PDFFitPage"
If the input PDF file had square media then we would correctly decide
we did not need to rotate the media for a better fit, but we left the
values we would normally use to calculate if rotation was required on
the operand stack, resulting in an error.
Pop the unused values.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug #705843 " heap-buffer-overflow in pdf/pdf_xref.c:114 read_xref_stream_entries (exploitable)"
The /Index array in the XRefStm holds pairs of values, the first is the
first object number in a subsection, the second is the number of entries
in a subsection.
We were doing loads of checks on the validity of these numbers, but
forgot to check that the size was at least 1. Because we later use
start + size - 1 we could then end up with a ridiculously large index,
because these are unsigned values.
If we get a size of 0, just ignore the subsection.
While making changes, renamed 'end' to 'size' because its a better
descriptive name.
|
|
|
|
|
|
|
|
|
|
|
|
| |
OSS-fuzz 50138
If a file was sufficiently insanely broken to nest arrays or
dictionaries to a sufficient depth, we could exhaust the C execution
stack when trying to free the top level one.
This limits the nesting to a compile-time level (currently 100). If we
exceed that we simply stop nesting the objects but store an error for
reporting on exit.
|
|
|
|
|
|
|
|
|
| |
See bug 705534. The interpreter spends an enormous amount of time
checking to see if a dictionary contains a key, or an equally large
amount of time sorting the dictionary after adding a key.
We know that these keys are unique in the dictionary, so this is a waste
of time, lets not do that.
|
|
|
|
|
|
|
|
|
|
|
|
| |
OSS-fuzz 51011
The annot and optional content code all use the /Parent dictionary, but
doesn't have any circular reference protection.
This duplicates the protection we added to Widget annotations. I intend
to supercede this commit with a more general one which deals in a more
common fashion with access to the /Parent, I just don't want to lose
this commit.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a speculative fix for OSS-fuzz 50448. Despite the fact that
we cannot reproduce this, it looks like the problem must stem from
reading off the end of the input buffer.
This is possible because we do not check the instruction pointer, but
just keep on incrementing it until we get an endchar.
It looks like we should originally have been doing this, because the
ip_state_t structure, which is used to store the state on a stack
when we call subroutines, has an 'ip_end' pointer. But we were never
using that.....
So add code to set and use it, and add a local variable to hold the
pointer to the end of the input buffer, and check cip against that.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If bbh is large enough, floor(bbh+0.5) can be MIN_INT.
This gives a device height of MIN_INT, which is copied to band_height,
and then trips the band calculations to result in accessing beyond
the end of the band list.
Head all this off, by spotting inst.size.x or y being < 0.
|
|
|
|
|
|
|
|
|
| |
The "modes" and "end_status" values were being left unset by s_init() which
*may* end up causing problems if the stream finalize method gets called
before those values are set by something else.
This stems from oss-fuzz #50898 which we cannot reproduce, but Ken spotted the
potential problem reading the code, so we're putting in a speculative fix.
|
|
|
|
|
|
|
|
|
|
|
| |
OSS-fuzz 50857
The file is corrupted in a way which causes the Parent of a Widget
annotation to be an indirect reference to an indirect reference, which
points back to the Widget annotation.
Add loop detection to the Widget Parent dereferencing/checking to avoid
this.
|
|
|
|
|
|
|
|
|
| |
We can't free our libtiff "client data) until we've completed writing the TIFF
(which also frees the libtiff context), but having completed writing the TIFF,
we can no longer access our client data through the libtiff context.
We have to retrieve a pointer to our client data, complete the TIFF writing
process, then free our client data using the pointer we previously retrieved.
|
|
|
|
| |
ttfOutliner__BuildGlyphOutlineAux()
|
|
|
|
|
| |
The wrinkle is that for each arg pushed, it reads two values from the code
buffer.
|
|
|
|
| |
When PDF is included.
|
|
|
|
| |
Bug #705830 "imprecise bbox of PDF"
|
|
|
|
|
|
|
|
|
|
|
| |
Unlike the Postscript code, pdfi does not have a create a Type 42 font from a
TTF stream, it can just use the TTF stream unchanged. This means pdfi does
not "filter out" TTF tables not required for Type 42, and pdfwrite would then
write out (almost) all the tables presented to it, meaning the output file size
could increase significantly.
This just has pdfwrite filter out TTF tables not used in TTFs embedded in PDF
files.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Firstly, pdfi is strict in enforcing that dictionary keys must be names, so
when the mapping is a path/file we need to convert that string to a name so we
can store it in the substitute fonts dictionary.
Secondly, an error storing the mapping in the substitute fonts dictionary should
not be propagated - we should continue to use the mapping even if we can't store
it for later reuse.
Stems from (but not fixes) Bug 705831
|
|
|
|
| |
Accidentally left two debugging lines in the previous commit.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug #705834 "stack overflow in psi/idict.c:160 dict_alloc (exploitable)"
This is caused by subsequent calls to .PDFInfo causing the Info
dictionary to end up with circular references as we replace indirect
references with PDF objects.
I'd been meaning for some time to revisit the PostScript code and avoid
calling .PDFInfo multiple times just for performance reasons (we have to
convert the PDF dictionary to a PostScript dictionary every time).
This commit uses the stored PostScript dictionary 'PDFInfo' instead of
calling .PDFInfo which avoids the circular reference and is slightly
more efficient.
|
|
|
|
|
|
|
|
| |
Turns out there are multiple paths to the error label, many of which
occur before the 'info' enumerator is created. Fix this by initialising
the pointer to NULL and then testing to see if it has been created
before calling end_image. If it hasn't then we didn't call begin_image
(or it failed) and so should not call end_image.
|
|
|
|
|
|
| |
The cleanup code was misplaced, because the enumerator finalze resets
the 'dev' member to NULL before we use it. Move the 'tif' cleanup
earlier so we can use the dev member before it is set to NULL.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OSS-fuzz 50779
The gdevp14 device was not calling end_image if an error occurred while
sending an image to the output device. The xpswrite device only cleans
up its TIFF image on receipt of an end_image call, which meant that the
'tiff' member allocated in the image enumerator was never freed.
So start by making the gdevp14 device call end_image if it gets an error
in case any other devices have similar requirements.
For a belt and braces approach, have the xpswrite device's finalize
routine for image enumerators free the tif member if it has been
initialised. To do this we first need to actually initialise it to NULL
on creation of the image enumerator, and set it back to NULL in the
end_image routine when we free it.
|
|
|
|
|
| |
Previously, I changed the wrong macro invocation, this puts that back, and
changes the correct instance to new macro.
|
| |
|