On the reproducer file of
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34505, the 1e-10
threshold is hit. Relaxing it to 1e-9 avoids the assertion.

Oliver Sander authored Jul 15, 2021 and Albert Astals Cid committed Jul 28, 2021

The method doAxialShFill does adaptive sampling of gradients.
If the gradient color is found to be the same at two consecutive
sampling locations then the gradient is concluded to be constant
between the two locations.

Of course, this conclusion may be wrong; one instance of this
happening is

  poppler/poppler#938

This patch fixes rendering of the test file in issue 938 by doing
one more sampling when a part of the gradient is suspected to be
constant.  Of course it is easily possible to create gradients
also misrender with the additional sampling point.  Should such
gradients ever appear in actual non-synthetic documents the code
can now easily handle yet more sample points.

Fixes: poppler/poppler#938

Albert Astals Cid authored Jul 22, 2021 and Albert Astals Cid committed Jul 22, 2021

Fixes #1097

Albert Astals Cid authored Jul 21, 2021 and Albert Astals Cid committed Jul 21, 2021

Otherwise we may end up using uninitized values

oss-fuzz/36396

Hib Eris authored Jul 16, 2021 and Oliver Sander committed Jul 19, 2021

Fixes: poppler/poppler#343

Oliver Sander authored Jul 15, 2021 and Albert Astals Cid committed Jul 17, 2021

This makes the code a bit shorter.

Oliver Sander authored Jul 09, 2021 and Albert Astals Cid committed Jul 14, 2021

That's a bit more modern than the old way where pointers to two
integers had to be passed to the method.

With the new method you can write

  auto pdfVersion = doc->getPdfVersion();
  // access numbers as pdfVersion.major and pdfVersion.minor

instead of

  int major, minor;
  doc->getPdfVersion(&major, &minor);

With C++17 you can even write

  auto [major, minor] = doc->getPdfVersion();

The new method is put alongside the old one in the Qt5 interface.
It replaces the old one in the Qt6 interface.

Nelson Benítez León authored Jul 05, 2021 and Albert Astals Cid committed Jul 12, 2021

Commit d6cccfb8 caused
issue #1100 because that change in the TextSelectionDumper
logic *must be mimicked* in poppler_page_get_text_layout_for_area()
and in poppler_page_get_text_attributes_for_area() because
all those functions must be consistent with each other in
the way they traverse and extract the text from the PDF.

Otherwise, wrong results may happen when using them
to map between graphical coordinates of text glyphs and
their corresponding positions in the text obtained from
poppler_page_get_text() (which uses TextSelectionDumper
to extract the text).

Fixes issue #1100

oss-fuzz/35996

Because the Page objects handed out by Document objects store a
pointer to the document.  If the Document object is deleted
before a Page object it handed out, that Page object will have
a stale pointer.

RM authored May 03, 2021 and Albert Astals Cid committed Jul 06, 2021

Modify internal API to allow addition and modification of outlines into a PDF. Tests in the qt5/qt6 directories.

duplicate qt5 outline test in qt6 directory

Zachary Travis authored Jul 06, 2021 and Albert Astals Cid committed Jul 06, 2021

If a PDF form field value uses a font that is not in the resources dictionary, a warning is logged and the field value is ignored/not displayed. It's unclear whether this behavior is strictly valid based on the PDF spec (since typically font references, even to base fonts, require a corresponding font dictionary) but Acrobat seems to display the content anyway.

Uli Schlachter authored Jul 01, 2021 and Albert Astals Cid committed Jul 04, 2021

When I run "cmake -DENABLE_DCTDECODER=none -DENABLE_BOOST=OFF" on my
system, I get the following output:

    -- Found Iconv: /usr/lib/x86_64-linux-gnu/libc.so
    CMake Warning at CMakeLists.txt:252 (find_package):
      By not providing "FindOpenJPEG.cmake" in CMAKE_MODULE_PATH this project has
      asked CMake to find a package configuration file provided by "OpenJPEG",
      but CMake did not find one.

      Could not find a package configuration file provided by "OpenJPEG" with any
      of the following names:

        OpenJPEGConfig.cmake
        openjpeg-config.cmake

      Add the installation prefix of "OpenJPEG" to CMAKE_PREFIX_PATH or set
      "OpenJPEG_DIR" to a directory containing one of the above files.  If
      "OpenJPEG" provides a separate development package or SDK, be sure it has
      been installed.

    CMake Error at CMakeLists.txt:255 (message):
      Install libopenjpeg2 before trying to build poppler.  You can also decide
      to use the internal unmaintained JPX decoder or none at all.

    -- Configuring incomplete, errors occurred!
    See also "/tmp/poppler/build/CMakeFiles/CMakeOutput.log".
    See also "/tmp/poppler/build/CMakeFiles/CMakeError.log".

To figure out what exactly to do now, I have to read some
CMakeLists.txt. This commit improves the situation by producing the
following output instead:

    -- Found Iconv: /usr/lib/x86_64-linux-gnu/libc.so
    CMake Warning at CMakeLists.txt:254 (find_package):
      By not providing "FindOpenJPEG.cmake" in CMAKE_MODULE_PATH this project has
      asked CMake to find a package configuration file provided by "OpenJPEG",
      but CMake did not find one.

      Could not find a package configuration file provided by "OpenJPEG" with any
      of the following names:

        OpenJPEGConfig.cmake
        openjpeg-config.cmake

      Add the installation prefix of "OpenJPEG" to CMAKE_PREFIX_PATH or set
      "OpenJPEG_DIR" to a directory containing one of the above files.  If
      "OpenJPEG" provides a separate development package or SDK, be sure it has
      been installed.

    -- Could NOT find openjpeg2.
    CMake Error at CMakeLists.txt:258 (message):
      Install libopenjpeg2 before trying to build poppler.  You can also decide
      to use the internal unmaintained JPX decoder or none at all.

      Possible options are: -DENABLE_LIBOPENJPEG=openjpeg2,
      -DENABLE_LIBOPENJPEG=none, -DENABLE_LIBOPENJPEG=unmaintained,

    -- Configuring incomplete, errors occurred!
    See also "/tmp/poppler/build/CMakeFiles/CMakeOutput.log".
    See also "/tmp/poppler/build/CMakeFiles/CMakeError.log".

Signed-off-by: Uli Schlachter <psychon@znc.in>

Uli Schlachter authored Jul 01, 2021 and Albert Astals Cid committed Jul 04, 2021

When I run cmake on my system, I get the following output:

    -- Checking for module 'nss>=3.19'
    --   Package 'nss', required by 'virtual:world', not found
    -- Could NOT find NSS3 (missing: NSS3_LIBRARIES NSS3_CFLAGS)
    CMake Error at CMakeLists.txt:149 (message):
      Install libjpeg before trying to build poppler.  You can also decide to use
      the internal unmaintained DCT decoder or none at all.

    -- Configuring incomplete, errors occurred!
    See also "/tmp/poppler/build/CMakeFiles/CMakeOutput.log".
    See also "/tmp/poppler/build/CMakeFiles/CMakeError.log".

Being (badly) trained in CMake errors, I see "Could NOT find NSS3" and
conclude that this is the problem. I do not even read the actual error
message.

This commit improves the situation by producing the following output
instead:

    -- Checking for module 'nss>=3.19'
    --   Package 'nss', required by 'virtual:world', not found
    -- Could NOT find NSS3 (missing: NSS3_LIBRARIES NSS3_CFLAGS)
    -- Could NOT find libjpeg.
    CMake Error at CMakeLists.txt:150 (message):
      Install libjpeg before trying to build poppler.  You can also decide to use
      the internal unmaintained DCT decoder or none at all.

      Possible options are: -DENABLE_DCTDECODER=libjpeg,
      -DENABLE_DCTDECODER=none, -DENABLE_DCTDECODER=unmaintained

    -- Configuring incomplete, errors occurred!
    See also "/tmp/poppler/build/CMakeFiles/CMakeOutput.log".
    See also "/tmp/poppler/build/CMakeFiles/CMakeError.log".

This also explicitly lists the possible values for the parameter that I
figured out by reading the code around CMakeLists.txt:151.

Signed-off-by: Uli Schlachter <psychon@znc.in>

The JBIG2SymbolDict constructor gets a size parameter, and it allocates
memory for a bitmap of that size.  Bug report 535

  #535

has a file where this size is 0.  In that case, the call to
gmallocn_checkoverflow returns nullptr, and subsequent calls to
JBIG2SymbolDict::isOk return false.  This is then interpreted
as an error, and the JBIG2 processing is aborted.  For the
test file mentioned above this happens in line 1807.

I don't know whether such a file with a size-0 symbol dict
is malformed or not.  However, the test file renders just fine
if the 'failing' allocation is simply ignored.  This patch
therefore relaxes the isOk method a little.  A JBIG2SymbolDict
object is now deemed 'ok' either if it holds a bitmap (that was
the previous test) *or if it has size 0*.

This fixes

  #535

The textClipPath member is set in CairoOutputDev::endString() and freed
in CairoOutputDev::endTextObject(). However, if endTextObject() is not
called for whatever reason, the path will just be leaked.

This adds code to the destructor to free this.

This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32326

Testing done:

$ wget -O testcase 'https://oss-fuzz.com/download?testcase_id=6659952325296128'
[...]
$ cmake .. -G Ninja -DENABLE_DCTDECODER=unmaintained -DENABLE_BOOST=OFF -DENABLE_LIBOPENJPEG=unmaintained && ninja
[...]
$ git describe
poppler-21.06.1-5-gb7c40059
$ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
[...]
==104075==
==104075== HEAP SUMMARY:
==104075==     in use at exit: 28,292 bytes in 55 blocks
==104075==   total heap usage: 6,114 allocs, 6,059 frees, 1,617,444 bytes allocated
==104075==
==104075== 24 bytes in 1 blocks are definitely lost in loss record 4 of 37
==104075==    at 0x483877F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==104075==    by 0x48AE748: ??? (in /usr/lib/x86_64-linux-gnu/libcairo.so.2.11600.0)
==104075==    by 0x118995: endString (CairoOutputDev.cc:1474)
==104075==    by 0x118995: CairoOutputDev::endString(GfxState*) (CairoOutputDev.cc:1412)
==104075==    by 0x4B97295: Gfx::doShowText(GooString const*) (Gfx.cc:4010)
==104075==    by 0x4B97CB4: Gfx::opShowSpaceText(Object*, int) (Gfx.cc:3793)
==104075==    by 0x4B8D866: Gfx::go(bool) (Gfx.cc:681)
==104075==    by 0x4B8DCFA: display (Gfx.cc:642)
==104075==    by 0x4B8DCFA: Gfx::display(Object*, bool) (Gfx.cc:622)
==104075==    by 0x4BE1A83: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (Page.cc:576)
==104075==    by 0x11317C: renderPage (pdftocairo.cc:669)
==104075==    by 0x11317C: main (pdftocairo.cc:1183)
==104075==
==104075== LEAK SUMMARY:
==104075==    definitely lost: 24 bytes in 1 blocks
==104075==    indirectly lost: 0 bytes in 0 blocks
==104075==      possibly lost: 0 bytes in 0 blocks
==104075==    still reachable: 28,268 bytes in 54 blocks
==104075==         suppressed: 0 bytes in 0 blocks
==104075== Reachable blocks (those to which a pointer was found) are not shown.
==104075== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==104075==
==104075== For lists of detected and suppressed errors, rerun with: -s
==104075== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
$ git checkout cairo-leak-textClipPath && git describe && ninja
Zu Branch 'cairo-leak-textClipPath' gewechselt
poppler-21.06.1-6-g8df6f8d2


$ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
[...]
==104263==
==104263== HEAP SUMMARY:
==104263==     in use at exit: 28,268 bytes in 54 blocks
==104263==   total heap usage: 6,114 allocs, 6,060 frees, 1,617,444 bytes allocated
==104263==
==104263== LEAK SUMMARY:
==104263==    definitely lost: 0 bytes in 0 blocks
==104263==    indirectly lost: 0 bytes in 0 blocks
==104263==      possibly lost: 0 bytes in 0 blocks
==104263==    still reachable: 28,268 bytes in 54 blocks
==104263==         suppressed: 0 bytes in 0 blocks
==104263== Reachable blocks (those to which a pointer was found) are not shown.
==104263== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==104263==
==104263== For lists of detected and suppressed errors, rerun with: -s
==104263== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

As you (might) see, before this commit, there is a "definitely lost"
leak of 24 bytes with this test case. After this commit, this leak is
gone.

Signed-off-by: Uli Schlachter <psychon@znc.in>

Fixes issue #1088

fedora 34 is giving weird errors around libjpeg

Regression from e3fed321

Fixes issue #1087