From 57079429e54edf51473ef8da10de97ac31a2b370 Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Thu, 16 Aug 2018 22:13:32 +0200 Subject: [PATCH 1/6] all: Use the openFile fopen wrapper from gfile.h Use the openFile wrapper instead of calling fopen directly in the libraries. --- fofi/FoFiBase.cc | 3 ++- fofi/FoFiIdentifier.cc | 3 ++- poppler/FileSpec.cc | 3 ++- poppler/GfxState.cc | 5 +++-- poppler/GlobalParams.cc | 4 ++-- poppler/GlobalParamsWin.cc | 2 +- poppler/PDFDoc.cc | 6 +++--- poppler/PSOutputDev.cc | 4 ++-- poppler/TextOutputDev.cc | 3 ++- splash/SplashBitmap.cc | 7 ++++--- 10 files changed, 23 insertions(+), 17 deletions(-) diff --git a/fofi/FoFiBase.cc b/fofi/FoFiBase.cc index 2fa71d1..50d7a20 100644 --- a/fofi/FoFiBase.cc +++ b/fofi/FoFiBase.cc @@ -30,6 +30,7 @@ #include #include +#include "goo/gfile.h" #include "goo/gmem.h" #include "poppler/Error.h" #include "FoFiBase.h" @@ -55,7 +56,7 @@ char *FoFiBase::readFile(char *fileName, int *fileLen) { char *buf; int n; - if (!(f = fopen(fileName, "rb"))) { + if (!(f = openFile(fileName, "rb"))) { error(errIO, -1, "Cannot open '{0:s}'", fileName); return nullptr; } diff --git a/fofi/FoFiIdentifier.cc b/fofi/FoFiIdentifier.cc index ffe9c47..e31ae0a 100644 --- a/fofi/FoFiIdentifier.cc +++ b/fofi/FoFiIdentifier.cc @@ -28,6 +28,7 @@ #include #include #include +#include "goo/gfile.h" #include "goo/gtypes.h" #include "FoFiIdentifier.h" @@ -189,7 +190,7 @@ private: FileReader *FileReader::make(char *fileName) { FILE *fA; - if (!(fA = fopen(fileName, "rb"))) { + if (!(fA = openFile(fileName, "rb"))) { return nullptr; } return new FileReader(fA); diff --git a/poppler/FileSpec.cc b/poppler/FileSpec.cc index 2628c36..6bc07f9 100644 --- a/poppler/FileSpec.cc +++ b/poppler/FileSpec.cc @@ -27,6 +27,7 @@ #include #include "FileSpec.h" +#include "goo/gfile.h" EmbFile::EmbFile(const Object *efStream) { @@ -82,7 +83,7 @@ GBool EmbFile::save(const char *path) { FILE *f; GBool ret; - if (!(f = fopen(path, "wb"))) { + if (!(f = openFile(path, "wb"))) { return gFalse; } ret = save2(f); diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc index 956a214..076c7f7 100644 --- a/poppler/GfxState.cc +++ b/poppler/GfxState.cc @@ -48,6 +48,7 @@ #include #include #include +#include "goo/gfile.h" #include "goo/gmem.h" #include "Error.h" #include "Object.h" @@ -454,7 +455,7 @@ cmsHPROFILE loadColorProfile(const char *fileName) if (fileName[0] == '/') { // full path // check if open the file - if ((fp = fopen(fileName,"r")) != nullptr) { + if ((fp = openFile(fileName,"r")) != nullptr) { fclose(fp); hp = cmsOpenProfileFromFile(fileName,"r"); } @@ -464,7 +465,7 @@ cmsHPROFILE loadColorProfile(const char *fileName) GooString *path = new GooString(GLOBAL_COLOR_PROFILE_DIR); path->append(fileName); // check if open the file - if ((fp = fopen(path->getCString(),"r")) != nullptr) { + if ((fp = openFile(path->getCString(),"r")) != nullptr) { fclose(fp); hp = cmsOpenProfileFromFile(path->getCString(),"r"); } diff --git a/poppler/GlobalParams.cc b/poppler/GlobalParams.cc index 6d8941e..6de9faf 100644 --- a/poppler/GlobalParams.cc +++ b/poppler/GlobalParams.cc @@ -1261,7 +1261,7 @@ void GlobalParams::setupBaseFonts(char *dir) { fileName = NULL; if (dir) { fileName = appendToPath(new GooString(dir), displayFontTab[i].t1FileName); - if ((f = fopen(fileName->getCString(), "rb"))) { + if ((f = openFile(fileName->getCString(), "rb"))) { fclose(f); } else { delete fileName; @@ -1271,7 +1271,7 @@ void GlobalParams::setupBaseFonts(char *dir) { for (j = 0; !fileName && displayFontDirs[j]; ++j) { fileName = appendToPath(new GooString(displayFontDirs[j]), displayFontTab[i].t1FileName); - if ((f = fopen(fileName->getCString(), "rb"))) { + if ((f = openFile(fileName->getCString(), "rb"))) { fclose(f); } else { delete fileName; diff --git a/poppler/GlobalParamsWin.cc b/poppler/GlobalParamsWin.cc index 9e04177..96ee976 100644 --- a/poppler/GlobalParamsWin.cc +++ b/poppler/GlobalParamsWin.cc @@ -236,7 +236,7 @@ static void GetWindowsFontDir(char *winFontDir, int cbWinFontDirLen) static bool FileExists(const char *path) { - FILE * f = fopen(path, "rb"); + FILE * f = openFile(path, "rb"); if (f) { fclose(f); return true; diff --git a/poppler/PDFDoc.cc b/poppler/PDFDoc.cc index 631f9a7..1eda3fc 100644 --- a/poppler/PDFDoc.cc +++ b/poppler/PDFDoc.cc @@ -783,7 +783,7 @@ int PDFDoc::savePageAs(GooString *name, int pageNo) Ref *refPage = getCatalog()->getPageRef(pageNo); Object page = getXRef()->fetch(refPage->num, refPage->gen); - if (!(f = fopen(name->getCString(), "wb"))) { + if (!(f = openFile(name->getCString(), "wb"))) { error(errIO, -1, "Couldn't open file '{0:t}'", name); return errOpenFile; } @@ -916,7 +916,7 @@ int PDFDoc::saveAs(GooString *name, PDFWriteMode mode) { OutStream *outStr; int res; - if (!(f = fopen(name->getCString(), "wb"))) { + if (!(f = openFile(name->getCString(), "wb"))) { error(errIO, -1, "Couldn't open file '{0:t}'", name); return errOpenFile; } @@ -948,7 +948,7 @@ int PDFDoc::saveWithoutChangesAs(GooString *name) { OutStream *outStr; int res; - if (!(f = fopen(name->getCString(), "wb"))) { + if (!(f = openFile(name->getCString(), "wb"))) { error(errIO, -1, "Couldn't open file '{0:t}'", name); return errOpenFile; } diff --git a/poppler/PSOutputDev.cc b/poppler/PSOutputDev.cc index d1ead58..931b2d9 100644 --- a/poppler/PSOutputDev.cc +++ b/poppler/PSOutputDev.cc @@ -1143,7 +1143,7 @@ PSOutputDev::PSOutputDev(const char *fileName, PDFDoc *doc, #endif } else { fileTypeA = psFile; - if (!(f = fopen(fileName, "w"))) { + if (!(f = openFile(fileName, "w"))) { error(errIO, -1, "Couldn't open PostScript file '{0:s}'", fileName); ok = gFalse; return; @@ -2311,7 +2311,7 @@ void PSOutputDev::setupExternalType1Font(GooString *fileName, GooString *psName) embFontList->append("\n"); // copy the font file - if (!(fontFile = fopen(fileName->getCString(), "rb"))) { + if (!(fontFile = openFile(fileName->getCString(), "rb"))) { error(errIO, -1, "Couldn't open external font file"); return; } diff --git a/poppler/TextOutputDev.cc b/poppler/TextOutputDev.cc index 4a3070a..050b32f 100644 --- a/poppler/TextOutputDev.cc +++ b/poppler/TextOutputDev.cc @@ -60,6 +60,7 @@ #include // for O_BINARY #include // for setmode #endif +#include "goo/gfile.h" #include "goo/gmem.h" #include "goo/GooString.h" #include "goo/GooList.h" @@ -5576,7 +5577,7 @@ TextOutputDev::TextOutputDev(char *fileName, GBool physLayoutA, // keep DOS from munging the end-of-line characters setmode(fileno(stdout), O_BINARY); #endif - } else if ((outputStream = fopen(fileName, append ? "ab" : "wb"))) { + } else if ((outputStream = openFile(fileName, append ? "ab" : "wb"))) { needClose = gTrue; } else { error(errIO, -1, "Couldn't open text file '{0:s}'", fileName); diff --git a/splash/SplashBitmap.cc b/splash/SplashBitmap.cc index cc4b615..d46dcb6 100644 --- a/splash/SplashBitmap.cc +++ b/splash/SplashBitmap.cc @@ -40,6 +40,7 @@ #include #include #include +#include "goo/gfile.h" #include "goo/gmem.h" #include "SplashErrorCodes.h" #include "SplashBitmap.h" @@ -169,7 +170,7 @@ SplashError SplashBitmap::writePNMFile(char *fileName) { FILE *f; SplashError e; - if (!(f = fopen(fileName, "wb"))) { + if (!(f = openFile(fileName, "wb"))) { return splashErrOpenFile; } @@ -266,7 +267,7 @@ SplashError SplashBitmap::writeAlphaPGMFile(char *fileName) { if (!alpha) { return splashErrModeMismatch; } - if (!(f = fopen(fileName, "wb"))) { + if (!(f = openFile(fileName, "wb"))) { return splashErrOpenFile; } fprintf(f, "P5\n%d %d\n255\n", width, height); @@ -342,7 +343,7 @@ SplashError SplashBitmap::writeImgFile(SplashImageFileFormat format, char *fileN FILE *f; SplashError e; - if (!(f = fopen(fileName, "wb"))) { + if (!(f = openFile(fileName, "wb"))) { return splashErrOpenFile; } -- 2.9.4 From 088ab6f8a2886bd4e5fb2afa3b6e5284e31cf4ee Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Thu, 16 Aug 2018 22:13:32 +0200 Subject: [PATCH 2/6] gfile: Make openFile set CLOEXEC flag Redefine openFile as a macro that appends "e" to the mode, so that fopen opens the file with the O_CLOEXEC flag. --- goo/gfile.cc | 2 +- goo/gfile.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/goo/gfile.cc b/goo/gfile.cc index 381a0ce..9379a07 100644 --- a/goo/gfile.cc +++ b/goo/gfile.cc @@ -497,7 +497,7 @@ GooString *fileNameToUTF8(wchar_t *path) { } #endif -FILE *openFile(const char *path, const char *mode) { +FILE *(openFile)(const char *path, const char *mode) { #ifdef _WIN32 OSVERSIONINFO version; wchar_t wPath[_MAX_PATH + 1]; diff --git a/goo/gfile.h b/goo/gfile.h index 4ce805e..ca3e272 100644 --- a/goo/gfile.h +++ b/goo/gfile.h @@ -121,6 +121,10 @@ extern GooString *fileNameToUTF8(wchar_t *path); // calls fopen. extern FILE *openFile(const char *path, const char *mode); +#ifndef _WIN32 +#define openFile(path, mode) openFile(path, mode "e") +#endif + // Just like fgets, but handles Unix, Mac, and/or DOS end-of-line // conventions. extern char *getLine(char *buf, int size, FILE *f); -- 2.9.4 From c17d29014e7af9a1f975e79e28e988accf8a56cb Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Thu, 16 Aug 2018 22:13:32 +0200 Subject: [PATCH 3/6] gfile: Open file with O_CLOEXEC --- goo/gfile.cc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/goo/gfile.cc b/goo/gfile.cc index 9379a07..533d79a 100644 --- a/goo/gfile.cc +++ b/goo/gfile.cc @@ -63,6 +63,10 @@ #define PATH_MAX 1024 #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + #ifndef _WIN32 namespace { @@ -448,7 +452,7 @@ GBool openTempFile(GooString **name, FILE **f, const char *mode) { return gFalse; } *name = new GooString(s); - fd = open((*name)->getCString(), O_WRONLY | O_CREAT | O_EXCL, 0600); + fd = open((*name)->getCString(), O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC, 0600); #endif // HAVE_MKSTEMP if (fd < 0 || !(*f = fdopen(fd, mode))) { delete *name; @@ -712,7 +716,7 @@ GooFile* GooFile::open(const GooString *fileName) { #ifdef VMS int fd = ::open(fileName->getCString(), Q_RDONLY, "ctx=stm"); #else - int fd = ::open(fileName->getCString(), O_RDONLY); + int fd = ::open(fileName->getCString(), O_RDONLY | O_CLOEXEC); #endif return fd < 0 ? nullptr : new GooFile(fd); -- 2.9.4 From 810198eeae426c365d0a22d6f33d332964bbf9a7 Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Thu, 16 Aug 2018 22:13:32 +0200 Subject: [PATCH 4/6] cairo: Open font file with O_CLOEXEC --- poppler/CairoFontEngine.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/poppler/CairoFontEngine.cc b/poppler/CairoFontEngine.cc index 91deac4..6c9d7aa 100644 --- a/poppler/CairoFontEngine.cc +++ b/poppler/CairoFontEngine.cc @@ -66,6 +66,10 @@ # define fontEngineLocker() #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + //------------------------------------------------------------------------ // CairoFont //------------------------------------------------------------------------ @@ -289,7 +293,7 @@ _ft_new_face (FT_Library lib, if (font_data == nullptr) { /* if we fail to mmap the file, just pass it to FreeType instead */ - tmpl.fd = open (filename, O_RDONLY); + tmpl.fd = open (filename, O_RDONLY | O_CLOEXEC); if (tmpl.fd == -1) return _ft_new_face_uncached (lib, filename, font_data, font_data_len, face_out, font_face_out); -- 2.9.4 From 3fe033ec9a4d1133628fd8107c40056e0d5279da Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Thu, 16 Aug 2018 22:13:32 +0200 Subject: [PATCH 5/6] gfile: Enable inclusion together with glib.h GDir class name conflicts with a glib type. Surround its definition with GFILE_NO_GDIR, so that source code in glib/ can define that before including gfile.h and not get the conflict. --- goo/gfile.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/goo/gfile.h b/goo/gfile.h index ca3e272..cb4b593 100644 --- a/goo/gfile.h +++ b/goo/gfile.h @@ -179,6 +179,8 @@ private: // GDir and GDirEntry //------------------------------------------------------------------------ +#ifndef GFILE_NO_GDIR + class GDirEntry { public: @@ -224,4 +226,6 @@ private: #endif }; +#endif /* !GFILE_NO_GDIR */ + #endif -- 2.9.4 From ffedde2ef106cfc36198c2d7060a3ef0bc5c39fb Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Thu, 16 Aug 2018 22:13:32 +0200 Subject: [PATCH 6/6] glib: Open files with O_CLOEXEC --- glib/poppler-attachment.cc | 6 ++++-- glib/poppler-media.cc | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/glib/poppler-attachment.cc b/glib/poppler-attachment.cc index c6502e9..324964e 100644 --- a/glib/poppler-attachment.cc +++ b/glib/poppler-attachment.cc @@ -18,7 +18,9 @@ #include "config.h" #include -#include + +#define GFILE_NO_GDIR +#include #include "poppler.h" #include "poppler-private.h" @@ -171,7 +173,7 @@ poppler_attachment_save (PopplerAttachment *attachment, g_return_val_if_fail (POPPLER_IS_ATTACHMENT (attachment), FALSE); - f = g_fopen (filename, "wb"); + f = openFile (filename, "wb"); if (f == nullptr) { diff --git a/glib/poppler-media.cc b/glib/poppler-media.cc index b7afa9a..8a3df99 100644 --- a/glib/poppler-media.cc +++ b/glib/poppler-media.cc @@ -20,7 +20,9 @@ #include "config.h" #include -#include + +#define GFILE_NO_GDIR +#include #include "poppler-media.h" #include "poppler-private.h" @@ -214,7 +216,7 @@ poppler_media_save (PopplerMedia *poppler_media, g_return_val_if_fail (POPPLER_IS_MEDIA (poppler_media), FALSE); g_return_val_if_fail (poppler_media->stream.isStream(), FALSE); - f = g_fopen (filename, "wb"); + f = openFile (filename, "wb"); if (f == nullptr) { -- 2.9.4