Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcodec/jbig2/JBig2_HuffmanTable.cpp

Issue 1231923006: Merge to M44: Fix an endless loop in CJBig2_HuffmanTable::parseFromCodedBuffer (Closed) Base URL: https://pdfium.googlesource.com/pdfium@2403
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "JBig2_HuffmanTable.h" 7 #include "JBig2_HuffmanTable.h"
8 #include "JBig2_BitStream.h" 8 #include "JBig2_BitStream.h"
9 #include <string.h> 9 #include <string.h>
10 10
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
96 if(NTEMP >= nSize) \ 96 if(NTEMP >= nSize) \
97 { \ 97 { \
98 nSize += 16; \ 98 nSize += 16; \
99 PREFLEN = (int*)m_pModule->JBig2_Realloc(PREFLEN,sizeof(int)*nSize); \ 99 PREFLEN = (int*)m_pModule->JBig2_Realloc(PREFLEN,sizeof(int)*nSize); \
100 RANGELEN = (int*)m_pModule->JBig2_Realloc(RANGELEN,sizeof(int)*nSize); \ 100 RANGELEN = (int*)m_pModule->JBig2_Realloc(RANGELEN,sizeof(int)*nSize); \
101 RANGELOW = (int*)m_pModule->JBig2_Realloc(RANGELOW,sizeof(int)*nSize); \ 101 RANGELOW = (int*)m_pModule->JBig2_Realloc(RANGELOW,sizeof(int)*nSize); \
102 } 102 }
103 int CJBig2_HuffmanTable::parseFromCodedBuffer(CJBig2_BitStream *pStream) 103 int CJBig2_HuffmanTable::parseFromCodedBuffer(CJBig2_BitStream *pStream)
104 { 104 {
105 unsigned char HTPS, HTRS; 105 unsigned char HTPS, HTRS;
106 int HTLOW, HTHIGH; 106 FX_DWORD HTLOW, HTHIGH;
107 int CURRANGELOW; 107 FX_DWORD CURRANGELOW;
108 int nSize = 16; 108 FX_DWORD nSize = 16;
109 int CURLEN, LENMAX, CURCODE, CURTEMP, i; 109 int CURLEN, LENMAX, CURCODE, CURTEMP;
110 int *LENCOUNT; 110 int *LENCOUNT;
111 int *FIRSTCODE; 111 int *FIRSTCODE;
112 unsigned char cTemp; 112 unsigned char cTemp;
113 if(pStream->read1Byte(&cTemp) == -1) { 113 if(pStream->read1Byte(&cTemp) == -1) {
114 goto failed; 114 goto failed;
115 } 115 }
116 HTOOB = cTemp & 0x01; 116 HTOOB = cTemp & 0x01;
117 HTPS = ((cTemp >> 1) & 0x07) + 1; 117 HTPS = ((cTemp >> 1) & 0x07) + 1;
118 HTRS = ((cTemp >> 4) & 0x07) + 1; 118 HTRS = ((cTemp >> 4) & 0x07) + 1;
119 if(pStream->readInteger((FX_DWORD*)&HTLOW) == -1 || 119 if(pStream->readInteger(&HTLOW) == -1 ||
120 pStream->readInteger((FX_DWORD*)&HTHIGH) == -1) { 120 pStream->readInteger(&HTHIGH) == -1 ||
121 HTLOW > HTHIGH) {
121 goto failed; 122 goto failed;
122 } 123 }
123 PREFLEN = (int*)m_pModule->JBig2_Malloc2(sizeof(int), nSize); 124 PREFLEN = (int*)m_pModule->JBig2_Malloc2(sizeof(int), nSize);
124 RANGELEN = (int*)m_pModule->JBig2_Malloc2(sizeof(int), nSize); 125 RANGELEN = (int*)m_pModule->JBig2_Malloc2(sizeof(int), nSize);
125 RANGELOW = (int*)m_pModule->JBig2_Malloc2(sizeof(int), nSize); 126 RANGELOW = (int*)m_pModule->JBig2_Malloc2(sizeof(int), nSize);
126 CURRANGELOW = HTLOW; 127 CURRANGELOW = HTLOW;
127 NTEMP = 0; 128 NTEMP = 0;
128 do { 129 do {
129 HT_CHECK_MEMORY_ADJUST 130 HT_CHECK_MEMORY_ADJUST
130 if((pStream->readNBits(HTPS, &PREFLEN[NTEMP]) == -1) 131 if((pStream->readNBits(HTPS, &PREFLEN[NTEMP]) == -1) ||
131 || (pStream->readNBits(HTRS, &RANGELEN[NTEMP]) == -1)) { 132 (pStream->readNBits(HTRS, &RANGELEN[NTEMP]) == -1)) {
132 goto failed; 133 goto failed;
133 } 134 }
134 RANGELOW[NTEMP] = CURRANGELOW; 135 RANGELOW[NTEMP] = CURRANGELOW;
135 CURRANGELOW = CURRANGELOW + (1 << RANGELEN[NTEMP]); 136 CURRANGELOW = CURRANGELOW + (1 << RANGELEN[NTEMP]);
136 NTEMP = NTEMP + 1; 137 NTEMP = NTEMP + 1;
137 } while(CURRANGELOW < HTHIGH); 138 } while(CURRANGELOW < HTHIGH);
138 HT_CHECK_MEMORY_ADJUST 139 HT_CHECK_MEMORY_ADJUST
139 if(pStream->readNBits(HTPS, &PREFLEN[NTEMP]) == -1) { 140 if(pStream->readNBits(HTPS, &PREFLEN[NTEMP]) == -1) {
140 goto failed; 141 goto failed;
141 } 142 }
142 RANGELEN[NTEMP] = 32; 143 RANGELEN[NTEMP] = 32;
143 RANGELOW[NTEMP] = HTLOW - 1; 144 RANGELOW[NTEMP] = HTLOW - 1;
144 NTEMP = NTEMP + 1; 145 NTEMP = NTEMP + 1;
145 HT_CHECK_MEMORY_ADJUST 146 HT_CHECK_MEMORY_ADJUST
146 if(pStream->readNBits(HTPS, &PREFLEN[NTEMP]) == -1) { 147 if(pStream->readNBits(HTPS, &PREFLEN[NTEMP]) == -1) {
147 goto failed; 148 goto failed;
148 } 149 }
149 RANGELEN[NTEMP] = 32; 150 RANGELEN[NTEMP] = 32;
150 RANGELOW[NTEMP] = HTHIGH; 151 RANGELOW[NTEMP] = HTHIGH;
151 NTEMP = NTEMP + 1; 152 NTEMP = NTEMP + 1;
152 if(HTOOB) { 153 if(HTOOB) {
153 HT_CHECK_MEMORY_ADJUST 154 HT_CHECK_MEMORY_ADJUST
154 if(pStream->readNBits(HTPS, &PREFLEN[NTEMP]) == -1) { 155 if(pStream->readNBits(HTPS, &PREFLEN[NTEMP]) == -1) {
155 goto failed; 156 goto failed;
156 } 157 }
157 NTEMP = NTEMP + 1; 158 NTEMP = NTEMP + 1;
158 } 159 }
159 CODES = (int*)m_pModule->JBig2_Malloc2(sizeof(int), NTEMP); 160 CODES = (int*)m_pModule->JBig2_Malloc2(sizeof(int), NTEMP);
160 LENMAX = 0; 161 LENMAX = 0;
161 for(i = 0; i < NTEMP; i++) { 162 for(int i = 0; i < NTEMP; i++) {
162 if(PREFLEN[i] > LENMAX) { 163 if(PREFLEN[i] > LENMAX) {
163 LENMAX = PREFLEN[i]; 164 LENMAX = PREFLEN[i];
164 } 165 }
165 } 166 }
166 LENCOUNT = (int*)m_pModule->JBig2_Malloc2(sizeof(int), (LENMAX + 1)); 167 LENCOUNT = (int*)m_pModule->JBig2_Malloc2(sizeof(int), (LENMAX + 1));
167 JBIG2_memset(LENCOUNT, 0, sizeof(int) * (LENMAX + 1)); 168 JBIG2_memset(LENCOUNT, 0, sizeof(int) * (LENMAX + 1));
168 FIRSTCODE = (int*)m_pModule->JBig2_Malloc2(sizeof(int), (LENMAX + 1)); 169 FIRSTCODE = (int*)m_pModule->JBig2_Malloc2(sizeof(int), (LENMAX + 1));
169 for(i = 0; i < NTEMP; i++) { 170 for(int i = 0; i < NTEMP; i++) {
170 LENCOUNT[PREFLEN[i]] ++; 171 LENCOUNT[PREFLEN[i]] ++;
171 } 172 }
172 CURLEN = 1; 173 CURLEN = 1;
173 FIRSTCODE[0] = 0; 174 FIRSTCODE[0] = 0;
174 LENCOUNT[0] = 0; 175 LENCOUNT[0] = 0;
175 while(CURLEN <= LENMAX) { 176 while(CURLEN <= LENMAX) {
176 FIRSTCODE[CURLEN] = (FIRSTCODE[CURLEN - 1] + LENCOUNT[CURLEN - 1]) << 1; 177 FIRSTCODE[CURLEN] = (FIRSTCODE[CURLEN - 1] + LENCOUNT[CURLEN - 1]) << 1;
177 CURCODE = FIRSTCODE[CURLEN]; 178 CURCODE = FIRSTCODE[CURLEN];
178 CURTEMP = 0; 179 CURTEMP = 0;
179 while(CURTEMP < NTEMP) { 180 while(CURTEMP < NTEMP) {
180 if(PREFLEN[CURTEMP] == CURLEN) { 181 if(PREFLEN[CURTEMP] == CURLEN) {
181 CODES[CURTEMP] = CURCODE; 182 CODES[CURTEMP] = CURCODE;
182 CURCODE = CURCODE + 1; 183 CURCODE = CURCODE + 1;
183 } 184 }
184 CURTEMP = CURTEMP + 1; 185 CURTEMP = CURTEMP + 1;
185 } 186 }
186 CURLEN = CURLEN + 1; 187 CURLEN = CURLEN + 1;
187 } 188 }
188 m_pModule->JBig2_Free(LENCOUNT); 189 m_pModule->JBig2_Free(LENCOUNT);
189 m_pModule->JBig2_Free(FIRSTCODE); 190 m_pModule->JBig2_Free(FIRSTCODE);
190 return TRUE; 191 return TRUE;
191 failed: 192 failed:
192 return FALSE; 193 return FALSE;
193 } 194 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698