Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(13)

Issue 1241493002: Merge to M44: Integer overflow in CJBig2_Image::expand (Closed)

Created:
4 years, 4 months ago by Lei Zhang
Modified:
4 years, 4 months ago
Reviewers:
Tom Sepez, brucedawson
CC:
pdfium-reviews_googlegroups.com
Base URL:
https://pdfium.googlesource.com/pdfium@2403
Target Ref:
refs/heads/chromium/2403
Visibility:
Public.

Description

Merge to M44: Integer overflow in CJBig2_Image::expand 1. New size should be larger than old size in JBig2_Realloc. 2. Arguments are integers but parameters are size_t in JBIG2_memset. After integer overflows, it will be presented as a huge unsigned number on 64 bits system. BUG=483981 R=brucedawson@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1148643002 (cherry picked from commit e9ccc9bc449846107f1c539e25677f4877ddf22f) Committed: https://pdfium.googlesource.com/pdfium/+/12d0f7b4eae9c2b40433500b15955f61050132aa

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+13 lines, -6 lines) Patch
M core/src/fxcodec/jbig2/JBig2_Image.cpp View 1 chunk +13 lines, -6 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
Lei Zhang
TBR
4 years, 4 months ago (2015-07-13 23:47:08 UTC) #1
Lei Zhang
Committed patchset #1 (id:1) manually as 12d0f7b4eae9c2b40433500b15955f61050132aa (presubmit successful).
4 years, 4 months ago (2015-07-13 23:47:41 UTC) #2
brucedawson
4 years, 4 months ago (2015-07-14 00:43:20 UTC) #3
Message was sent while issue was closed.
lgtm

Powered by Google App Engine
This is Rietveld 408576698