| OLD | NEW |
|---|
| 1 // Copyright 2015 PDFium Authors. All rights reserved. | 1 // Copyright 2015 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "JBig2_SddProc.h" | 7 #include "JBig2_SddProc.h" |
| 8 | 8 |
| 9 #include "../../../../third_party/base/nonstd_unique_ptr.h" | 9 #include "../../../../third_party/base/nonstd_unique_ptr.h" |
| 10 #include "../../../include/fxcrt/fx_basic.h" | 10 #include "../../../include/fxcrt/fx_basic.h" |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 FX_DWORD HCHEIGHT, NSYMSDECODED; | 24 FX_DWORD HCHEIGHT, NSYMSDECODED; |
| 25 int32_t HCDH; | 25 int32_t HCDH; |
| 26 FX_DWORD SYMWIDTH, TOTWIDTH; | 26 FX_DWORD SYMWIDTH, TOTWIDTH; |
| 27 int32_t DW; | 27 int32_t DW; |
| 28 CJBig2_Image* BS; | 28 CJBig2_Image* BS; |
| 29 FX_DWORD I, J, REFAGGNINST; | 29 FX_DWORD I, J, REFAGGNINST; |
| 30 FX_BOOL* EXFLAGS; | 30 FX_BOOL* EXFLAGS; |
| 31 FX_DWORD EXINDEX; | 31 FX_DWORD EXINDEX; |
| 32 FX_BOOL CUREXFLAG; | 32 FX_BOOL CUREXFLAG; |
| 33 FX_DWORD EXRUNLENGTH; | 33 FX_DWORD EXRUNLENGTH; |
| 34 int32_t nVal; | |
| 35 FX_DWORD nTmp; | 34 FX_DWORD nTmp; |
| 36 FX_DWORD SBNUMSYMS; | 35 FX_DWORD SBNUMSYMS; |
| 37 uint8_t SBSYMCODELEN; | 36 uint8_t SBSYMCODELEN; |
| 38 int32_t RDXI, RDYI; | 37 int32_t RDXI, RDYI; |
| 39 CJBig2_Image** SBSYMS; | 38 CJBig2_Image** SBSYMS; |
| 40 nonstd::unique_ptr<CJBig2_ArithIaidDecoder> IAID; | 39 nonstd::unique_ptr<CJBig2_ArithIaidDecoder> IAID; |
| 41 nonstd::unique_ptr<CJBig2_SymbolDict> pDict; | 40 nonstd::unique_ptr<CJBig2_SymbolDict> pDict; |
| 42 nonstd::unique_ptr<CJBig2_ArithIntDecoder> IADH(new CJBig2_ArithIntDecoder); | 41 nonstd::unique_ptr<CJBig2_ArithIntDecoder> IADH(new CJBig2_ArithIntDecoder); |
| 43 nonstd::unique_ptr<CJBig2_ArithIntDecoder> IADW(new CJBig2_ArithIntDecoder); | 42 nonstd::unique_ptr<CJBig2_ArithIntDecoder> IADW(new CJBig2_ArithIntDecoder); |
| 44 nonstd::unique_ptr<CJBig2_ArithIntDecoder> IAAI(new CJBig2_ArithIntDecoder); | 43 nonstd::unique_ptr<CJBig2_ArithIntDecoder> IAAI(new CJBig2_ArithIntDecoder); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 57 nTmp++; | 56 nTmp++; |
| 58 } | 57 } |
| 59 IAID.reset(new CJBig2_ArithIaidDecoder((uint8_t)nTmp)); | 58 IAID.reset(new CJBig2_ArithIaidDecoder((uint8_t)nTmp)); |
| 60 SDNEWSYMS = FX_Alloc(CJBig2_Image*, SDNUMNEWSYMS); | 59 SDNEWSYMS = FX_Alloc(CJBig2_Image*, SDNUMNEWSYMS); |
| 61 FXSYS_memset(SDNEWSYMS, 0, SDNUMNEWSYMS * sizeof(CJBig2_Image*)); | 60 FXSYS_memset(SDNEWSYMS, 0, SDNUMNEWSYMS * sizeof(CJBig2_Image*)); |
| 62 | 61 |
| 63 HCHEIGHT = 0; | 62 HCHEIGHT = 0; |
| 64 NSYMSDECODED = 0; | 63 NSYMSDECODED = 0; |
| 65 while (NSYMSDECODED < SDNUMNEWSYMS) { | 64 while (NSYMSDECODED < SDNUMNEWSYMS) { |
| 66 BS = nullptr; | 65 BS = nullptr; |
| 67 if (!IADH->decode(pArithDecoder, &HCDH)) { | 66 IADH->decode(pArithDecoder, &HCDH); |
| 68 goto failed; | |
| 69 } | |
| 70 HCHEIGHT = HCHEIGHT + HCDH; | 67 HCHEIGHT = HCHEIGHT + HCDH; |
| 71 if ((int)HCHEIGHT < 0 || (int)HCHEIGHT > JBIG2_MAX_IMAGE_SIZE) { | 68 if ((int)HCHEIGHT < 0 || (int)HCHEIGHT > JBIG2_MAX_IMAGE_SIZE) { |
| 72 goto failed; | 69 goto failed; |
| 73 } | 70 } |
| 74 SYMWIDTH = 0; | 71 SYMWIDTH = 0; |
| 75 TOTWIDTH = 0; | 72 TOTWIDTH = 0; |
| 76 for (;;) { | 73 for (;;) { |
| 77 nVal = IADW->decode(pArithDecoder, &DW); | 74 if (!IADW->decode(pArithDecoder, &DW)) |
| 78 if (nVal == JBIG2_OOB) { | |
| 79 break; | 75 break; |
| 80 } else if (nVal != 0) { | 76 |
| 77 if (NSYMSDECODED >= SDNUMNEWSYMS) |
| 81 goto failed; | 78 goto failed; |
| 82 } else { | 79 |
| 83 if (NSYMSDECODED >= SDNUMNEWSYMS) { | 80 SYMWIDTH = SYMWIDTH + DW; |
| 84 goto failed; | 81 if ((int)SYMWIDTH < 0 || (int)SYMWIDTH > JBIG2_MAX_IMAGE_SIZE) |
| 85 } | 82 goto failed; |
| 86 SYMWIDTH = SYMWIDTH + DW; | 83 |
| 87 if ((int)SYMWIDTH < 0 || (int)SYMWIDTH > JBIG2_MAX_IMAGE_SIZE) { | 84 if (HCHEIGHT == 0 || SYMWIDTH == 0) { |
| 88 goto failed; | |
| 89 } else if (HCHEIGHT == 0 || SYMWIDTH == 0) { | |
| 90 TOTWIDTH = TOTWIDTH + SYMWIDTH; | |
| 91 SDNEWSYMS[NSYMSDECODED] = nullptr; | |
| 92 NSYMSDECODED = NSYMSDECODED + 1; | |
| 93 continue; | |
| 94 } | |
| 95 TOTWIDTH = TOTWIDTH + SYMWIDTH; | 85 TOTWIDTH = TOTWIDTH + SYMWIDTH; |
| 86 SDNEWSYMS[NSYMSDECODED] = nullptr; |
| 87 NSYMSDECODED = NSYMSDECODED + 1; |
| 88 continue; |
| 96 } | 89 } |
| 90 TOTWIDTH = TOTWIDTH + SYMWIDTH; |
| 97 if (SDREFAGG == 0) { | 91 if (SDREFAGG == 0) { |
| 98 nonstd::unique_ptr<CJBig2_GRDProc> pGRD(new CJBig2_GRDProc()); | 92 nonstd::unique_ptr<CJBig2_GRDProc> pGRD(new CJBig2_GRDProc()); |
| 99 pGRD->MMR = 0; | 93 pGRD->MMR = 0; |
| 100 pGRD->GBW = SYMWIDTH; | 94 pGRD->GBW = SYMWIDTH; |
| 101 pGRD->GBH = HCHEIGHT; | 95 pGRD->GBH = HCHEIGHT; |
| 102 pGRD->GBTEMPLATE = SDTEMPLATE; | 96 pGRD->GBTEMPLATE = SDTEMPLATE; |
| 103 pGRD->TPGDON = 0; | 97 pGRD->TPGDON = 0; |
| 104 pGRD->USESKIP = 0; | 98 pGRD->USESKIP = 0; |
| 105 pGRD->GBAT[0] = SDAT[0]; | 99 pGRD->GBAT[0] = SDAT[0]; |
| 106 pGRD->GBAT[1] = SDAT[1]; | 100 pGRD->GBAT[1] = SDAT[1]; |
| 107 pGRD->GBAT[2] = SDAT[2]; | 101 pGRD->GBAT[2] = SDAT[2]; |
| 108 pGRD->GBAT[3] = SDAT[3]; | 102 pGRD->GBAT[3] = SDAT[3]; |
| 109 pGRD->GBAT[4] = SDAT[4]; | 103 pGRD->GBAT[4] = SDAT[4]; |
| 110 pGRD->GBAT[5] = SDAT[5]; | 104 pGRD->GBAT[5] = SDAT[5]; |
| 111 pGRD->GBAT[6] = SDAT[6]; | 105 pGRD->GBAT[6] = SDAT[6]; |
| 112 pGRD->GBAT[7] = SDAT[7]; | 106 pGRD->GBAT[7] = SDAT[7]; |
| 113 BS = pGRD->decode_Arith(pArithDecoder, gbContext); | 107 BS = pGRD->decode_Arith(pArithDecoder, gbContext); |
| 114 if (!BS) { | 108 if (!BS) { |
| 115 goto failed; | 109 goto failed; |
| 116 } | 110 } |
| 117 } else { | 111 } else { |
| 118 if (!IAAI->decode(pArithDecoder, (int*)&REFAGGNINST)) { | 112 IAAI->decode(pArithDecoder, (int*)&REFAGGNINST); |
| 119 goto failed; | |
| 120 } | |
| 121 if (REFAGGNINST > 1) { | 113 if (REFAGGNINST > 1) { |
| 122 nonstd::unique_ptr<CJBig2_TRDProc> pDecoder(new CJBig2_TRDProc()); | 114 nonstd::unique_ptr<CJBig2_TRDProc> pDecoder(new CJBig2_TRDProc()); |
| 123 pDecoder->SBHUFF = SDHUFF; | 115 pDecoder->SBHUFF = SDHUFF; |
| 124 pDecoder->SBREFINE = 1; | 116 pDecoder->SBREFINE = 1; |
| 125 pDecoder->SBW = SYMWIDTH; | 117 pDecoder->SBW = SYMWIDTH; |
| 126 pDecoder->SBH = HCHEIGHT; | 118 pDecoder->SBH = HCHEIGHT; |
| 127 pDecoder->SBNUMINSTANCES = REFAGGNINST; | 119 pDecoder->SBNUMINSTANCES = REFAGGNINST; |
| 128 pDecoder->SBSTRIPS = 1; | 120 pDecoder->SBSTRIPS = 1; |
| 129 pDecoder->SBNUMSYMS = SDNUMINSYMS + NSYMSDECODED; | 121 pDecoder->SBNUMSYMS = SDNUMINSYMS + NSYMSDECODED; |
| 130 SBNUMSYMS = pDecoder->SBNUMSYMS; | 122 SBNUMSYMS = pDecoder->SBNUMSYMS; |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 203 BS = pDecoder->decode_Arith(pArithDecoder, grContext, &ids); | 195 BS = pDecoder->decode_Arith(pArithDecoder, grContext, &ids); |
| 204 if (!BS) { | 196 if (!BS) { |
| 205 FX_Free(SBSYMS); | 197 FX_Free(SBSYMS); |
| 206 goto failed; | 198 goto failed; |
| 207 } | 199 } |
| 208 FX_Free(SBSYMS); | 200 FX_Free(SBSYMS); |
| 209 } else if (REFAGGNINST == 1) { | 201 } else if (REFAGGNINST == 1) { |
| 210 SBNUMSYMS = SDNUMINSYMS + NSYMSDECODED; | 202 SBNUMSYMS = SDNUMINSYMS + NSYMSDECODED; |
| 211 FX_DWORD IDI; | 203 FX_DWORD IDI; |
| 212 IAID->decode(pArithDecoder, &IDI); | 204 IAID->decode(pArithDecoder, &IDI); |
| 213 if (!IARDX->decode(pArithDecoder, &RDXI) || | 205 IARDX->decode(pArithDecoder, &RDXI); |
| 214 !IARDY->decode(pArithDecoder, &RDYI)) { | 206 IARDY->decode(pArithDecoder, &RDYI); |
| 215 goto failed; | |
| 216 } | |
| 217 if (IDI >= SBNUMSYMS) { | 207 if (IDI >= SBNUMSYMS) { |
| 218 goto failed; | 208 goto failed; |
| 219 } | 209 } |
| 220 SBSYMS = FX_Alloc(CJBig2_Image*, SBNUMSYMS); | 210 SBSYMS = FX_Alloc(CJBig2_Image*, SBNUMSYMS); |
| 221 JBIG2_memcpy(SBSYMS, SDINSYMS, SDNUMINSYMS * sizeof(CJBig2_Image*)); | 211 JBIG2_memcpy(SBSYMS, SDINSYMS, SDNUMINSYMS * sizeof(CJBig2_Image*)); |
| 222 JBIG2_memcpy(SBSYMS + SDNUMINSYMS, SDNEWSYMS, | 212 JBIG2_memcpy(SBSYMS + SDNUMINSYMS, SDNEWSYMS, |
| 223 NSYMSDECODED * sizeof(CJBig2_Image*)); | 213 NSYMSDECODED * sizeof(CJBig2_Image*)); |
| 224 if (!SBSYMS[IDI]) { | 214 if (!SBSYMS[IDI]) { |
| 225 FX_Free(SBSYMS); | 215 FX_Free(SBSYMS); |
| 226 goto failed; | 216 goto failed; |
| (...skipping 20 matching lines...) Expand all Loading... |
| 247 } | 237 } |
| 248 SDNEWSYMS[NSYMSDECODED] = BS; | 238 SDNEWSYMS[NSYMSDECODED] = BS; |
| 249 BS = nullptr; | 239 BS = nullptr; |
| 250 NSYMSDECODED = NSYMSDECODED + 1; | 240 NSYMSDECODED = NSYMSDECODED + 1; |
| 251 } | 241 } |
| 252 } | 242 } |
| 253 EXINDEX = 0; | 243 EXINDEX = 0; |
| 254 CUREXFLAG = 0; | 244 CUREXFLAG = 0; |
| 255 EXFLAGS = FX_Alloc(FX_BOOL, SDNUMINSYMS + SDNUMNEWSYMS); | 245 EXFLAGS = FX_Alloc(FX_BOOL, SDNUMINSYMS + SDNUMNEWSYMS); |
| 256 while (EXINDEX < SDNUMINSYMS + SDNUMNEWSYMS) { | 246 while (EXINDEX < SDNUMINSYMS + SDNUMNEWSYMS) { |
| 257 if (!IAEX->decode(pArithDecoder, (int*)&EXRUNLENGTH)) { | 247 IAEX->decode(pArithDecoder, (int*)&EXRUNLENGTH); |
| 258 FX_Free(EXFLAGS); | |
| 259 goto failed; | |
| 260 } | |
| 261 if (EXINDEX + EXRUNLENGTH > SDNUMINSYMS + SDNUMNEWSYMS) { | 248 if (EXINDEX + EXRUNLENGTH > SDNUMINSYMS + SDNUMNEWSYMS) { |
| 262 FX_Free(EXFLAGS); | 249 FX_Free(EXFLAGS); |
| 263 goto failed; | 250 goto failed; |
| 264 } | 251 } |
| 265 if (EXRUNLENGTH != 0) { | 252 if (EXRUNLENGTH != 0) { |
| 266 for (I = EXINDEX; I < EXINDEX + EXRUNLENGTH; I++) { | 253 for (I = EXINDEX; I < EXINDEX + EXRUNLENGTH; I++) { |
| 267 EXFLAGS[I] = CUREXFLAG; | 254 EXFLAGS[I] = CUREXFLAG; |
| 268 } | 255 } |
| 269 } | 256 } |
| 270 EXINDEX = EXINDEX + EXRUNLENGTH; | 257 EXINDEX = EXINDEX + EXRUNLENGTH; |
| (...skipping 369 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 640 failed: | 627 failed: |
| 641 for (I = 0; I < NSYMSDECODED; I++) { | 628 for (I = 0; I < NSYMSDECODED; I++) { |
| 642 delete SDNEWSYMS[I]; | 629 delete SDNEWSYMS[I]; |
| 643 } | 630 } |
| 644 FX_Free(SDNEWSYMS); | 631 FX_Free(SDNEWSYMS); |
| 645 if (SDREFAGG == 0) { | 632 if (SDREFAGG == 0) { |
| 646 FX_Free(SDNEWSYMWIDTHS); | 633 FX_Free(SDNEWSYMWIDTHS); |
| 647 } | 634 } |
| 648 return nullptr; | 635 return nullptr; |
| 649 } | 636 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1384663007:
Fix regression in JBIG2 decoding from commit ce37d73. (Closed)
Base URL: https://pdfium.googlesource.com/pdfium@master