Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(727)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcodec/jbig2/JBig2_SddProc.cpp

Issue 1472113002: Fix a NULL pointer crash in the CJBig2_Image copy constructor. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: rebase Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/src/fxcodec/jbig2/JBig2_Image.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 PDFium Authors. All rights reserved. 1 // Copyright 2015 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "JBig2_SddProc.h" 7 #include "JBig2_SddProc.h"
8 8
9 #include "JBig2_ArithIntDecoder.h" 9 #include "JBig2_ArithIntDecoder.h"
10 #include "JBig2_GrdProc.h" 10 #include "JBig2_GrdProc.h"
(...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after
259 } 259 }
260 } 260 }
261 EXINDEX = EXINDEX + EXRUNLENGTH; 261 EXINDEX = EXINDEX + EXRUNLENGTH;
262 CUREXFLAG = !CUREXFLAG; 262 CUREXFLAG = !CUREXFLAG;
263 } 263 }
264 pDict.reset(new CJBig2_SymbolDict); 264 pDict.reset(new CJBig2_SymbolDict);
265 I = J = 0; 265 I = J = 0;
266 for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) { 266 for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) {
267 if (EXFLAGS[I] && J < SDNUMEXSYMS) { 267 if (EXFLAGS[I] && J < SDNUMEXSYMS) {
268 if (I < SDNUMINSYMS) { 268 if (I < SDNUMINSYMS) {
269 pDict->AddImage(new CJBig2_Image(*SDINSYMS[I])); 269 pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr);
270 } else { 270 } else {
271 pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]); 271 pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]);
272 } 272 }
273 ++J; 273 ++J;
274 } else if (!EXFLAGS[I] && I >= SDNUMINSYMS) { 274 } else if (!EXFLAGS[I] && I >= SDNUMINSYMS) {
275 delete SDNEWSYMS[I - SDNUMINSYMS]; 275 delete SDNEWSYMS[I - SDNUMINSYMS];
276 } 276 }
277 } 277 }
278 FX_Free(EXFLAGS); 278 FX_Free(EXFLAGS);
279 FX_Free(SDNEWSYMS); 279 FX_Free(SDNEWSYMS);
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after
597 EXFLAGS[I] = CUREXFLAG; 597 EXFLAGS[I] = CUREXFLAG;
598 } 598 }
599 } 599 }
600 EXINDEX = EXINDEX + EXRUNLENGTH; 600 EXINDEX = EXINDEX + EXRUNLENGTH;
601 CUREXFLAG = !CUREXFLAG; 601 CUREXFLAG = !CUREXFLAG;
602 } 602 }
603 I = J = 0; 603 I = J = 0;
604 for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) { 604 for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) {
605 if (EXFLAGS[I] && J < SDNUMEXSYMS) { 605 if (EXFLAGS[I] && J < SDNUMEXSYMS) {
606 if (I < SDNUMINSYMS) { 606 if (I < SDNUMINSYMS) {
607 pDict->AddImage(new CJBig2_Image(*SDINSYMS[I])); 607 pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr);
608 } else { 608 } else {
609 pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]); 609 pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]);
610 } 610 }
611 ++J; 611 ++J;
612 } else if (!EXFLAGS[I] && I >= SDNUMINSYMS) { 612 } else if (!EXFLAGS[I] && I >= SDNUMINSYMS) {
613 delete SDNEWSYMS[I - SDNUMINSYMS]; 613 delete SDNEWSYMS[I - SDNUMINSYMS];
614 } 614 }
615 } 615 }
616 FX_Free(EXFLAGS); 616 FX_Free(EXFLAGS);
617 FX_Free(SDNEWSYMS); 617 FX_Free(SDNEWSYMS);
618 if (SDREFAGG == 0) { 618 if (SDREFAGG == 0) {
619 FX_Free(SDNEWSYMWIDTHS); 619 FX_Free(SDNEWSYMWIDTHS);
620 } 620 }
621 return pDict.release(); 621 return pDict.release();
622 failed: 622 failed:
623 for (I = 0; I < NSYMSDECODED; I++) { 623 for (I = 0; I < NSYMSDECODED; I++) {
624 delete SDNEWSYMS[I]; 624 delete SDNEWSYMS[I];
625 } 625 }
626 FX_Free(SDNEWSYMS); 626 FX_Free(SDNEWSYMS);
627 if (SDREFAGG == 0) { 627 if (SDREFAGG == 0) {
628 FX_Free(SDNEWSYMWIDTHS); 628 FX_Free(SDNEWSYMWIDTHS);
629 } 629 }
630 return nullptr; 630 return nullptr;
631 } 631 }
OLDNEW
« no previous file with comments | « core/src/fxcodec/jbig2/JBig2_Image.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698