Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1418)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fxcodec/codec/fx_codec_jpx_opj.cpp

Issue 1934483002: Avoid nullptr dereferences in sycc444_to_rgb(). (Closed) Base URL: https://pdfium.googlesource.com/pdfium@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <limits> 8 #include <limits>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after
162 } 162 }
163 *out_g = g; 163 *out_g = g;
164 b = y + (int)(1.772 * (float)cb); 164 b = y + (int)(1.772 * (float)cb);
165 if (b < 0) { 165 if (b < 0) {
166 b = 0; 166 b = 0;
167 } else if (b > upb) { 167 } else if (b > upb) {
168 b = upb; 168 b = upb;
169 } 169 }
170 *out_b = b; 170 *out_b = b;
171 } 171 }
172
172 static void sycc444_to_rgb(opj_image_t* img) { 173 static void sycc444_to_rgb(opj_image_t* img) {
173 int prec = img->comps[0].prec; 174 int prec = img->comps[0].prec;
174 int offset = 1 << (prec - 1); 175 int offset = 1 << (prec - 1);
175 int upb = (1 << prec) - 1; 176 int upb = (1 << prec) - 1;
176 OPJ_UINT32 maxw = 177 OPJ_UINT32 maxw =
177 std::min(std::min(img->comps[0].w, img->comps[1].w), img->comps[2].w); 178 std::min({img->comps[0].w, img->comps[1].w, img->comps[2].w});
178 OPJ_UINT32 maxh = 179 OPJ_UINT32 maxh =
179 std::min(std::min(img->comps[0].h, img->comps[1].h), img->comps[2].h); 180 std::min({img->comps[0].h, img->comps[1].h, img->comps[2].h});
180 FX_SAFE_SIZE_T max_size = maxw; 181 FX_SAFE_SIZE_T max_size = maxw;
181 max_size *= maxh; 182 max_size *= maxh;
182 if (!max_size.IsValid()) 183 if (!max_size.IsValid())
183 return; 184 return;
184 185
185 const int* y = img->comps[0].data; 186 const int* y = img->comps[0].data;
186 const int* cb = img->comps[1].data; 187 const int* cb = img->comps[1].data;
187 const int* cr = img->comps[2].data; 188 const int* cr = img->comps[2].data;
188 int *d0, *d1, *d2, *r, *g, *b; 189 if (!y || !cb || !cr)
189 d0 = r = FX_Alloc(int, max_size.ValueOrDie()); 190 return;
190 d1 = g = FX_Alloc(int, max_size.ValueOrDie()); 191
191 d2 = b = FX_Alloc(int, max_size.ValueOrDie()); 192 int* r = FX_Alloc(int, max_size.ValueOrDie());
193 int* g = FX_Alloc(int, max_size.ValueOrDie());
194 int* b = FX_Alloc(int, max_size.ValueOrDie());
195 int* d0 = r;
196 int* d1 = g;
197 int* d2 = b;
192 for (size_t i = 0; i < max_size.ValueOrDie(); ++i) { 198 for (size_t i = 0; i < max_size.ValueOrDie(); ++i) {
193 sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); 199 sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
194 ++y; 200 ++y;
195 ++cb; 201 ++cb;
196 ++cr; 202 ++cr;
197 ++r; 203 ++r;
198 ++g; 204 ++g;
199 ++b; 205 ++b;
200 } 206 }
201 FX_Free(img->comps[0].data); 207 FX_Free(img->comps[0].data);
208 FX_Free(img->comps[1].data);
209 FX_Free(img->comps[2].data);
202 img->comps[0].data = d0; 210 img->comps[0].data = d0;
203 FX_Free(img->comps[1].data);
204 img->comps[1].data = d1; 211 img->comps[1].data = d1;
205 FX_Free(img->comps[2].data);
206 img->comps[2].data = d2; 212 img->comps[2].data = d2;
207 } 213 }
214
208 static bool sycc420_422_size_is_valid(opj_image_t* img) { 215 static bool sycc420_422_size_is_valid(opj_image_t* img) {
209 return (img && img->comps[0].w != std::numeric_limits<OPJ_UINT32>::max() && 216 return (img && img->comps[0].w != std::numeric_limits<OPJ_UINT32>::max() &&
210 (img->comps[0].w + 1) / 2 == img->comps[1].w && 217 (img->comps[0].w + 1) / 2 == img->comps[1].w &&
211 img->comps[1].w == img->comps[2].w && 218 img->comps[1].w == img->comps[2].w &&
212 img->comps[1].h == img->comps[2].h); 219 img->comps[1].h == img->comps[2].h);
213 } 220 }
214 static bool sycc420_size_is_valid(opj_image_t* img) { 221 static bool sycc420_size_is_valid(opj_image_t* img) {
215 return (sycc420_422_size_is_valid(img) && 222 return (sycc420_422_size_is_valid(img) &&
216 img->comps[0].h != std::numeric_limits<OPJ_UINT32>::max() && 223 img->comps[0].h != std::numeric_limits<OPJ_UINT32>::max() &&
217 (img->comps[0].h + 1) / 2 == img->comps[1].h); 224 (img->comps[0].h + 1) / 2 == img->comps[1].h);
(...skipping 672 matching lines...) Expand 10 before | Expand all | Expand 10 after
890 bool CCodec_JpxModule::Decode(CJPX_Decoder* pDecoder, 897 bool CCodec_JpxModule::Decode(CJPX_Decoder* pDecoder,
891 uint8_t* dest_data, 898 uint8_t* dest_data,
892 int pitch, 899 int pitch,
893 const std::vector<uint8_t>& offsets) { 900 const std::vector<uint8_t>& offsets) {
894 return pDecoder->Decode(dest_data, pitch, offsets); 901 return pDecoder->Decode(dest_data, pitch, offsets);
895 } 902 }
896 903
897 void CCodec_JpxModule::DestroyDecoder(CJPX_Decoder* pDecoder) { 904 void CCodec_JpxModule::DestroyDecoder(CJPX_Decoder* pDecoder) {
898 delete pDecoder; 905 delete pDecoder;
899 } 906 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698