Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(50)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/libopenjpeg20/tcd.c

Issue 2124073003: openjpeg: Prevent integer overflows during calculation of |l_nb_precinct_size| (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/libopenjpeg20/README.pdfium ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * The copyright in this software is being made available under the 2-clauses 2 * The copyright in this software is being made available under the 2-clauses
3 * BSD License, included below. This software may be subject to other third 3 * BSD License, included below. This software may be subject to other third
4 * party and contributor rights, including patent rights, and no such rights 4 * party and contributor rights, including patent rights, and no such rights
5 * are granted under this license. 5 * are granted under this license.
6 * 6 *
7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium 7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium
8 * Copyright (c) 2002-2014, Professor Benoit Macq 8 * Copyright (c) 2002-2014, Professor Benoit Macq
9 * Copyright (c) 2001-2003, David Janssens 9 * Copyright (c) 2001-2003, David Janssens
10 * Copyright (c) 2002-2003, Yannick Verschueren 10 * Copyright (c) 2002-2003, Yannick Verschueren
(...skipping 804 matching lines...) Expand 10 before | Expand all | Expand 10 after
815 l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_ INT32)l_pdx) << l_pdx; 815 l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_ INT32)l_pdx) << l_pdx;
816 l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_ INT32)l_pdy) << l_pdy; 816 l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_ INT32)l_pdy) << l_pdy;
817 l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT 32)l_pdx) << l_pdx; 817 l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT 32)l_pdx) << l_pdx;
818 l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT 32)l_pdy) << l_pdy; 818 l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT 32)l_pdy) << l_pdy;
819 /*fprintf(stderr, "\t\t\tprc_x_start=%d, prc_y_start=%d, br_prc_x_end=%d, br_prc_y_end=%d \n", l_tl_prc_x_start, l_tl_prc_y_start, l_br_ prc_x_end ,l_br_prc_y_end );*/ 819 /*fprintf(stderr, "\t\t\tprc_x_start=%d, prc_y_start=%d, br_prc_x_end=%d, br_prc_y_end=%d \n", l_tl_prc_x_start, l_tl_prc_y_start, l_br_ prc_x_end ,l_br_prc_y_end );*/
820 820
821 l_res->pw = (l_res->x0 == l_res->x1) ? 0 : (OPJ_UINT32)( (l_br_prc_x_end - l_tl_prc_x_start) >> l_pdx); 821 l_res->pw = (l_res->x0 == l_res->x1) ? 0 : (OPJ_UINT32)( (l_br_prc_x_end - l_tl_prc_x_start) >> l_pdx);
822 l_res->ph = (l_res->y0 == l_res->y1) ? 0 : (OPJ_UINT32)( (l_br_prc_y_end - l_tl_prc_y_start) >> l_pdy); 822 l_res->ph = (l_res->y0 == l_res->y1) ? 0 : (OPJ_UINT32)( (l_br_prc_y_end - l_tl_prc_y_start) >> l_pdy);
823 /*fprintf(stderr, "\t\t\tres_pw=%d, res_ph=%d\n", l_res- >pw, l_res->ph );*/ 823 /*fprintf(stderr, "\t\t\tres_pw=%d, res_ph=%d\n", l_res- >pw, l_res->ph );*/
824 824
825 if (l_res->pw && ((OPJ_UINT32)-1) / l_res->pw < l_res->p h) {
826 return OPJ_FALSE;
827 }
825 l_nb_precincts = l_res->pw * l_res->ph; 828 l_nb_precincts = l_res->pw * l_res->ph;
829
830 if (((OPJ_UINT32)-1) / (OPJ_UINT32)sizeof(opj_tcd_precin ct_t) < l_nb_precincts) {
831 return OPJ_FALSE;
832 }
826 l_nb_precinct_size = l_nb_precincts * (OPJ_UINT32)sizeof (opj_tcd_precinct_t); 833 l_nb_precinct_size = l_nb_precincts * (OPJ_UINT32)sizeof (opj_tcd_precinct_t);
827 if (resno == 0) { 834 if (resno == 0) {
828 tlcbgxstart = l_tl_prc_x_start; 835 tlcbgxstart = l_tl_prc_x_start;
829 tlcbgystart = l_tl_prc_y_start; 836 tlcbgystart = l_tl_prc_y_start;
830 /*brcbgxend = l_br_prc_x_end;*/ 837 /*brcbgxend = l_br_prc_x_end;*/
831 /* brcbgyend = l_br_prc_y_end;*/ 838 /* brcbgyend = l_br_prc_y_end;*/
832 cbgwidthexpn = l_pdx; 839 cbgwidthexpn = l_pdx;
833 cbgheightexpn = l_pdy; 840 cbgheightexpn = l_pdy;
834 l_res->numbands = 1; 841 l_res->numbands = 1;
835 } 842 }
(...skipping 1360 matching lines...) Expand 10 before | Expand all | Expand 10 after
2196 } 2203 }
2197 break; 2204 break;
2198 } 2205 }
2199 2206
2200 ++l_img_comp; 2207 ++l_img_comp;
2201 ++l_tilec; 2208 ++l_tilec;
2202 } 2209 }
2203 2210
2204 return OPJ_TRUE; 2211 return OPJ_TRUE;
2205 } 2212 }
OLDNEW
« no previous file with comments | « third_party/libopenjpeg20/README.pdfium ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698