Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/libopenjpeg20/j2k.c

Issue 2182683002: Fix an integer overflow in opj_tcd_get_decoded_tile_size(). (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: another Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/libopenjpeg20/README.pdfium ('k') | third_party/libopenjpeg20/tcd.c » ('j') | third_party/libopenjpeg20/tcd.c » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/libopenjpeg20/j2k.c
diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c
index b5f6fe90f52fb7b11966292cc601df6ea2009d03..6346c219073818889c62b3b73dc81c594c47b639 100644
--- a/third_party/libopenjpeg20/j2k.c
+++ b/third_party/libopenjpeg20/j2k.c
@@ -8028,6 +8028,10 @@ OPJ_BOOL opj_j2k_read_tile_header( opj_j2k_t * p_j2k,
*p_tile_index = p_j2k->m_current_tile_number;
*p_go_on = OPJ_TRUE;
*p_data_size = opj_tcd_get_decoded_tile_size(p_j2k->m_tcd);
+ if (*p_data_size == (OPJ_UINT32)-1) {
+ return OPJ_FALSE;
+ }
+
*p_tile_x0 = p_j2k->m_tcd->tcd_image->tiles->x0;
*p_tile_y0 = p_j2k->m_tcd->tcd_image->tiles->y0;
*p_tile_x1 = p_j2k->m_tcd->tcd_image->tiles->x1;
« no previous file with comments | « third_party/libopenjpeg20/README.pdfium ('k') | third_party/libopenjpeg20/tcd.c » ('j') | third_party/libopenjpeg20/tcd.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698