Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(479)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fxcodec/jbig2/JBig2_SddProc.cpp

Issue 2202013002: Bound total pixels in JBig2 images to avoid overflows later. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Add tests Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« core/fxcodec/jbig2/JBig2_Image_unittest.cpp ('K') | « core/fxcodec/jbig2/JBig2_Image_unittest.cpp ('k') | core/fxcodec/jbig2/JBig2_TrdProc.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 PDFium Authors. All rights reserved. 1 // Copyright 2015 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "core/fxcodec/jbig2/JBig2_SddProc.h" 7 #include "core/fxcodec/jbig2/JBig2_SddProc.h"
8 8
9 #include <memory> 9 #include <memory>
10 #include <vector> 10 #include <vector>
(...skipping 505 matching lines...) Expand 10 before | Expand all | Expand 10 after
516 if (SDREFAGG == 0) { 516 if (SDREFAGG == 0) {
517 if (pHuffmanDecoder->decodeAValue(SDHUFFBMSIZE, (int32_t*)&BMSIZE) != 0) { 517 if (pHuffmanDecoder->decodeAValue(SDHUFFBMSIZE, (int32_t*)&BMSIZE) != 0) {
518 goto failed; 518 goto failed;
519 } 519 }
520 pStream->alignByte(); 520 pStream->alignByte();
521 if (BMSIZE == 0) { 521 if (BMSIZE == 0) {
522 stride = (TOTWIDTH + 7) >> 3; 522 stride = (TOTWIDTH + 7) >> 3;
523 if (pStream->getByteLeft() >= stride * HCHEIGHT) { 523 if (pStream->getByteLeft() >= stride * HCHEIGHT) {
524 BHC = new CJBig2_Image(TOTWIDTH, HCHEIGHT); 524 BHC = new CJBig2_Image(TOTWIDTH, HCHEIGHT);
525 for (I = 0; I < HCHEIGHT; I++) { 525 for (I = 0; I < HCHEIGHT; I++) {
526 JBIG2_memcpy(BHC->m_pData + I * BHC->m_nStride, 526 JBIG2_memcpy(BHC->m_pData + I * BHC->stride(),
527 pStream->getPointer(), stride); 527 pStream->getPointer(), stride);
528 pStream->offset(stride); 528 pStream->offset(stride);
529 } 529 }
530 } else { 530 } else {
531 goto failed; 531 goto failed;
532 } 532 }
533 } else { 533 } else {
534 std::unique_ptr<CJBig2_GRDProc> pGRD(new CJBig2_GRDProc()); 534 std::unique_ptr<CJBig2_GRDProc> pGRD(new CJBig2_GRDProc());
535 pGRD->MMR = 1; 535 pGRD->MMR = 1;
536 pGRD->GBW = TOTWIDTH; 536 pGRD->GBW = TOTWIDTH;
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
594 failed: 594 failed:
595 for (I = 0; I < NSYMSDECODED; I++) { 595 for (I = 0; I < NSYMSDECODED; I++) {
596 delete SDNEWSYMS[I]; 596 delete SDNEWSYMS[I];
597 } 597 }
598 FX_Free(SDNEWSYMS); 598 FX_Free(SDNEWSYMS);
599 if (SDREFAGG == 0) { 599 if (SDREFAGG == 0) {
600 FX_Free(SDNEWSYMWIDTHS); 600 FX_Free(SDNEWSYMWIDTHS);
601 } 601 }
602 return nullptr; 602 return nullptr;
603 } 603 }
OLDNEW
« core/fxcodec/jbig2/JBig2_Image_unittest.cpp ('K') | « core/fxcodec/jbig2/JBig2_Image_unittest.cpp ('k') | core/fxcodec/jbig2/JBig2_TrdProc.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698