Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(975)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/libopenjpeg20/tcd.c

Issue 2212973002: openjpeg: Prevent integer overflows during calculation of |l_nb_code_blocks_size| (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: openjpeg: Prevent integer overflows during calculation of |l_nb_code_blocks_size| Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/libopenjpeg20/README.pdfium ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * The copyright in this software is being made available under the 2-clauses 2 * The copyright in this software is being made available under the 2-clauses
3 * BSD License, included below. This software may be subject to other third 3 * BSD License, included below. This software may be subject to other third
4 * party and contributor rights, including patent rights, and no such rights 4 * party and contributor rights, including patent rights, and no such rights
5 * are granted under this license. 5 * are granted under this license.
6 * 6 *
7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium 7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium
8 * Copyright (c) 2002-2014, Professor Benoit Macq 8 * Copyright (c) 2002-2014, Professor Benoit Macq
9 * Copyright (c) 2001-2003, David Janssens 9 * Copyright (c) 2001-2003, David Janssens
10 * Copyright (c) 2002-2003, Yannick Verschueren 10 * Copyright (c) 2002-2003, Yannick Verschueren
(...skipping 921 matching lines...) Expand 10 before | Expand all | Expand 10 after
932 /*fprintf(stderr, "\t tlcblkxstart =%d\n ",tlcblkxstart );*/ 932 /*fprintf(stderr, "\t tlcblkxstart =%d\n ",tlcblkxstart );*/
933 tlcblkystart = opj_int_floordivpow2(l_cu rrent_precinct->y0, (OPJ_INT32)cblkheightexpn) << cblkheightexpn; 933 tlcblkystart = opj_int_floordivpow2(l_cu rrent_precinct->y0, (OPJ_INT32)cblkheightexpn) << cblkheightexpn;
934 /*fprintf(stderr, "\t tlcblkystart =%d\n ",tlcblkystart );*/ 934 /*fprintf(stderr, "\t tlcblkystart =%d\n ",tlcblkystart );*/
935 brcblkxend = opj_int_ceildivpow2(l_curre nt_precinct->x1, (OPJ_INT32)cblkwidthexpn) << cblkwidthexpn; 935 brcblkxend = opj_int_ceildivpow2(l_curre nt_precinct->x1, (OPJ_INT32)cblkwidthexpn) << cblkwidthexpn;
936 /*fprintf(stderr, "\t brcblkxend =%d\n", brcblkxend );*/ 936 /*fprintf(stderr, "\t brcblkxend =%d\n", brcblkxend );*/
937 brcblkyend = opj_int_ceildivpow2(l_curre nt_precinct->y1, (OPJ_INT32)cblkheightexpn) << cblkheightexpn; 937 brcblkyend = opj_int_ceildivpow2(l_curre nt_precinct->y1, (OPJ_INT32)cblkheightexpn) << cblkheightexpn;
938 /*fprintf(stderr, "\t brcblkyend =%d\n", brcblkyend );*/ 938 /*fprintf(stderr, "\t brcblkyend =%d\n", brcblkyend );*/
939 l_current_precinct->cw = (OPJ_UINT32)((b rcblkxend - tlcblkxstart) >> cblkwidthexpn); 939 l_current_precinct->cw = (OPJ_UINT32)((b rcblkxend - tlcblkxstart) >> cblkwidthexpn);
940 l_current_precinct->ch = (OPJ_UINT32)((b rcblkyend - tlcblkystart) >> cblkheightexpn); 940 l_current_precinct->ch = (OPJ_UINT32)((b rcblkyend - tlcblkystart) >> cblkheightexpn);
941 941
942 if (l_current_precinct->cw && ((OPJ_UINT 32)-1) / l_current_precinct->cw < l_current_precinct->ch) {
943 return OPJ_FALSE;
944 }
942 l_nb_code_blocks = l_current_precinct->c w * l_current_precinct->ch; 945 l_nb_code_blocks = l_current_precinct->c w * l_current_precinct->ch;
943 /*fprintf(stderr, "\t\t\t\t precinct_cw = %d x recinct_ch = %d\n",l_current_precinct->cw, l_current_precinct->ch); */ 946 /*fprintf(stderr, "\t\t\t\t precinct_cw = %d x recinct_ch = %d\n",l_current_precinct->cw, l_current_precinct->ch); */
947
948 if (((OPJ_UINT32)-1) / (OPJ_UINT32)sizeo f_block < l_nb_code_blocks) {
949 return OPJ_FALSE;
950 }
944 l_nb_code_blocks_size = l_nb_code_blocks * (OPJ_UINT32)sizeof_block; 951 l_nb_code_blocks_size = l_nb_code_blocks * (OPJ_UINT32)sizeof_block;
945 952
946 if (! l_current_precinct->cblks.blocks) { 953 if (! l_current_precinct->cblks.blocks) {
947 l_current_precinct->cblks.blocks = opj_malloc(l_nb_code_blocks_size); 954 l_current_precinct->cblks.blocks = opj_malloc(l_nb_code_blocks_size);
948 if (! l_current_precinct->cblks. blocks ) { 955 if (! l_current_precinct->cblks. blocks ) {
949 return OPJ_FALSE; 956 return OPJ_FALSE;
950 } 957 }
951 /*fprintf(stderr, "\t\t\t\tAlloc ate cblks of a precinct (opj_tcd_cblk_dec_t): %d\n",l_nb_code_blocks_size);*/ 958 /*fprintf(stderr, "\t\t\t\tAlloc ate cblks of a precinct (opj_tcd_cblk_dec_t): %d\n",l_nb_code_blocks_size);*/
952 959
953 memset(l_current_precinct->cblks .blocks,0,l_nb_code_blocks_size); 960 memset(l_current_precinct->cblks .blocks,0,l_nb_code_blocks_size);
(...skipping 1261 matching lines...) Expand 10 before | Expand all | Expand 10 after
2215 } 2222 }
2216 break; 2223 break;
2217 } 2224 }
2218 2225
2219 ++l_img_comp; 2226 ++l_img_comp;
2220 ++l_tilec; 2227 ++l_tilec;
2221 } 2228 }
2222 2229
2223 return OPJ_TRUE; 2230 return OPJ_TRUE;
2224 } 2231 }
OLDNEW
« no previous file with comments | « third_party/libopenjpeg20/README.pdfium ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698