| OLD | NEW |
|---|
| 1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "core/fxcodec/jbig2/JBig2_Context.h" | 7 #include "core/fxcodec/jbig2/JBig2_Context.h" |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <list> | 10 #include <list> |
| (...skipping 921 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 932 pSegment->m_Result.im = | 932 pSegment->m_Result.im = |
| 933 pTRD->decode_Huffman(m_pStream.get(), grContext.get()); | 933 pTRD->decode_Huffman(m_pStream.get(), grContext.get()); |
| 934 if (!pSegment->m_Result.im) | 934 if (!pSegment->m_Result.im) |
| 935 return JBIG2_ERROR_FATAL; | 935 return JBIG2_ERROR_FATAL; |
| 936 m_pStream->alignByte(); | 936 m_pStream->alignByte(); |
| 937 } | 937 } |
| 938 if (pSegment->m_cFlags.s.type != 4) { | 938 if (pSegment->m_cFlags.s.type != 4) { |
| 939 if (!m_bBufSpecified) { | 939 if (!m_bBufSpecified) { |
| 940 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); | 940 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); |
| 941 if ((pPageInfo->m_bIsStriped == 1) && | 941 if ((pPageInfo->m_bIsStriped == 1) && |
| 942 (ri.y + ri.height > m_pPage->m_nHeight)) { | 942 (ri.y + ri.height > m_pPage->height())) { |
| 943 m_pPage->expand(ri.y + ri.height, (pPageInfo->m_cFlags & 4) ? 1 : 0); | 943 m_pPage->expand(ri.y + ri.height, (pPageInfo->m_cFlags & 4) ? 1 : 0); |
| 944 } | 944 } |
| 945 } | 945 } |
| 946 m_pPage->composeFrom(ri.x, ri.y, pSegment->m_Result.im, | 946 m_pPage->composeFrom(ri.x, ri.y, pSegment->m_Result.im, |
| 947 (JBig2ComposeOp)(ri.flags & 0x03)); | 947 (JBig2ComposeOp)(ri.flags & 0x03)); |
| 948 delete pSegment->m_Result.im; | 948 delete pSegment->m_Result.im; |
| 949 pSegment->m_Result.im = nullptr; | 949 pSegment->m_Result.im = nullptr; |
| 950 } | 950 } |
| 951 return JBIG2_SUCCESS; | 951 return JBIG2_SUCCESS; |
| 952 } | 952 } |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1023 findSegmentByNumber(pSegment->m_pReferred_to_segment_numbers[0]); | 1023 findSegmentByNumber(pSegment->m_pReferred_to_segment_numbers[0]); |
| 1024 if (!pSeg || (pSeg->m_cFlags.s.type != 16)) | 1024 if (!pSeg || (pSeg->m_cFlags.s.type != 16)) |
| 1025 return JBIG2_ERROR_FATAL; | 1025 return JBIG2_ERROR_FATAL; |
| 1026 | 1026 |
| 1027 CJBig2_PatternDict* pPatternDict = pSeg->m_Result.pd; | 1027 CJBig2_PatternDict* pPatternDict = pSeg->m_Result.pd; |
| 1028 if (!pPatternDict || (pPatternDict->NUMPATS == 0)) | 1028 if (!pPatternDict || (pPatternDict->NUMPATS == 0)) |
| 1029 return JBIG2_ERROR_FATAL; | 1029 return JBIG2_ERROR_FATAL; |
| 1030 | 1030 |
| 1031 pHRD->HNUMPATS = pPatternDict->NUMPATS; | 1031 pHRD->HNUMPATS = pPatternDict->NUMPATS; |
| 1032 pHRD->HPATS = pPatternDict->HDPATS; | 1032 pHRD->HPATS = pPatternDict->HDPATS; |
| 1033 pHRD->HPW = pPatternDict->HDPATS[0]->m_nWidth; | 1033 pHRD->HPW = pPatternDict->HDPATS[0]->width(); |
| 1034 pHRD->HPH = pPatternDict->HDPATS[0]->m_nHeight; | 1034 pHRD->HPH = pPatternDict->HDPATS[0]->height(); |
| 1035 pSegment->m_nResultType = JBIG2_IMAGE_POINTER; | 1035 pSegment->m_nResultType = JBIG2_IMAGE_POINTER; |
| 1036 if (pHRD->HMMR == 0) { | 1036 if (pHRD->HMMR == 0) { |
| 1037 const size_t size = GetHuffContextSize(pHRD->HTEMPLATE); | 1037 const size_t size = GetHuffContextSize(pHRD->HTEMPLATE); |
| 1038 std::unique_ptr<JBig2ArithCtx, FxFreeDeleter> gbContext( | 1038 std::unique_ptr<JBig2ArithCtx, FxFreeDeleter> gbContext( |
| 1039 FX_Alloc(JBig2ArithCtx, size)); | 1039 FX_Alloc(JBig2ArithCtx, size)); |
| 1040 JBIG2_memset(gbContext.get(), 0, sizeof(JBig2ArithCtx) * size); | 1040 JBIG2_memset(gbContext.get(), 0, sizeof(JBig2ArithCtx) * size); |
| 1041 std::unique_ptr<CJBig2_ArithDecoder> pArithDecoder( | 1041 std::unique_ptr<CJBig2_ArithDecoder> pArithDecoder( |
| 1042 new CJBig2_ArithDecoder(m_pStream.get())); | 1042 new CJBig2_ArithDecoder(m_pStream.get())); |
| 1043 pSegment->m_Result.im = | 1043 pSegment->m_Result.im = |
| 1044 pHRD->decode_Arith(pArithDecoder.get(), gbContext.get(), pPause); | 1044 pHRD->decode_Arith(pArithDecoder.get(), gbContext.get(), pPause); |
| 1045 if (!pSegment->m_Result.im) | 1045 if (!pSegment->m_Result.im) |
| 1046 return JBIG2_ERROR_FATAL; | 1046 return JBIG2_ERROR_FATAL; |
| 1047 | 1047 |
| 1048 m_pStream->alignByte(); | 1048 m_pStream->alignByte(); |
| 1049 m_pStream->offset(2); | 1049 m_pStream->offset(2); |
| 1050 } else { | 1050 } else { |
| 1051 pSegment->m_Result.im = pHRD->decode_MMR(m_pStream.get(), pPause); | 1051 pSegment->m_Result.im = pHRD->decode_MMR(m_pStream.get(), pPause); |
| 1052 if (!pSegment->m_Result.im) | 1052 if (!pSegment->m_Result.im) |
| 1053 return JBIG2_ERROR_FATAL; | 1053 return JBIG2_ERROR_FATAL; |
| 1054 m_pStream->alignByte(); | 1054 m_pStream->alignByte(); |
| 1055 } | 1055 } |
| 1056 if (pSegment->m_cFlags.s.type != 20) { | 1056 if (pSegment->m_cFlags.s.type != 20) { |
| 1057 if (!m_bBufSpecified) { | 1057 if (!m_bBufSpecified) { |
| 1058 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); | 1058 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); |
| 1059 if (pPageInfo->m_bIsStriped == 1 && | 1059 if (pPageInfo->m_bIsStriped == 1 && |
| 1060 ri.y + ri.height > m_pPage->m_nHeight) { | 1060 ri.y + ri.height > m_pPage->height()) { |
| 1061 m_pPage->expand(ri.y + ri.height, (pPageInfo->m_cFlags & 4) ? 1 : 0); | 1061 m_pPage->expand(ri.y + ri.height, (pPageInfo->m_cFlags & 4) ? 1 : 0); |
| 1062 } | 1062 } |
| 1063 } | 1063 } |
| 1064 m_pPage->composeFrom(ri.x, ri.y, pSegment->m_Result.im, | 1064 m_pPage->composeFrom(ri.x, ri.y, pSegment->m_Result.im, |
| 1065 (JBig2ComposeOp)(ri.flags & 0x03)); | 1065 (JBig2ComposeOp)(ri.flags & 0x03)); |
| 1066 delete pSegment->m_Result.im; | 1066 delete pSegment->m_Result.im; |
| 1067 pSegment->m_Result.im = nullptr; | 1067 pSegment->m_Result.im = nullptr; |
| 1068 } | 1068 } |
| 1069 return JBIG2_SUCCESS; | 1069 return JBIG2_SUCCESS; |
| 1070 } | 1070 } |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1116 m_ProcessingStatus = m_pGRD->Start_decode_Arith( | 1116 m_ProcessingStatus = m_pGRD->Start_decode_Arith( |
| 1117 &pSegment->m_Result.im, m_pArithDecoder.get(), m_gbContext, pPause); | 1117 &pSegment->m_Result.im, m_pArithDecoder.get(), m_gbContext, pPause); |
| 1118 } else { | 1118 } else { |
| 1119 m_ProcessingStatus = m_pGRD->Continue_decode(pPause); | 1119 m_ProcessingStatus = m_pGRD->Continue_decode(pPause); |
| 1120 } | 1120 } |
| 1121 if (m_ProcessingStatus == FXCODEC_STATUS_DECODE_TOBECONTINUE) { | 1121 if (m_ProcessingStatus == FXCODEC_STATUS_DECODE_TOBECONTINUE) { |
| 1122 if (pSegment->m_cFlags.s.type != 36) { | 1122 if (pSegment->m_cFlags.s.type != 36) { |
| 1123 if (!m_bBufSpecified) { | 1123 if (!m_bBufSpecified) { |
| 1124 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); | 1124 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); |
| 1125 if ((pPageInfo->m_bIsStriped == 1) && | 1125 if ((pPageInfo->m_bIsStriped == 1) && |
| 1126 (m_ri.y + m_ri.height > m_pPage->m_nHeight)) { | 1126 (m_ri.y + m_ri.height > m_pPage->height())) { |
| 1127 m_pPage->expand(m_ri.y + m_ri.height, | 1127 m_pPage->expand(m_ri.y + m_ri.height, |
| 1128 (pPageInfo->m_cFlags & 4) ? 1 : 0); | 1128 (pPageInfo->m_cFlags & 4) ? 1 : 0); |
| 1129 } | 1129 } |
| 1130 } | 1130 } |
| 1131 FX_RECT Rect = m_pGRD->GetReplaceRect(); | 1131 FX_RECT Rect = m_pGRD->GetReplaceRect(); |
| 1132 m_pPage->composeFrom(m_ri.x + Rect.left, m_ri.y + Rect.top, | 1132 m_pPage->composeFrom(m_ri.x + Rect.left, m_ri.y + Rect.top, |
| 1133 pSegment->m_Result.im, | 1133 pSegment->m_Result.im, |
| 1134 (JBig2ComposeOp)(m_ri.flags & 0x03), &Rect); | 1134 (JBig2ComposeOp)(m_ri.flags & 0x03), &Rect); |
| 1135 } | 1135 } |
| 1136 return JBIG2_SUCCESS; | 1136 return JBIG2_SUCCESS; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 1151 if (!pSegment->m_Result.im) { | 1151 if (!pSegment->m_Result.im) { |
| 1152 m_pGRD.reset(); | 1152 m_pGRD.reset(); |
| 1153 return JBIG2_ERROR_FATAL; | 1153 return JBIG2_ERROR_FATAL; |
| 1154 } | 1154 } |
| 1155 m_pStream->alignByte(); | 1155 m_pStream->alignByte(); |
| 1156 } | 1156 } |
| 1157 if (pSegment->m_cFlags.s.type != 36) { | 1157 if (pSegment->m_cFlags.s.type != 36) { |
| 1158 if (!m_bBufSpecified) { | 1158 if (!m_bBufSpecified) { |
| 1159 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); | 1159 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); |
| 1160 if ((pPageInfo->m_bIsStriped == 1) && | 1160 if ((pPageInfo->m_bIsStriped == 1) && |
| 1161 (m_ri.y + m_ri.height > m_pPage->m_nHeight)) { | 1161 (m_ri.y + m_ri.height > m_pPage->height())) { |
| 1162 m_pPage->expand(m_ri.y + m_ri.height, | 1162 m_pPage->expand(m_ri.y + m_ri.height, |
| 1163 (pPageInfo->m_cFlags & 4) ? 1 : 0); | 1163 (pPageInfo->m_cFlags & 4) ? 1 : 0); |
| 1164 } | 1164 } |
| 1165 } | 1165 } |
| 1166 FX_RECT Rect = m_pGRD->GetReplaceRect(); | 1166 FX_RECT Rect = m_pGRD->GetReplaceRect(); |
| 1167 m_pPage->composeFrom(m_ri.x + Rect.left, m_ri.y + Rect.top, | 1167 m_pPage->composeFrom(m_ri.x + Rect.left, m_ri.y + Rect.top, |
| 1168 pSegment->m_Result.im, | 1168 pSegment->m_Result.im, |
| 1169 (JBig2ComposeOp)(m_ri.flags & 0x03), &Rect); | 1169 (JBig2ComposeOp)(m_ri.flags & 0x03), &Rect); |
| 1170 delete pSegment->m_Result.im; | 1170 delete pSegment->m_Result.im; |
| 1171 pSegment->m_Result.im = nullptr; | 1171 pSegment->m_Result.im = nullptr; |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1224 pSegment->m_Result.im = pGRRD->decode(pArithDecoder.get(), grContext.get()); | 1224 pSegment->m_Result.im = pGRRD->decode(pArithDecoder.get(), grContext.get()); |
| 1225 if (!pSegment->m_Result.im) | 1225 if (!pSegment->m_Result.im) |
| 1226 return JBIG2_ERROR_FATAL; | 1226 return JBIG2_ERROR_FATAL; |
| 1227 | 1227 |
| 1228 m_pStream->alignByte(); | 1228 m_pStream->alignByte(); |
| 1229 m_pStream->offset(2); | 1229 m_pStream->offset(2); |
| 1230 if (pSegment->m_cFlags.s.type != 40) { | 1230 if (pSegment->m_cFlags.s.type != 40) { |
| 1231 if (!m_bBufSpecified) { | 1231 if (!m_bBufSpecified) { |
| 1232 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); | 1232 JBig2PageInfo* pPageInfo = m_PageInfoList.back(); |
| 1233 if ((pPageInfo->m_bIsStriped == 1) && | 1233 if ((pPageInfo->m_bIsStriped == 1) && |
| 1234 (ri.y + ri.height > m_pPage->m_nHeight)) { | 1234 (ri.y + ri.height > m_pPage->height())) { |
| 1235 m_pPage->expand(ri.y + ri.height, (pPageInfo->m_cFlags & 4) ? 1 : 0); | 1235 m_pPage->expand(ri.y + ri.height, (pPageInfo->m_cFlags & 4) ? 1 : 0); |
| 1236 } | 1236 } |
| 1237 } | 1237 } |
| 1238 m_pPage->composeFrom(ri.x, ri.y, pSegment->m_Result.im, | 1238 m_pPage->composeFrom(ri.x, ri.y, pSegment->m_Result.im, |
| 1239 (JBig2ComposeOp)(ri.flags & 0x03)); | 1239 (JBig2ComposeOp)(ri.flags & 0x03)); |
| 1240 delete pSegment->m_Result.im; | 1240 delete pSegment->m_Result.im; |
| 1241 pSegment->m_Result.im = nullptr; | 1241 pSegment->m_Result.im = nullptr; |
| 1242 } | 1242 } |
| 1243 return JBIG2_SUCCESS; | 1243 return JBIG2_SUCCESS; |
| 1244 } | 1244 } |
| (...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1402 SBSYMCODES[CURTEMP].code = CURCODE; | 1402 SBSYMCODES[CURTEMP].code = CURCODE; |
| 1403 CURCODE = CURCODE + 1; | 1403 CURCODE = CURCODE + 1; |
| 1404 } | 1404 } |
| 1405 CURTEMP = CURTEMP + 1; | 1405 CURTEMP = CURTEMP + 1; |
| 1406 } | 1406 } |
| 1407 CURLEN = CURLEN + 1; | 1407 CURLEN = CURLEN + 1; |
| 1408 } | 1408 } |
| 1409 FX_Free(LENCOUNT); | 1409 FX_Free(LENCOUNT); |
| 1410 FX_Free(FIRSTCODE); | 1410 FX_Free(FIRSTCODE); |
| 1411 } | 1411 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2242363002:
[M53] Bound total pixels in JBig2 images to avoid overflows later. (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@2785