Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fpdfapi/fpdf_parser/fpdf_parser_decode.cpp

Issue 2360283004: Bail out on bad size and height in CCodec_FaxDecoder::CreateDecoder (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | core/fxcodec/codec/fx_codec_fax.cpp » ('j') | testing/libfuzzer/pdf_codec_fax_fuzzer.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "core/fpdfapi/fpdf_parser/include/fpdf_parser_decode.h" 7 #include "core/fpdfapi/fpdf_parser/include/fpdf_parser_decode.h"
8 8
9 #include <limits.h> 9 #include <limits.h>
10 #include <utility> 10 #include <utility>
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after
241 if (pParams) { 241 if (pParams) {
242 K = pParams->GetIntegerFor("K"); 242 K = pParams->GetIntegerFor("K");
243 EndOfLine = pParams->GetIntegerFor("EndOfLine"); 243 EndOfLine = pParams->GetIntegerFor("EndOfLine");
244 ByteAlign = pParams->GetIntegerFor("EncodedByteAlign"); 244 ByteAlign = pParams->GetIntegerFor("EncodedByteAlign");
245 BlackIs1 = pParams->GetIntegerFor("BlackIs1"); 245 BlackIs1 = pParams->GetIntegerFor("BlackIs1");
246 Columns = pParams->GetIntegerFor("Columns", 1728); 246 Columns = pParams->GetIntegerFor("Columns", 1728);
247 Rows = pParams->GetIntegerFor("Rows"); 247 Rows = pParams->GetIntegerFor("Rows");
248 if (Rows > USHRT_MAX) { 248 if (Rows > USHRT_MAX) {
249 Rows = 0; 249 Rows = 0;
250 } 250 }
251 if (Columns <= 0 || Rows < 0 || Columns > USHRT_MAX || Rows > USHRT_MAX) {
252 return nullptr;
253 }
254 } 251 }
255 return CPDF_ModuleMgr::Get()->GetFaxModule()->CreateDecoder( 252 return CPDF_ModuleMgr::Get()->GetFaxModule()->CreateDecoder(
256 src_buf, src_size, width, height, K, EndOfLine, ByteAlign, BlackIs1, 253 src_buf, src_size, width, height, K, EndOfLine, ByteAlign, BlackIs1,
257 Columns, Rows); 254 Columns, Rows);
258 } 255 }
259 256
260 static FX_BOOL CheckFlateDecodeParams(int Colors, 257 static FX_BOOL CheckFlateDecodeParams(int Colors,
261 int BitsPerComponent, 258 int BitsPerComponent,
262 int Columns) { 259 int Columns) {
263 if (Columns < 0) { 260 if (Columns < 0) {
(...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after
572 uint32_t src_size, 569 uint32_t src_size,
573 uint8_t*& dest_buf, 570 uint8_t*& dest_buf,
574 uint32_t& dest_size) { 571 uint32_t& dest_size) {
575 CCodec_ModuleMgr* pEncoders = CPDF_ModuleMgr::Get()->GetCodecModule(); 572 CCodec_ModuleMgr* pEncoders = CPDF_ModuleMgr::Get()->GetCodecModule();
576 if (pEncoders) { 573 if (pEncoders) {
577 return pEncoders->GetFlateModule()->FlateOrLZWDecode( 574 return pEncoders->GetFlateModule()->FlateOrLZWDecode(
578 FALSE, src_buf, src_size, FALSE, 0, 0, 0, 0, 0, dest_buf, dest_size); 575 FALSE, src_buf, src_size, FALSE, 0, 0, 0, 0, 0, dest_buf, dest_size);
579 } 576 }
580 return 0; 577 return 0;
581 } 578 }
OLDNEW
« no previous file with comments | « no previous file | core/fxcodec/codec/fx_codec_fax.cpp » ('j') | testing/libfuzzer/pdf_codec_fax_fuzzer.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698