| OLD | NEW |
|---|
| 1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "core/fxcodec/codec/codec_int.h" | 7 #include "core/fxcodec/codec/codec_int.h" |
| 8 #include "core/fxcodec/include/fx_codec.h" | 8 #include "core/fxcodec/include/fx_codec.h" |
| 9 | 9 |
| 10 namespace { | 10 namespace { |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | 29 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 30 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | 30 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 31 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | 31 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 32 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | 32 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 33 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | 33 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 34 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, | 34 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
| 35 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, | 35 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, |
| 36 4, 4, 4, 4, 4, 4, 4, 4, 5, 5, 5, 5, 6, 6, 7, 8, | 36 4, 4, 4, 4, 4, 4, 4, 4, 5, 5, 5, 5, 6, 6, 7, 8, |
| 37 }; | 37 }; |
| 38 | 38 |
| 39 // Limit of image dimension, an arbitrary large number. |
| 40 const int kMaxImageDimension = 0x01FFFF; |
| 41 |
| 39 int FindBit(const uint8_t* data_buf, int max_pos, int start_pos, int bit) { | 42 int FindBit(const uint8_t* data_buf, int max_pos, int start_pos, int bit) { |
| 43 ASSERT(start_pos >= 0); |
| 40 if (start_pos >= max_pos) { | 44 if (start_pos >= max_pos) { |
| 41 return max_pos; | 45 return max_pos; |
| 42 } | 46 } |
| 43 const uint8_t* leading_pos = bit ? OneLeadPos : ZeroLeadPos; | 47 const uint8_t* leading_pos = bit ? OneLeadPos : ZeroLeadPos; |
| 44 if (start_pos % 8) { | 48 if (start_pos % 8) { |
| 45 uint8_t data = data_buf[start_pos / 8]; | 49 uint8_t data = data_buf[start_pos / 8]; |
| 46 if (bit) { | 50 if (bit) { |
| 47 data &= 0xff >> (start_pos % 8); | 51 data &= 0xff >> (start_pos % 8); |
| 48 } else { | 52 } else { |
| 49 data |= 0xff << (8 - start_pos % 8); | 53 data |= 0xff << (8 - start_pos % 8); |
| (...skipping 454 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 504 m_Encoding = K; | 508 m_Encoding = K; |
| 505 m_bEndOfLine = EndOfLine; | 509 m_bEndOfLine = EndOfLine; |
| 506 m_bByteAlign = EncodedByteAlign; | 510 m_bByteAlign = EncodedByteAlign; |
| 507 m_bBlack = BlackIs1; | 511 m_bBlack = BlackIs1; |
| 508 m_OrigWidth = Columns; | 512 m_OrigWidth = Columns; |
| 509 m_OrigHeight = Rows; | 513 m_OrigHeight = Rows; |
| 510 if (m_OrigWidth == 0) | 514 if (m_OrigWidth == 0) |
| 511 m_OrigWidth = width; | 515 m_OrigWidth = width; |
| 512 if (m_OrigHeight == 0) | 516 if (m_OrigHeight == 0) |
| 513 m_OrigHeight = height; | 517 m_OrigHeight = height; |
| 514 // Should not overflow. Checked by FPDFAPI_CreateFaxDecoder. | 518 // Should not overflow. Checked by CCodec_FaxDecoder::CreateDecoder. |
| 515 m_Pitch = (static_cast<uint32_t>(m_OrigWidth) + 31) / 32 * 4; | 519 m_Pitch = (static_cast<uint32_t>(m_OrigWidth) + 31) / 32 * 4; |
| 516 m_OutputWidth = m_OrigWidth; | 520 m_OutputWidth = m_OrigWidth; |
| 517 m_OutputHeight = m_OrigHeight; | 521 m_OutputHeight = m_OrigHeight; |
| 518 m_pScanlineBuf = FX_Alloc(uint8_t, m_Pitch); | 522 m_pScanlineBuf = FX_Alloc(uint8_t, m_Pitch); |
| 519 m_pRefBuf = FX_Alloc(uint8_t, m_Pitch); | 523 m_pRefBuf = FX_Alloc(uint8_t, m_Pitch); |
| 520 m_pSrcBuf = src_buf; | 524 m_pSrcBuf = src_buf; |
| 521 m_SrcSize = src_size; | 525 m_SrcSize = src_size; |
| 522 m_nComps = 1; | 526 m_nComps = 1; |
| 523 m_bpc = 1; | 527 m_bpc = 1; |
| 524 } | 528 } |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 617 const uint8_t* src_buf, | 621 const uint8_t* src_buf, |
| 618 uint32_t src_size, | 622 uint32_t src_size, |
| 619 int width, | 623 int width, |
| 620 int height, | 624 int height, |
| 621 int K, | 625 int K, |
| 622 FX_BOOL EndOfLine, | 626 FX_BOOL EndOfLine, |
| 623 FX_BOOL EncodedByteAlign, | 627 FX_BOOL EncodedByteAlign, |
| 624 FX_BOOL BlackIs1, | 628 FX_BOOL BlackIs1, |
| 625 int Columns, | 629 int Columns, |
| 626 int Rows) { | 630 int Rows) { |
| 631 // Reject invalid values. |
| 632 if (width <= 0 || height < 0 || Columns < 0 || Rows < 0) |
| 633 return nullptr; |
| 634 // Reject unreasonable large input. |
| 635 if (width > kMaxImageDimension || height > kMaxImageDimension || |
| 636 Columns > kMaxImageDimension || Rows > kMaxImageDimension) |
| 637 return nullptr; |
| 627 return new CCodec_FaxDecoder(src_buf, src_size, width, height, K, EndOfLine, | 638 return new CCodec_FaxDecoder(src_buf, src_size, width, height, K, EndOfLine, |
| 628 EncodedByteAlign, BlackIs1, Columns, Rows); | 639 EncodedByteAlign, BlackIs1, Columns, Rows); |
| 629 } | 640 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2360283004:
Bail out on bad size and height in CCodec_FaxDecoder::CreateDecoder (Closed)
