core/fxcodec/jbig2/JBig2_SddProc.cpp - Issue 2419553002: Verify number of ex flags matches number of ex items.

Side by Side Diff: core/fxcodec/jbig2/JBig2_SddProc.cpp

Issue 2419553002: Verify number of ex flags matches number of ex items. (Closed)

Patch Set: Review feedback Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2015 PDFium Authors. All rights reserved.	1 // Copyright 2015 PDFium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com	5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com

6	6

7 #include "core/fxcodec/jbig2/JBig2_SddProc.h"	7 #include "core/fxcodec/jbig2/JBig2_SddProc.h"

8	8

9 #include <memory>	9 #include <memory>

10 #include <vector>	10 #include <vector>

(...skipping 20 matching lines...) Expand all Loading...
31 CJBig2_Image* BS;	31 CJBig2_Image* BS;

32 uint32_t I, J, REFAGGNINST;	32 uint32_t I, J, REFAGGNINST;

33 FX_BOOL* EXFLAGS;	33 FX_BOOL* EXFLAGS;

34 uint32_t EXINDEX;	34 uint32_t EXINDEX;

35 FX_BOOL CUREXFLAG;	35 FX_BOOL CUREXFLAG;

36 uint32_t EXRUNLENGTH;	36 uint32_t EXRUNLENGTH;

37 uint32_t nTmp;	37 uint32_t nTmp;

38 uint32_t SBNUMSYMS;	38 uint32_t SBNUMSYMS;

39 uint8_t SBSYMCODELEN;	39 uint8_t SBSYMCODELEN;

40 int32_t RDXI, RDYI;	40 int32_t RDXI, RDYI;

	41 uint32_t num_ex_syms;

41 CJBig2_Image** SBSYMS;	42 CJBig2_Image** SBSYMS;

42 std::unique_ptr<CJBig2_ArithIaidDecoder> IAID;	43 std::unique_ptr<CJBig2_ArithIaidDecoder> IAID;

43 std::unique_ptr<CJBig2_SymbolDict> pDict;	44 std::unique_ptr<CJBig2_SymbolDict> pDict;

44 std::unique_ptr<CJBig2_ArithIntDecoder> IADH(new CJBig2_ArithIntDecoder);	45 std::unique_ptr<CJBig2_ArithIntDecoder> IADH(new CJBig2_ArithIntDecoder);

45 std::unique_ptr<CJBig2_ArithIntDecoder> IADW(new CJBig2_ArithIntDecoder);	46 std::unique_ptr<CJBig2_ArithIntDecoder> IADW(new CJBig2_ArithIntDecoder);

46 std::unique_ptr<CJBig2_ArithIntDecoder> IAAI(new CJBig2_ArithIntDecoder);	47 std::unique_ptr<CJBig2_ArithIntDecoder> IAAI(new CJBig2_ArithIntDecoder);

47 std::unique_ptr<CJBig2_ArithIntDecoder> IARDX(new CJBig2_ArithIntDecoder);	48 std::unique_ptr<CJBig2_ArithIntDecoder> IARDX(new CJBig2_ArithIntDecoder);

48 std::unique_ptr<CJBig2_ArithIntDecoder> IARDY(new CJBig2_ArithIntDecoder);	49 std::unique_ptr<CJBig2_ArithIntDecoder> IARDY(new CJBig2_ArithIntDecoder);

49 std::unique_ptr<CJBig2_ArithIntDecoder> IAEX(new CJBig2_ArithIntDecoder);	50 std::unique_ptr<CJBig2_ArithIntDecoder> IAEX(new CJBig2_ArithIntDecoder);

50 std::unique_ptr<CJBig2_ArithIntDecoder> IADT(new CJBig2_ArithIntDecoder);	51 std::unique_ptr<CJBig2_ArithIntDecoder> IADT(new CJBig2_ArithIntDecoder);

(...skipping 177 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
228 }	229 }

229 }	230 }

230 SDNEWSYMS[NSYMSDECODED] = BS;	231 SDNEWSYMS[NSYMSDECODED] = BS;

231 BS = nullptr;	232 BS = nullptr;

232 NSYMSDECODED = NSYMSDECODED + 1;	233 NSYMSDECODED = NSYMSDECODED + 1;

233 }	234 }

234 }	235 }

235 EXINDEX = 0;	236 EXINDEX = 0;

236 CUREXFLAG = 0;	237 CUREXFLAG = 0;

237 EXFLAGS = FX_Alloc(FX_BOOL, SDNUMINSYMS + SDNUMNEWSYMS);	238 EXFLAGS = FX_Alloc(FX_BOOL, SDNUMINSYMS + SDNUMNEWSYMS);

	239 num_ex_syms = 0;

238 while (EXINDEX < SDNUMINSYMS + SDNUMNEWSYMS) {	240 while (EXINDEX < SDNUMINSYMS + SDNUMNEWSYMS) {

239 IAEX->decode(pArithDecoder, (int*)&EXRUNLENGTH);	241 IAEX->decode(pArithDecoder, (int*)&EXRUNLENGTH);

240 if (EXINDEX + EXRUNLENGTH > SDNUMINSYMS + SDNUMNEWSYMS) {	242 if (EXINDEX + EXRUNLENGTH > SDNUMINSYMS + SDNUMNEWSYMS) {

241 FX_Free(EXFLAGS);	243 FX_Free(EXFLAGS);

242 goto failed;	244 goto failed;

243 }	245 }

244 if (EXRUNLENGTH != 0) {	246 if (EXRUNLENGTH != 0) {

245 for (I = EXINDEX; I < EXINDEX + EXRUNLENGTH; I++) {	247 for (I = EXINDEX; I < EXINDEX + EXRUNLENGTH; I++) {

	248 if (CUREXFLAG)

	249 num_ex_syms++;

246 EXFLAGS[I] = CUREXFLAG;	250 EXFLAGS[I] = CUREXFLAG;

247 }	251 }

248 }	252 }

249 EXINDEX = EXINDEX + EXRUNLENGTH;	253 EXINDEX = EXINDEX + EXRUNLENGTH;

250 CUREXFLAG = !CUREXFLAG;	254 CUREXFLAG = !CUREXFLAG;

251 }	255 }

	256 if (num_ex_syms > SDNUMEXSYMS) {

	257 FX_Free(EXFLAGS);

	258 goto failed;

	259 }

	260

252 pDict.reset(new CJBig2_SymbolDict);	261 pDict.reset(new CJBig2_SymbolDict);

253 I = J = 0;	262 I = J = 0;

254 for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) {	263 for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) {

255 if (EXFLAGS[I] && J < SDNUMEXSYMS) {	264 if (EXFLAGS[I] && J < SDNUMEXSYMS) {

256 if (I < SDNUMINSYMS) {	265 if (I < SDNUMINSYMS) {

257 pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr);	266 pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr);

258 } else {	267 } else {

259 pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]);	268 pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]);

260 }	269 }

261 ++J;	270 ++J;

(...skipping 34 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
296 uint32_t EXRUNLENGTH;	305 uint32_t EXRUNLENGTH;

297 int32_t nVal, nBits;	306 int32_t nVal, nBits;

298 uint32_t nTmp;	307 uint32_t nTmp;

299 uint32_t SBNUMSYMS;	308 uint32_t SBNUMSYMS;

300 uint8_t SBSYMCODELEN;	309 uint8_t SBSYMCODELEN;

301 JBig2HuffmanCode* SBSYMCODES;	310 JBig2HuffmanCode* SBSYMCODES;

302 uint32_t IDI;	311 uint32_t IDI;

303 int32_t RDXI, RDYI;	312 int32_t RDXI, RDYI;

304 uint32_t BMSIZE;	313 uint32_t BMSIZE;

305 uint32_t stride;	314 uint32_t stride;

	315 uint32_t num_ex_syms;

306 CJBig2_Image** SBSYMS;	316 CJBig2_Image** SBSYMS;

307 std::unique_ptr<CJBig2_HuffmanDecoder> pHuffmanDecoder(	317 std::unique_ptr<CJBig2_HuffmanDecoder> pHuffmanDecoder(

308 new CJBig2_HuffmanDecoder(pStream));	318 new CJBig2_HuffmanDecoder(pStream));

309 SDNEWSYMS = FX_Alloc(CJBig2_Image*, SDNUMNEWSYMS);	319 SDNEWSYMS = FX_Alloc(CJBig2_Image*, SDNUMNEWSYMS);

310 FXSYS_memset(SDNEWSYMS, 0, SDNUMNEWSYMS * sizeof(CJBig2_Image*));	320 FXSYS_memset(SDNEWSYMS, 0, SDNUMNEWSYMS * sizeof(CJBig2_Image*));

311 SDNEWSYMWIDTHS = nullptr;	321 SDNEWSYMWIDTHS = nullptr;

312 BHC = nullptr;	322 BHC = nullptr;

313 if (SDREFAGG == 0) {	323 if (SDREFAGG == 0) {

314 SDNEWSYMWIDTHS = FX_Alloc(uint32_t, SDNUMNEWSYMS);	324 SDNEWSYMWIDTHS = FX_Alloc(uint32_t, SDNUMNEWSYMS);

315 FXSYS_memset(SDNEWSYMWIDTHS, 0, SDNUMNEWSYMS * sizeof(uint32_t));	325 FXSYS_memset(SDNEWSYMWIDTHS, 0, SDNUMNEWSYMS * sizeof(uint32_t));

(...skipping 232 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
548 }	558 }

549 delete BHC;	559 delete BHC;

550 BHC = nullptr;	560 BHC = nullptr;

551 }	561 }

552 }	562 }

553 EXINDEX = 0;	563 EXINDEX = 0;

554 CUREXFLAG = 0;	564 CUREXFLAG = 0;

555 pTable.reset(new CJBig2_HuffmanTable(HuffmanTable_B1, HuffmanTable_B1_Size,	565 pTable.reset(new CJBig2_HuffmanTable(HuffmanTable_B1, HuffmanTable_B1_Size,

556 HuffmanTable_HTOOB_B1));	566 HuffmanTable_HTOOB_B1));

557 EXFLAGS = FX_Alloc(FX_BOOL, SDNUMINSYMS + SDNUMNEWSYMS);	567 EXFLAGS = FX_Alloc(FX_BOOL, SDNUMINSYMS + SDNUMNEWSYMS);

	568 num_ex_syms = 0;

558 while (EXINDEX < SDNUMINSYMS + SDNUMNEWSYMS) {	569 while (EXINDEX < SDNUMINSYMS + SDNUMNEWSYMS) {

559 if (pHuffmanDecoder->decodeAValue(pTable.get(), (int*)&EXRUNLENGTH) != 0) {	570 if (pHuffmanDecoder->decodeAValue(pTable.get(), (int*)&EXRUNLENGTH) != 0) {

560 FX_Free(EXFLAGS);	571 FX_Free(EXFLAGS);

561 goto failed;	572 goto failed;

562 }	573 }

563 if (EXINDEX + EXRUNLENGTH > SDNUMINSYMS + SDNUMNEWSYMS) {	574 if (EXINDEX + EXRUNLENGTH > SDNUMINSYMS + SDNUMNEWSYMS) {

564 FX_Free(EXFLAGS);	575 FX_Free(EXFLAGS);

565 goto failed;	576 goto failed;

566 }	577 }

567 if (EXRUNLENGTH != 0) {	578 if (EXRUNLENGTH != 0) {

568 for (I = EXINDEX; I < EXINDEX + EXRUNLENGTH; I++) {	579 for (I = EXINDEX; I < EXINDEX + EXRUNLENGTH; I++) {

	580 if (CUREXFLAG)

	581 num_ex_syms++;

	582

569 EXFLAGS[I] = CUREXFLAG;	583 EXFLAGS[I] = CUREXFLAG;

570 }	584 }

571 }	585 }

572 EXINDEX = EXINDEX + EXRUNLENGTH;	586 EXINDEX = EXINDEX + EXRUNLENGTH;

573 CUREXFLAG = !CUREXFLAG;	587 CUREXFLAG = !CUREXFLAG;

574 }	588 }

	589 if (num_ex_syms > SDNUMEXSYMS) {

	590 FX_Free(EXFLAGS);

	591 goto failed;

	592 }

	593

575 I = J = 0;	594 I = J = 0;

576 for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) {	595 for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) {

577 if (EXFLAGS[I] && J < SDNUMEXSYMS) {	596 if (EXFLAGS[I] && J < SDNUMEXSYMS) {

578 if (I < SDNUMINSYMS) {	597 if (I < SDNUMINSYMS) {

579 pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr);	598 pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr);

580 } else {	599 } else {

581 pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]);	600 pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]);

582 }	601 }

583 ++J;	602 ++J;

584 } else if (!EXFLAGS[I] && I >= SDNUMINSYMS) {	603 } else if (!EXFLAGS[I] && I >= SDNUMINSYMS) {

585 delete SDNEWSYMS[I - SDNUMINSYMS];	604 delete SDNEWSYMS[I - SDNUMINSYMS];

586 }	605 }

587 }	606 }

588 FX_Free(EXFLAGS);	607 FX_Free(EXFLAGS);

589 FX_Free(SDNEWSYMS);	608 FX_Free(SDNEWSYMS);

590 if (SDREFAGG == 0) {	609 if (SDREFAGG == 0) {

591 FX_Free(SDNEWSYMWIDTHS);	610 FX_Free(SDNEWSYMWIDTHS);

592 }	611 }

593 return pDict.release();	612 return pDict.release();

594 failed:	613 failed:

595 for (I = 0; I < NSYMSDECODED; I++) {	614 for (I = 0; I < NSYMSDECODED; I++) {

596 delete SDNEWSYMS[I];	615 delete SDNEWSYMS[I];

597 }	616 }

598 FX_Free(SDNEWSYMS);	617 FX_Free(SDNEWSYMS);

599 if (SDREFAGG == 0) {	618 if (SDREFAGG == 0) {

600 FX_Free(SDNEWSYMWIDTHS);	619 FX_Free(SDNEWSYMWIDTHS);

601 }	620 }

602 return nullptr;	621 return nullptr;

603 }	622 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »