Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(14)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcodec/codec/fx_codec_flate.cpp

Issue 466153005: Fix buffer size offset error in PNG_Predictor (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../fx_zlib.h" 7 #include "../../fx_zlib.h"
8 #include "../../../include/fxcodec/fx_codec.h" 8 #include "../../../include/fxcodec/fx_codec.h"
9 #include "codec_int.h" 9 #include "codec_int.h"
10 extern "C" 10 extern "C"
(...skipping 380 matching lines...) Expand 10 before | Expand all | Expand 10 after
391 int last_row_size = data_size % (row_size + 1); 391 int last_row_size = data_size % (row_size + 1);
392 FX_LPBYTE dest_buf = FX_Alloc( FX_BYTE, row_size * row_count); 392 FX_LPBYTE dest_buf = FX_Alloc( FX_BYTE, row_size * row_count);
393 if (dest_buf == NULL) { 393 if (dest_buf == NULL) {
394 return; 394 return;
395 } 395 }
396 int byte_cnt = 0; 396 int byte_cnt = 0;
397 FX_LPBYTE pSrcData = data_buf; 397 FX_LPBYTE pSrcData = data_buf;
398 FX_LPBYTE pDestData = dest_buf; 398 FX_LPBYTE pDestData = dest_buf;
399 for (int row = 0; row < row_count; row ++) { 399 for (int row = 0; row < row_count; row ++) {
400 FX_BYTE tag = pSrcData[0]; 400 FX_BYTE tag = pSrcData[0];
401 byte_cnt++;
401 if (tag == 0) { 402 if (tag == 0) {
402 int move_size = row_size; 403 int move_size = row_size;
403 if ((row + 1) * (move_size + 1) > (int)data_size) { 404 if ((row + 1) * (move_size + 1) > (int)data_size) {
404 move_size = last_row_size - 1; 405 move_size = last_row_size - 1;
405 } 406 }
406 FXSYS_memmove32(pDestData, pSrcData + 1, move_size); 407 FXSYS_memmove32(pDestData, pSrcData + 1, move_size);
407 pSrcData += move_size + 1; 408 pSrcData += move_size + 1;
408 pDestData += move_size; 409 pDestData += move_size;
409 byte_cnt += move_size + 1; 410 byte_cnt += move_size;
410 continue; 411 continue;
411 } 412 }
412 for (int byte = 0; byte < row_size && byte_cnt < (int)data_size; byte ++ ) { 413 for (int byte = 0; byte < row_size && byte_cnt < (int)data_size; byte ++ ) {
413 FX_BYTE raw_byte = pSrcData[byte + 1]; 414 FX_BYTE raw_byte = pSrcData[byte + 1];
414 switch (tag) { 415 switch (tag) {
415 case 1: { 416 case 1: {
416 FX_BYTE left = 0; 417 FX_BYTE left = 0;
417 if (byte >= BytesPerPixel) { 418 if (byte >= BytesPerPixel) {
418 left = pDestData[byte - BytesPerPixel]; 419 left = pDestData[byte - BytesPerPixel];
419 } 420 }
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
457 break; 458 break;
458 } 459 }
459 default: 460 default:
460 pDestData[byte] = raw_byte; 461 pDestData[byte] = raw_byte;
461 break; 462 break;
462 } 463 }
463 byte_cnt++; 464 byte_cnt++;
464 } 465 }
465 pSrcData += row_size + 1; 466 pSrcData += row_size + 1;
466 pDestData += row_size; 467 pDestData += row_size;
467 byte_cnt++;
468 } 468 }
469 FX_Free(data_buf); 469 FX_Free(data_buf);
470 data_buf = dest_buf; 470 data_buf = dest_buf;
471 data_size = row_size * row_count - (last_row_size > 0 ? (row_size + 1 - last _row_size) : 0); 471 data_size = row_size * row_count - (last_row_size > 0 ? (row_size + 1 - last _row_size) : 0);
472 } 472 }
473 static void TIFF_PredictorEncodeLine(FX_LPBYTE dest_buf, int row_size, int BitsP erComponent, int Colors, int Columns) 473 static void TIFF_PredictorEncodeLine(FX_LPBYTE dest_buf, int row_size, int BitsP erComponent, int Colors, int Columns)
474 { 474 {
475 int BytesPerPixel = BitsPerComponent * Colors / 8; 475 int BytesPerPixel = BitsPerComponent * Colors / 8;
476 if (BitsPerComponent < 8) { 476 if (BitsPerComponent < 8) {
477 FX_BYTE mask = 0x01; 477 FX_BYTE mask = 0x01;
(...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after
935 dest_size = src_size + src_size / 1000 + 12; 935 dest_size = src_size + src_size / 1000 + 12;
936 dest_buf = FX_Alloc( FX_BYTE, dest_size); 936 dest_buf = FX_Alloc( FX_BYTE, dest_size);
937 if (dest_buf == NULL) { 937 if (dest_buf == NULL) {
938 return FALSE; 938 return FALSE;
939 } 939 }
940 unsigned long temp_size = dest_size; 940 unsigned long temp_size = dest_size;
941 FPDFAPI_FlateCompress(dest_buf, &temp_size, src_buf, src_size); 941 FPDFAPI_FlateCompress(dest_buf, &temp_size, src_buf, src_size);
942 dest_size = (FX_DWORD)temp_size; 942 dest_size = (FX_DWORD)temp_size;
943 return TRUE; 943 return TRUE;
944 } 944 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698