Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(50)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcodec/codec/fx_codec_jpx_opj.cpp

Issue 489703004: Bounds check before fixed-size memcmp() in CJPX_Decoder::Init(). (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Untabify Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../../include/fxcodec/fx_codec.h" 7 #include "../../../include/fxcodec/fx_codec.h"
8 #include "codec_int.h" 8 #include "codec_int.h"
9 #include "../fx_libopenjpeg/libopenjpeg20/openjpeg.h" 9 #include "../fx_libopenjpeg/libopenjpeg20/openjpeg.h"
10 #include "../lcms2/include/fx_lcms2.h" 10 #include "../lcms2/include/fx_lcms2.h"
11 namespace {
12 const char ExpectedJP2Header[] = "\x00\x00\x00\x0c\x6a\x50\x20\x20\x0d\x0a\x87\x 0a";
13 const size_t ExpectedJP2HeaderSize = sizeof(ExpectedJP2Header) - 1;
jun_fang 2014/08/26 22:09:15 are you sure that it needs to subtract 1 (-1)? siz
14 } // namespace
11 static void fx_error_callback(const char *msg, void *client_data) 15 static void fx_error_callback(const char *msg, void *client_data)
12 { 16 {
13 (void)client_data; 17 (void)client_data;
14 } 18 }
15 static void fx_warning_callback(const char *msg, void *client_data) 19 static void fx_warning_callback(const char *msg, void *client_data)
16 { 20 {
17 (void)client_data; 21 (void)client_data;
18 } 22 }
19 static void fx_info_callback(const char *msg, void *client_data) 23 static void fx_info_callback(const char *msg, void *client_data)
20 { 24 {
(...skipping 553 matching lines...) Expand 10 before | Expand all | Expand 10 after
574 } 578 }
575 if(l_stream) { 579 if(l_stream) {
576 opj_stream_destroy(l_stream); 580 opj_stream_destroy(l_stream);
577 } 581 }
578 if(image) { 582 if(image) {
579 opj_image_destroy(image); 583 opj_image_destroy(image);
580 } 584 }
581 } 585 }
582 FX_BOOL CJPX_Decoder::Init(const unsigned char* src_data, int src_size) 586 FX_BOOL CJPX_Decoder::Init(const unsigned char* src_data, int src_size)
583 { 587 {
584 opj_dparameters_t parameters; 588 if (!src_data || src_size < ExpectedJP2HeaderSize) {
589 return FALSE;
590 }
585 image = NULL; 591 image = NULL;
586 m_SrcData = src_data; 592 m_SrcData = src_data;
587 m_SrcSize = src_size; 593 m_SrcSize = src_size;
588 decodeData srcData; 594 decodeData srcData;
589 srcData.offset = 0; 595 srcData.offset = 0;
590 srcData.src_size = src_size; 596 srcData.src_size = src_size;
591 srcData.src_data = src_data; 597 srcData.src_data = src_data;
592 l_stream = fx_opj_stream_create_memory_stream(&srcData, OPJ_J2K_STREAM_CHUNK _SIZE, 1); 598 l_stream = fx_opj_stream_create_memory_stream(&srcData, OPJ_J2K_STREAM_CHUNK _SIZE, 1);
593 if (l_stream == NULL) { 599 if (l_stream == NULL) {
594 return FALSE; 600 return FALSE;
595 } 601 }
602 opj_dparameters_t parameters;
596 opj_set_default_decoder_parameters(&parameters); 603 opj_set_default_decoder_parameters(&parameters);
597 parameters.decod_format = 0; 604 parameters.decod_format = 0;
598 parameters.cod_format = 3; 605 parameters.cod_format = 3;
599 if(FXSYS_memcmp32(m_SrcData, "\x00\x00\x00\x0c\x6a\x50\x20\x20\x0d\x0a\x87\x 0a", 12) == 0) { 606 if(FXSYS_memcmp32(m_SrcData, ExpectedJP2Header, ExpectedJP2HeaderSize) == 0) {
600 l_codec = opj_create_decompress(OPJ_CODEC_JP2); 607 l_codec = opj_create_decompress(OPJ_CODEC_JP2);
601 parameters.decod_format = 1; 608 parameters.decod_format = 1;
602 } else { 609 } else {
603 l_codec = opj_create_decompress(OPJ_CODEC_J2K); 610 l_codec = opj_create_decompress(OPJ_CODEC_J2K);
604 } 611 }
605 if(!l_codec) { 612 if(!l_codec) {
606 return FALSE; 613 return FALSE;
607 } 614 }
608 opj_set_info_handler(l_codec, fx_info_callback, 00); 615 opj_set_info_handler(l_codec, fx_info_callback, 00);
609 opj_set_warning_handler(l_codec, fx_warning_callback, 00); 616 opj_set_warning_handler(l_codec, fx_warning_callback, 00);
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after
782 FX_BOOL CCodec_JpxModule::Decode(void* ctx, FX_LPBYTE dest_data, int pitch, FX_B OOL bTranslateColor, FX_LPBYTE offsets) 789 FX_BOOL CCodec_JpxModule::Decode(void* ctx, FX_LPBYTE dest_data, int pitch, FX_B OOL bTranslateColor, FX_LPBYTE offsets)
783 { 790 {
784 CJPX_Decoder* pDecoder = (CJPX_Decoder*)ctx; 791 CJPX_Decoder* pDecoder = (CJPX_Decoder*)ctx;
785 return pDecoder->Decode(dest_data, pitch, bTranslateColor, offsets); 792 return pDecoder->Decode(dest_data, pitch, bTranslateColor, offsets);
786 } 793 }
787 void CCodec_JpxModule::DestroyDecoder(void* ctx) 794 void CCodec_JpxModule::DestroyDecoder(void* ctx)
788 { 795 {
789 CJPX_Decoder* pDecoder = (CJPX_Decoder*)ctx; 796 CJPX_Decoder* pDecoder = (CJPX_Decoder*)ctx;
790 delete pDecoder; 797 delete pDecoder;
791 } 798 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698