Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(196)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t1.c

Issue 589243004: Update openjpeg (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Merge security fixes from openjpeg r2883 Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/openjpeg.c ('K') | « core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/opj_codec.h ('k') | core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c » ('j') | core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * The copyright in this software is being made available under the 2-clauses 2 * The copyright in this software is being made available under the 2-clauses
3 * BSD License, included below. This software may be subject to other third 3 * BSD License, included below. This software may be subject to other third
4 * party and contributor rights, including patent rights, and no such rights 4 * party and contributor rights, including patent rights, and no such rights
5 * are granted under this license. 5 * are granted under this license.
6 * 6 *
7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium 7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium
8 * Copyright (c) 2002-2014, Professor Benoit Macq 8 * Copyright (c) 2002-2014, Professor Benoit Macq
9 * Copyright (c) 2001-2003, David Janssens 9 * Copyright (c) 2001-2003, David Janssens
10 * Copyright (c) 2002-2003, Yannick Verschueren 10 * Copyright (c) 2002-2003, Yannick Verschueren
(...skipping 1145 matching lines...) Expand 10 before | Expand all | Expand 10 after
1156 wmsedec *= wmsedec * nmsedec / 8192.0; 1156 wmsedec *= wmsedec * nmsedec / 8192.0;
1157 1157
1158 return wmsedec; 1158 return wmsedec;
1159 } 1159 }
1160 1160
1161 OPJ_BOOL opj_t1_allocate_buffers( 1161 OPJ_BOOL opj_t1_allocate_buffers(
1162 opj_t1_t *t1, 1162 opj_t1_t *t1,
1163 OPJ_UINT32 w, 1163 OPJ_UINT32 w,
1164 OPJ_UINT32 h) 1164 OPJ_UINT32 h)
1165 { 1165 {
1166 OPJ_UINT32 datasize=w * h; 1166 OPJ_UINT32 datasize=w * h;
Tom Sepez 2014/09/25 19:52:05 This looks worrysome. Does this overflow? What ab
1167 OPJ_UINT32 flagssize; 1167 OPJ_UINT32 flagssize;
1168 1168
1169 if(datasize > t1->datasize){ 1169 if(datasize > t1->datasize){
1170 opj_aligned_free(t1->data); 1170 opj_aligned_free(t1->data);
1171 t1->data = (OPJ_INT32*) opj_aligned_malloc(datasize * sizeof(OPJ _INT32)); 1171 t1->data = (OPJ_INT32*) opj_aligned_malloc(datasize * sizeof(OPJ _INT32));
1172 if(!t1->data){ 1172 if(!t1->data){
1173 /* FIXME event manager error callback */
1173 return OPJ_FALSE; 1174 return OPJ_FALSE;
1174 } 1175 }
1175 t1->datasize=datasize; 1176 t1->datasize=datasize;
1176 } 1177 }
1177 memset(t1->data,0,datasize * sizeof(OPJ_INT32)); 1178 memset(t1->data,0,datasize * sizeof(OPJ_INT32));
1178 1179
1179 t1->flags_stride=w+2; 1180 t1->flags_stride=w+2;
1180 flagssize=t1->flags_stride * (h+2); 1181 flagssize=t1->flags_stride * (h+2);
1181 1182
1182 if(flagssize > t1->flagssize){ 1183 if(flagssize > t1->flagssize){
1183 opj_aligned_free(t1->flags); 1184 opj_aligned_free(t1->flags);
1184 t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize * sizeof( opj_flag_t)); 1185 t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize * sizeof( opj_flag_t));
1185 if(!t1->flags){ 1186 if(!t1->flags){
1187 /* FIXME event manager error callback */
1186 return OPJ_FALSE; 1188 return OPJ_FALSE;
1187 } 1189 }
1188 t1->flagssize=flagssize; 1190 t1->flagssize=flagssize;
1189 } 1191 }
1190 memset(t1->flags,0,flagssize * sizeof(opj_flag_t)); 1192 memset(t1->flags,0,flagssize * sizeof(opj_flag_t));
1191 1193
1192 t1->w=w; 1194 t1->w=w;
1193 t1->h=h; 1195 t1->h=h;
1194 1196
1195 return OPJ_TRUE; 1197 return OPJ_TRUE;
(...skipping 552 matching lines...) Expand 10 before | Expand all | Expand 10 after
1748 opj_mqc_setcurctx(mqc, opj_t1_getctxno_sc(flag)) ; 1750 opj_mqc_setcurctx(mqc, opj_t1_getctxno_sc(flag)) ;
1749 v = opj_mqc_decode(mqc) ^ opj_t1_getspb(flag); 1751 v = opj_mqc_decode(mqc) ^ opj_t1_getspb(flag);
1750 *datap = v ? -oneplushalf : oneplushalf; 1752 *datap = v ? -oneplushalf : oneplushalf;
1751 opj_t1_updateflags(flagsp, v, t1->flags_stride); 1753 opj_t1_updateflags(flagsp, v, t1->flags_stride);
1752 } 1754 }
1753 } 1755 }
1754 *flagsp |= T1_VISIT; 1756 *flagsp |= T1_VISIT;
1755 } 1757 }
1756 } /* VSC and BYPASS by Antonin */ 1758 } /* VSC and BYPASS by Antonin */
1757 #endif 1759 #endif
OLDNEW
« core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/openjpeg.c ('K') | « core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/opj_codec.h ('k') | core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c » ('j') | core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698