Chromium Code Reviews Chromium Code Reviews
Issue 589243004:
Update openjpeg (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master| Index: core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c |
| diff --git a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c |
| index de054acc545155409d58de65294899841510bab8..fd8d4b1c23215ee336e579bab292b04f0ac843e8 100644 |
| --- a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c |
| +++ b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c |
| @@ -599,6 +599,10 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, |
| } |
| bio = opj_bio_create(); |
| + if (!bio) { |
| + /* FIXME event manager error callback */ |
| + return OPJ_FALSE; |
| + } |
| opj_bio_init_enc(bio, c, length); |
| opj_bio_write(bio, 1, 1); /* Empty header bit */ |
| @@ -1129,7 +1133,8 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, |
| } |
| do { |
| - if (l_current_data + l_seg->newlen > p_src_data + p_max_length) { |
| + /* Check possible overflow (on l_current_data only, assumes input args already checked) then size */ |
| + if (((OPJ_SIZE_T)(l_current_data + l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) { |
|
Tom Sepez
2014/09/24 22:33:55
This check doesn't quite do what we want, and may
|
| fprintf(stderr, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", |
| l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno); |
| return OPJ_FALSE; |
