| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * The copyright in this software is being made available under the 2-clauses | 2 * The copyright in this software is being made available under the 2-clauses |
| 3 * BSD License, included below. This software may be subject to other third | 3 * BSD License, included below. This software may be subject to other third |
| 4 * party and contributor rights, including patent rights, and no such rights | 4 * party and contributor rights, including patent rights, and no such rights |
| 5 * are granted under this license. | 5 * are granted under this license. |
| 6 * | 6 * |
| 7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium | 7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium |
| 8 * Copyright (c) 2002-2014, Professor Benoit Macq | 8 * Copyright (c) 2002-2014, Professor Benoit Macq |
| 9 * Copyright (c) 2001-2003, David Janssens | 9 * Copyright (c) 2001-2003, David Janssens |
| 10 * Copyright (c) 2002-2003, Yannick Verschueren | 10 * Copyright (c) 2002-2003, Yannick Verschueren |
| (...skipping 1114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1125 l_seg = &l_cblk->segs[l_cblk->numsegs - 1]; | 1125 l_seg = &l_cblk->segs[l_cblk->numsegs - 1]; |
| 1126 | 1126 |
| 1127 if (l_seg->numpasses == l_seg->maxpasses) { | 1127 if (l_seg->numpasses == l_seg->maxpasses) { |
| 1128 ++l_seg; | 1128 ++l_seg; |
| 1129 ++l_cblk->numsegs; | 1129 ++l_cblk->numsegs; |
| 1130 } | 1130 } |
| 1131 } | 1131 } |
| 1132 | 1132 |
| 1133 do { | 1133 do { |
| 1134 /* Check possible overflow (on l_current_data on
ly, assumes input args already checked) then size */ | 1134 /* Check possible overflow (on l_current_data on
ly, assumes input args already checked) then size */ |
| 1135 if (((OPJ_SIZE_T)(l_current_data + l_seg->newlen
) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data
+ p_max_length)) { | 1135 if ((((OPJ_SIZE_T)l_current_data + (OPJ_SIZE_T)l
_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen >
p_src_data + p_max_length)) { |
| 1136 fprintf(stderr, "read: segment too long
(%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", | 1136 fprintf(stderr, "read: segment too long
(%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", |
| 1137 l_seg->newlen, p_max_length, cbl
kno, p_pi->precno, bandno, p_pi->resno, p_pi->compno); | 1137 l_seg->newlen, p_max_length, cbl
kno, p_pi->precno, bandno, p_pi->resno, p_pi->compno); |
| 1138 return OPJ_FALSE; | 1138 return OPJ_FALSE; |
| 1139 } | 1139 } |
| 1140 | 1140 |
| 1141 #ifdef USE_JPWL | 1141 #ifdef USE_JPWL |
| 1142 /* we need here a j2k handle to verify if making a check
to | 1142 /* we need here a j2k handle to verify if making a check
to |
| 1143 the validity of cblocks parameters is selected from user
(-W) */ | 1143 the validity of cblocks parameters is selected from user
(-W) */ |
| 1144 | 1144 |
| 1145 /* let's check that we are not exceeding */ | 1145 /* let's check that we are not exceeding */ |
| (...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1346 seg->maxpasses = 10; | 1346 seg->maxpasses = 10; |
| 1347 } else { | 1347 } else { |
| 1348 seg->maxpasses = (((seg - 1)->maxpasses == 1) || ((seg -
1)->maxpasses == 10)) ? 2 : 1; | 1348 seg->maxpasses = (((seg - 1)->maxpasses == 1) || ((seg -
1)->maxpasses == 10)) ? 2 : 1; |
| 1349 } | 1349 } |
| 1350 } else { | 1350 } else { |
| 1351 seg->maxpasses = 109; | 1351 seg->maxpasses = 109; |
| 1352 } | 1352 } |
| 1353 | 1353 |
| 1354 return OPJ_TRUE; | 1354 return OPJ_TRUE; |
| 1355 } | 1355 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 624023003:
check pointer overflow in t2.c (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master