diff options
author | Lei Zhang <thestig@chromium.org> | 2015-10-02 10:58:42 -0700 |
---|---|---|
committer | Lei Zhang <thestig@chromium.org> | 2015-10-02 10:58:42 -0700 |
commit | 9fb70fbded5c0bf4f5313a49fd3496b4d4fa71ca (patch) | |
tree | a6191222ec55bd8625f36b5942fc538f80c98349 | |
parent | 63d0a52a6af7d327fdb5792f520cc8d93fe2f1bb (diff) | |
download | pdfium-9fb70fbded5c0bf4f5313a49fd3496b4d4fa71ca.tar.xz |
Prevent divide by zeros in CJBig2_GSIDProc::decode_MMR().
Check the image size before attempting to decode.
BUG=538103
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1377493005 .
-rw-r--r-- | core/src/fxcodec/jbig2/JBig2_Context.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/src/fxcodec/jbig2/JBig2_Context.cpp b/core/src/fxcodec/jbig2/JBig2_Context.cpp index 2e2cf9eeee..f2c44b726a 100644 --- a/core/src/fxcodec/jbig2/JBig2_Context.cpp +++ b/core/src/fxcodec/jbig2/JBig2_Context.cpp @@ -1127,6 +1127,11 @@ int32_t CJBig2_Context::parseHalftoneRegion(CJBig2_Segment* pSegment, nRet = JBIG2_ERROR_TOO_SHORT; goto failed; } + if (pHRD->HGW == 0 || pHRD->HGH == 0) { + nRet = JBIG2_ERROR_FATAL; + goto failed; + } + pHRD->HBW = ri.width; pHRD->HBH = ri.height; pHRD->HMMR = cFlags & 0x01; |