Fix a bug which may cause infinite loop

When the condition is "status == FXCODEC_STATUS_DECODE_TOBECONTINUE" while |status| never gets updated in the loop, it would enter infinite loop. Also, since Start_decode_MMR() never returns FXCODEC_STATUS_DECODE_TOBECONTINUE, there is no point to check on the return value for that. Review-Url: https://codereview.chromium.org/2013263002
author: weili <weili@chromium.org> 2016-05-26 18:13:58 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-05-26 18:13:58 -0700
commit: 7aed76f53137a71491040c776ab2f8931e91061b (patch)
tree: 1ab0166c6161bcfbce931730c776fff0df0bbfba
parent: 54ab2343c338f55735c37ed6751040791e1df1e2 (diff)
download: pdfium-7aed76f53137a71491040c776ab2f8931e91061b.tar.xz
4 files changed, 8 insertions, 27 deletions
diff --git a/core/fxcodec/jbig2/JBig2_Context.cpp b/core/fxcodec/jbig2/JBig2_Context.cpp
index 5a0b2c0d73..a0a411fbcf 100644
--- a/core/fxcodec/jbig2/JBig2_Context.cpp
+++ b/core/fxcodec/jbig2/JBig2_Context.cpp
@@ -1147,11 +1147,7 @@ int32_t CJBig2_Context::parseGenericRegion(CJBig2_Segment* pSegment,
       m_pStream->offset(2);
     }
   } else {
-    FXCODEC_STATUS status = m_pGRD->Start_decode_MMR(&pSegment->m_Result.im,
-                                                     m_pStream.get(), pPause);
-    while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) {
-      m_pGRD->Continue_decode(pPause);
-    }
+    m_pGRD->Start_decode_MMR(&pSegment->m_Result.im, m_pStream.get(), pPause);
     if (!pSegment->m_Result.im) {
       m_pGRD.reset();
       return JBIG2_ERROR_FATAL;
diff --git a/core/fxcodec/jbig2/JBig2_GsidProc.cpp b/core/fxcodec/jbig2/JBig2_GsidProc.cpp
index 30f95b8200..ee6cd368d5 100644
--- a/core/fxcodec/jbig2/JBig2_GsidProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GsidProc.cpp
@@ -46,7 +46,7 @@ uint32_t* CJBig2_GSIDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder,
     FXCODEC_STATUS status =
         pGRD->Start_decode_Arith(&pImage, pArithDecoder, gbContext, nullptr);
     while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
-      pGRD->Continue_decode(pPause);
+      status = pGRD->Continue_decode(pPause);
 
     if (!pImage)
       return nullptr;
@@ -78,11 +78,7 @@ uint32_t* CJBig2_GSIDProc::decode_MMR(CJBig2_BitStream* pStream,
 
   std::unique_ptr<CJBig2_Image*> GSPLANES(FX_Alloc(CJBig2_Image*, GSBPP));
   JBIG2_memset(GSPLANES.get(), 0, sizeof(CJBig2_Image*) * GSBPP);
-  FXCODEC_STATUS status =
-      pGRD->Start_decode_MMR(&GSPLANES.get()[GSBPP - 1], pStream, nullptr);
-  while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) {
-    pGRD->Continue_decode(pPause);
-  }
+  pGRD->Start_decode_MMR(&GSPLANES.get()[GSBPP - 1], pStream, nullptr);
   if (!GSPLANES.get()[GSBPP - 1])
     return nullptr;
 
@@ -90,11 +86,7 @@ uint32_t* CJBig2_GSIDProc::decode_MMR(CJBig2_BitStream* pStream,
   pStream->offset(3);
   int32_t J = GSBPP - 2;
   while (J >= 0) {
-    FXCODEC_STATUS status =
-        pGRD->Start_decode_MMR(&GSPLANES.get()[J], pStream, nullptr);
-    while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) {
-      pGRD->Continue_decode(pPause);
-    }
+    pGRD->Start_decode_MMR(&GSPLANES.get()[J], pStream, nullptr);
     if (!GSPLANES.get()[J]) {
       for (int32_t K = GSBPP - 1; K > J; --K)
         delete GSPLANES.get()[K];
diff --git a/core/fxcodec/jbig2/JBig2_PddProc.cpp b/core/fxcodec/jbig2/JBig2_PddProc.cpp
index 12f66c3b7d..679a87a036 100644
--- a/core/fxcodec/jbig2/JBig2_PddProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_PddProc.cpp
@@ -42,9 +42,8 @@ CJBig2_PatternDict* CJBig2_PDDProc::decode_Arith(
   }
   FXCODEC_STATUS status =
       pGRD->Start_decode_Arith(&BHDC, pArithDecoder, gbContext, nullptr);
-  while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) {
-    pGRD->Continue_decode(pPause);
-  }
+  while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
+    status = pGRD->Continue_decode(pPause);
   if (!BHDC)
     return nullptr;
 
@@ -70,10 +69,7 @@ CJBig2_PatternDict* CJBig2_PDDProc::decode_MMR(CJBig2_BitStream* pStream,
   pGRD->MMR = HDMMR;
   pGRD->GBW = (GRAYMAX + 1) * HDPW;
   pGRD->GBH = HDPH;
-  FXCODEC_STATUS status = pGRD->Start_decode_MMR(&BHDC, pStream, nullptr);
-  while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) {
-    pGRD->Continue_decode(pPause);
-  }
+  pGRD->Start_decode_MMR(&BHDC, pStream, nullptr);
   if (!BHDC)
     return nullptr;
 
diff --git a/core/fxcodec/jbig2/JBig2_SddProc.cpp b/core/fxcodec/jbig2/JBig2_SddProc.cpp
index 81d7c89270..9ab6cb8a2e 100644
--- a/core/fxcodec/jbig2/JBig2_SddProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_SddProc.cpp
@@ -535,10 +535,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman(
         pGRD->MMR = 1;
         pGRD->GBW = TOTWIDTH;
         pGRD->GBH = HCHEIGHT;
-        FXCODEC_STATUS status = pGRD->Start_decode_MMR(&BHC, pStream, nullptr);
-        while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) {
-          pGRD->Continue_decode(pPause);
-        }
+        pGRD->Start_decode_MMR(&BHC, pStream, nullptr);
         pStream->alignByte();
       }
       nTmp = 0;
author	weili <weili@chromium.org>	2016-05-26 18:13:58 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-05-26 18:13:58 -0700
commit	7aed76f53137a71491040c776ab2f8931e91061b (patch)
tree	1ab0166c6161bcfbce931730c776fff0df0bbfba
parent	54ab2343c338f55735c37ed6751040791e1df1e2 (diff)
download	pdfium-7aed76f53137a71491040c776ab2f8931e91061b.tar.xz