diff options
author | Nicolas Pena <npm@chromium.org> | 2018-02-13 18:35:57 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-02-13 18:35:57 +0000 |
commit | ad3e2461b811a70c433e9f62c75f8ddb1d1253ab (patch) | |
tree | d03928a6781fb82bdbeccd349481960ee0307a4a | |
parent | 27d718ebb2989631d6b4d3425e1fceb4b3bc795b (diff) | |
download | pdfium-ad3e2461b811a70c433e9f62c75f8ddb1d1253ab.tar.xz |
Fix signedness in CJBig2_HuffmanTable, and add overflow check
Bug: 808902
Change-Id: Iad5ab63eeedc3ea85001337ba73626178c71f8b8
Reviewed-on: https://pdfium-review.googlesource.com/26470
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
(cherry picked from commit 0294f3d06517265a3b63ec3238b32f77d92a71bf)
Reviewed-on: https://pdfium-review.googlesource.com/26570
Reviewed-by: Nicolás Peña Moreno <npm@chromium.org>
-rw-r--r-- | core/fxcodec/jbig2/JBig2_HuffmanTable.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp index 1127f52a52..83f9fed010 100644 --- a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp +++ b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp @@ -53,9 +53,7 @@ bool CJBig2_HuffmanTable::ParseFromCodedBuffer(CJBig2_BitStream* pStream) { uint32_t HTLOW; uint32_t HTHIGH; if (pStream->readInteger(&HTLOW) == -1 || - pStream->readInteger(&HTHIGH) == -1 || - HTLOW > static_cast<uint32_t>(std::numeric_limits<int>::max()) || - HTHIGH > static_cast<uint32_t>(std::numeric_limits<int>::max())) { + pStream->readInteger(&HTHIGH) == -1) { return false; } @@ -87,6 +85,9 @@ bool CJBig2_HuffmanTable::ParseFromCodedBuffer(CJBig2_BitStream* pStream) { return false; RANGELEN[NTEMP] = 32; + if (low == std::numeric_limits<int>::min()) + return false; + RANGELOW[NTEMP] = low - 1; ExtendBuffers(true); |