diff options
author | Nicolas Pena <npm@chromium.org> | 2018-02-12 22:48:25 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-02-12 22:48:25 +0000 |
commit | 0294f3d06517265a3b63ec3238b32f77d92a71bf (patch) | |
tree | 370c60894f4aae9079f9edb9b460e2601c2d76e1 | |
parent | 3e5fac8169987afe652752ca5c7b9350ffabce0d (diff) | |
download | pdfium-0294f3d06517265a3b63ec3238b32f77d92a71bf.tar.xz |
Fix signedness in CJBig2_HuffmanTable, and add overflow check
Bug: 808902
Change-Id: Iad5ab63eeedc3ea85001337ba73626178c71f8b8
Reviewed-on: https://pdfium-review.googlesource.com/26470
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
-rw-r--r-- | core/fxcodec/jbig2/JBig2_HuffmanTable.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp index 1127f52a52..83f9fed010 100644 --- a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp +++ b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp @@ -53,9 +53,7 @@ bool CJBig2_HuffmanTable::ParseFromCodedBuffer(CJBig2_BitStream* pStream) { uint32_t HTLOW; uint32_t HTHIGH; if (pStream->readInteger(&HTLOW) == -1 || - pStream->readInteger(&HTHIGH) == -1 || - HTLOW > static_cast<uint32_t>(std::numeric_limits<int>::max()) || - HTHIGH > static_cast<uint32_t>(std::numeric_limits<int>::max())) { + pStream->readInteger(&HTHIGH) == -1) { return false; } @@ -87,6 +85,9 @@ bool CJBig2_HuffmanTable::ParseFromCodedBuffer(CJBig2_BitStream* pStream) { return false; RANGELEN[NTEMP] = 32; + if (low == std::numeric_limits<int>::min()) + return false; + RANGELOW[NTEMP] = low - 1; ExtendBuffers(true); |