Use checked_numeric to guard shift

It's possible for the RANGELEN[NTEMP] value to be larger then 32. This will make the shift invalid if the 1 is an int. This CL changes to 1L and uses the CheckedNumeric to validate that the result is inside the needed range for an int. Bug: chromium:708439 Change-Id: I1f0359985c2d7769367bd0edcf5e081f5bb58816 Reviewed-on: https://pdfium-review.googlesource.com/3991 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
author: Dan Sinclair <dsinclair@chromium.org> 2017-04-10 16:14:05 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-04-10 20:55:50 +0000
commit: c6c71f1062aa8b22d432af5cbbfddf038a6d2d3f (patch)
tree: 30dc786c618318ab69c337b334e9b805d67ca7cf
parent: cdb7e1f6adf0b6c0c2e2f9bedcb442292efbbab7 (diff)
download: pdfium-c6c71f1062aa8b22d432af5cbbfddf038a6d2d3f.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp
index 3bb6ae620c..a4998e99cf 100644
--- a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp
+++ b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp
@@ -70,6 +70,10 @@ bool CJBig2_HuffmanTable::ParseFromCodedBuffer(CJBig2_BitStream* pStream) {
       return false;
     }
     RANGELOW[NTEMP] = cur_low.ValueOrDie();
+
+    if (RANGELEN[NTEMP] >= 32)
+      return false;
+
     cur_low += (1 << RANGELEN[NTEMP]);
     if (!cur_low.IsValid())
       return false;
author	Dan Sinclair <dsinclair@chromium.org>	2017-04-10 16:14:05 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-04-10 20:55:50 +0000
commit	c6c71f1062aa8b22d432af5cbbfddf038a6d2d3f (patch)
tree	30dc786c618318ab69c337b334e9b805d67ca7cf
parent	cdb7e1f6adf0b6c0c2e2f9bedcb442292efbbab7 (diff)
download	pdfium-c6c71f1062aa8b22d432af5cbbfddf038a6d2d3f.tar.xz