summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2018-05-04 18:49:57 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-05-04 18:49:57 +0000
commit36b3d19281e2911a97d6ce84538a3ae575ac38a7 (patch)
tree9695f3a5d67dc08c993a844adbda086b480f275a
parentad178855775da18d7abfadce4b64825f3e32adbd (diff)
downloadpdfium-chromium/3422.tar.xz
Check CJBig2_Image is valid before filling.chromium/3423chromium/3422chromium/3421
Skip a lot of work that will all fail anyway. BUG=chromium:838347 Change-Id: Iba45120e436b5547e106feb27dadea92cc948258 Reviewed-on: https://pdfium-review.googlesource.com/32053 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
-rw-r--r--core/fxcodec/jbig2/JBig2_GrdProc.cpp20
-rw-r--r--core/fxcodec/jbig2/JBig2_GrrdProc.cpp10
-rw-r--r--core/fxcodec/jbig2/JBig2_HtrdProc.cpp3
-rw-r--r--core/fxcodec/jbig2/JBig2_TrdProc.cpp24
4 files changed, 44 insertions, 13 deletions
diff --git a/core/fxcodec/jbig2/JBig2_GrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
index 5343df269e..215d6fe6cf 100644
--- a/core/fxcodec/jbig2/JBig2_GrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
@@ -166,9 +166,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate0Opt3(
std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate0Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext) {
- int LTP = 0;
auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+ if (!GBREG->data())
+ return nullptr;
+
GBREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GBH; h++) {
if (TPGDON) {
if (pArithDecoder->IsComplete())
@@ -314,9 +317,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate1Opt3(
std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate1Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext) {
- int LTP = 0;
auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+ if (!GBREG->data())
+ return nullptr;
+
GBREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GBH; h++) {
if (TPGDON) {
if (pArithDecoder->IsComplete())
@@ -460,9 +466,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate2Opt3(
std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate2Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext) {
- int LTP = 0;
auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+ if (!GBREG->data())
+ return nullptr;
+
GBREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GBH; h++) {
if (TPGDON) {
if (pArithDecoder->IsComplete())
@@ -592,9 +601,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate3Opt3(
std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate3Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext) {
- int LTP = 0;
auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+ if (!GBREG->data())
+ return nullptr;
+
GBREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GBH; h++) {
if (TPGDON) {
if (pArithDecoder->IsComplete())
diff --git a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
index fa4d435a92..8e4d8c005b 100644
--- a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
@@ -37,9 +37,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRRDProc::Decode(
std::unique_ptr<CJBig2_Image> CJBig2_GRRDProc::DecodeTemplate0Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* grContext) {
- int LTP = 0;
auto GRREG = pdfium::MakeUnique<CJBig2_Image>(GRW, GRH);
+ if (!GRREG->data())
+ return nullptr;
+
GRREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GRH; h++) {
if (TPGRON) {
if (pArithDecoder->IsComplete())
@@ -278,9 +281,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRRDProc::DecodeTemplate0Opt(
std::unique_ptr<CJBig2_Image> CJBig2_GRRDProc::DecodeTemplate1Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* grContext) {
- int LTP = 0;
auto GRREG = pdfium::MakeUnique<CJBig2_Image>(GRW, GRH);
+ if (!GRREG->data())
+ return nullptr;
+
GRREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GRH; h++) {
if (TPGRON) {
if (pArithDecoder->IsComplete())
diff --git a/core/fxcodec/jbig2/JBig2_HtrdProc.cpp b/core/fxcodec/jbig2/JBig2_HtrdProc.cpp
index fb2257e853..7d11482225 100644
--- a/core/fxcodec/jbig2/JBig2_HtrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_HtrdProc.cpp
@@ -117,6 +117,9 @@ std::unique_ptr<CJBig2_Image> CJBig2_HTRDProc::DecodeMMR(
std::unique_ptr<CJBig2_Image> CJBig2_HTRDProc::DecodeImage(
const std::vector<std::unique_ptr<CJBig2_Image>>& GSPLANES) {
auto HTREG = pdfium::MakeUnique<CJBig2_Image>(HBW, HBH);
+ if (!HTREG->data())
+ return nullptr;
+
HTREG->fill(HDEFPIXEL);
std::vector<uint32_t> GSVALS(HGW * HGH);
for (uint32_t y = 0; y < HGH; ++y) {
diff --git a/core/fxcodec/jbig2/JBig2_TrdProc.cpp b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
index ff94309bc4..258014ab10 100644
--- a/core/fxcodec/jbig2/JBig2_TrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
@@ -23,10 +23,13 @@ CJBig2_TRDProc::~CJBig2_TRDProc() {}
std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::DecodeHuffman(
CJBig2_BitStream* pStream,
JBig2ArithCtx* grContext) {
- auto pHuffmanDecoder = pdfium::MakeUnique<CJBig2_HuffmanDecoder>(pStream);
auto SBREG = pdfium::MakeUnique<CJBig2_Image>(SBW, SBH);
+ if (!SBREG->data())
+ return nullptr;
+
SBREG->fill(SBDEFPIXEL);
int32_t INITIAL_STRIPT;
+ auto pHuffmanDecoder = pdfium::MakeUnique<CJBig2_HuffmanDecoder>(pStream);
if (pHuffmanDecoder->DecodeAValue(SBHUFFDT, &INITIAL_STRIPT) != 0)
return nullptr;
@@ -224,7 +227,19 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::DecodeArith(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* grContext,
JBig2IntDecoderState* pIDS) {
+ auto SBREG = pdfium::MakeUnique<CJBig2_Image>(SBW, SBH);
+ if (!SBREG->data())
+ return nullptr;
+
MaybeOwned<CJBig2_ArithIntDecoder> pIADT;
+ if (pIDS)
+ pIADT = pIDS->IADT;
+ else
+ pIADT = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
+ int32_t INITIAL_STRIPT;
+ if (!pIADT->Decode(pArithDecoder, &INITIAL_STRIPT))
+ return nullptr;
+
MaybeOwned<CJBig2_ArithIntDecoder> pIAFS;
MaybeOwned<CJBig2_ArithIntDecoder> pIADS;
MaybeOwned<CJBig2_ArithIntDecoder> pIAIT;
@@ -235,7 +250,6 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::DecodeArith(
MaybeOwned<CJBig2_ArithIntDecoder> pIARDY;
MaybeOwned<CJBig2_ArithIaidDecoder> pIAID;
if (pIDS) {
- pIADT = pIDS->IADT;
pIAFS = pIDS->IAFS;
pIADS = pIDS->IADS;
pIAIT = pIDS->IAIT;
@@ -246,7 +260,6 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::DecodeArith(
pIARDY = pIDS->IARDY;
pIAID = pIDS->IAID;
} else {
- pIADT = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
pIAFS = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
pIADS = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
pIAIT = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
@@ -257,11 +270,8 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::DecodeArith(
pIARDY = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
pIAID = pdfium::MakeUnique<CJBig2_ArithIaidDecoder>(SBSYMCODELEN);
}
- auto SBREG = pdfium::MakeUnique<CJBig2_Image>(SBW, SBH);
+
SBREG->fill(SBDEFPIXEL);
- int32_t INITIAL_STRIPT;
- if (!pIADT->Decode(pArithDecoder, &INITIAL_STRIPT))
- return nullptr;
FX_SAFE_INT32 STRIPT = INITIAL_STRIPT;
STRIPT *= SBSTRIPS;