diff options
author | Dan Sinclair <dsinclair@chromium.org> | 2017-03-27 14:06:51 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-03-27 18:45:54 +0000 |
commit | 96169fc007f271412ffa7bf2ebd3cf3fc04f71a5 (patch) | |
tree | 64e131534f8f5206d858bee28b6f81758458b351 | |
parent | 48a2fac4f04a56d2e1cd7b2e61069fd06d39c1a9 (diff) | |
download | pdfium-96169fc007f271412ffa7bf2ebd3cf3fc04f71a5.tar.xz |
Verify available bits in bit stream
The methods to read n bits from the huffman stream are not correctly
checking that the bits are available. This means, we'll end up reading
0 bits due to the checks below and pretend like the read worked.
This Cl adds the check that we are not at the end of the bit buffer
before attempting the bit read.
Bug: chromium:672176
Change-Id: I206f2d54da31c344cf649ca024644d1cce762fe7
Reviewed-on: https://pdfium-review.googlesource.com/3231
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
-rw-r--r-- | core/fxcodec/jbig2/JBig2_BitStream.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/core/fxcodec/jbig2/JBig2_BitStream.cpp b/core/fxcodec/jbig2/JBig2_BitStream.cpp index dc4beabc4b..3346521aca 100644 --- a/core/fxcodec/jbig2/JBig2_BitStream.cpp +++ b/core/fxcodec/jbig2/JBig2_BitStream.cpp @@ -27,6 +27,9 @@ CJBig2_BitStream::CJBig2_BitStream(CPDF_StreamAcc* pSrcStream) CJBig2_BitStream::~CJBig2_BitStream() {} int32_t CJBig2_BitStream::readNBits(uint32_t dwBits, uint32_t* dwResult) { + if (!IsInBound()) + return -1; + uint32_t dwBitPos = getBitPos(); if (dwBitPos > LengthInBits()) return -1; @@ -46,6 +49,9 @@ int32_t CJBig2_BitStream::readNBits(uint32_t dwBits, uint32_t* dwResult) { } int32_t CJBig2_BitStream::readNBits(uint32_t dwBits, int32_t* nResult) { + if (!IsInBound()) + return -1; + uint32_t dwBitPos = getBitPos(); if (dwBitPos > LengthInBits()) return -1; |