summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Sinclair <dsinclair@chromium.org>2017-03-27 14:06:51 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-03-27 18:45:54 +0000
commit96169fc007f271412ffa7bf2ebd3cf3fc04f71a5 (patch)
tree64e131534f8f5206d858bee28b6f81758458b351
parent48a2fac4f04a56d2e1cd7b2e61069fd06d39c1a9 (diff)
downloadpdfium-96169fc007f271412ffa7bf2ebd3cf3fc04f71a5.tar.xz
Verify available bits in bit stream
The methods to read n bits from the huffman stream are not correctly checking that the bits are available. This means, we'll end up reading 0 bits due to the checks below and pretend like the read worked. This Cl adds the check that we are not at the end of the bit buffer before attempting the bit read. Bug: chromium:672176 Change-Id: I206f2d54da31c344cf649ca024644d1cce762fe7 Reviewed-on: https://pdfium-review.googlesource.com/3231 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
-rw-r--r--core/fxcodec/jbig2/JBig2_BitStream.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/core/fxcodec/jbig2/JBig2_BitStream.cpp b/core/fxcodec/jbig2/JBig2_BitStream.cpp
index dc4beabc4b..3346521aca 100644
--- a/core/fxcodec/jbig2/JBig2_BitStream.cpp
+++ b/core/fxcodec/jbig2/JBig2_BitStream.cpp
@@ -27,6 +27,9 @@ CJBig2_BitStream::CJBig2_BitStream(CPDF_StreamAcc* pSrcStream)
CJBig2_BitStream::~CJBig2_BitStream() {}
int32_t CJBig2_BitStream::readNBits(uint32_t dwBits, uint32_t* dwResult) {
+ if (!IsInBound())
+ return -1;
+
uint32_t dwBitPos = getBitPos();
if (dwBitPos > LengthInBits())
return -1;
@@ -46,6 +49,9 @@ int32_t CJBig2_BitStream::readNBits(uint32_t dwBits, uint32_t* dwResult) {
}
int32_t CJBig2_BitStream::readNBits(uint32_t dwBits, int32_t* nResult) {
+ if (!IsInBound())
+ return -1;
+
uint32_t dwBitPos = getBitPos();
if (dwBitPos > LengthInBits())
return -1;