diff options
author | Lei Zhang <thestig@chromium.org> | 2018-08-01 17:44:48 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-08-01 17:44:48 +0000 |
commit | 0fa150a12267b69abcfe5e380b698bbbbd37d5de (patch) | |
tree | 0c6d5c396bb4fdf875271fe65c63ac7752ba5f49 | |
parent | b9e6281b72cd2ae51fd2d320430fba9c1f63fd2f (diff) | |
download | pdfium-0fa150a12267b69abcfe5e380b698bbbbd37d5de.tar.xz |
Fix assertion in opj_j2k_merge_ppt().
This patches in:
https://github.com/uclouvain/openjpeg/commit/832dfd18
https://github.com/uclouvain/openjpeg/commit/0c913b0a
Also clean up a duplicate patch number and update README.pdfium.
BUG=chromium:614691
Change-Id: I282abfe227e2f667418e5d9058e96e253b220de7
Reviewed-on: https://pdfium-review.googlesource.com/39352
Reviewed-by: Nicolás Peña Moreno <npm@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
-rw-r--r-- | third_party/libopenjpeg20/0036-opj_j2k_update_image_dimensions.patch (renamed from third_party/libopenjpeg20/0035-opj_j2k_update_image_dimensions.patch) | 0 | ||||
-rw-r--r-- | third_party/libopenjpeg20/0037-opj_j2k_merge_ppt_leak.patch | 30 | ||||
-rw-r--r-- | third_party/libopenjpeg20/README.pdfium | 4 | ||||
-rw-r--r-- | third_party/libopenjpeg20/j2k.c | 12 |
4 files changed, 43 insertions, 3 deletions
diff --git a/third_party/libopenjpeg20/0035-opj_j2k_update_image_dimensions.patch b/third_party/libopenjpeg20/0036-opj_j2k_update_image_dimensions.patch index b918c0586e..b918c0586e 100644 --- a/third_party/libopenjpeg20/0035-opj_j2k_update_image_dimensions.patch +++ b/third_party/libopenjpeg20/0036-opj_j2k_update_image_dimensions.patch diff --git a/third_party/libopenjpeg20/0037-opj_j2k_merge_ppt_leak.patch b/third_party/libopenjpeg20/0037-opj_j2k_merge_ppt_leak.patch new file mode 100644 index 0000000000..3ea17f9390 --- /dev/null +++ b/third_party/libopenjpeg20/0037-opj_j2k_merge_ppt_leak.patch @@ -0,0 +1,30 @@ +diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c +index cea614709..afcd597ee 100644 +--- a/third_party/libopenjpeg20/j2k.c ++++ b/third_party/libopenjpeg20/j2k.c +@@ -4085,7 +4085,12 @@ static OPJ_BOOL opj_j2k_merge_ppt(opj_tcp_t *p_tcp, opj_event_mgr_t * p_manager) + /* preconditions */ + assert(p_tcp != 00); + assert(p_manager != 00); +- assert(p_tcp->ppt_buffer == NULL); ++ ++ if (p_tcp->ppt_buffer != NULL) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_j2k_merge_ppt() has already been called\n"); ++ return OPJ_FALSE; ++ } + + if (p_tcp->ppt == 0U) { + return OPJ_TRUE; +@@ -8836,7 +8841,10 @@ OPJ_BOOL opj_j2k_read_tile_header(opj_j2k_t * p_j2k, + + /* Current marker is the EOC marker ?*/ + if (l_current_marker == J2K_MS_EOC) { +- p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC; ++ if (p_j2k->m_specific_param.m_decoder.m_state != J2K_STATE_EOC) { ++ p_j2k->m_current_tile_number = 0; ++ p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC; ++ } + } + + /* FIXME DOC ???*/ diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium index 1805000634..2c944d5999 100644 --- a/third_party/libopenjpeg20/README.pdfium +++ b/third_party/libopenjpeg20/README.pdfium @@ -27,4 +27,6 @@ Local Modifications: 0026-use_opj_uint_ceildiv.patch: Remove (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)a, (OPJ_INT32) b). 0033-undefined-shift-opj_t1_dec_clnpass.patch: fix undefined shifts originated from opj_t1_decode_cblk. 0034-opj_malloc.patch: PDFium changes in opj_malloc. -0035-opj_j2k_update_image_dimensions.patch: fix integer overflow. +0035-opj_image_data_free.patch: Use the right free function in opj_jp2_apply_pclr. +0036-opj_j2k_update_image_dimensions.patch: fix integer overflow. +0037-opj_j2k_merge_ppt_leak.patch: fix memory leak. diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c index cea6147096..afcd597ee0 100644 --- a/third_party/libopenjpeg20/j2k.c +++ b/third_party/libopenjpeg20/j2k.c @@ -4085,7 +4085,12 @@ static OPJ_BOOL opj_j2k_merge_ppt(opj_tcp_t *p_tcp, opj_event_mgr_t * p_manager) /* preconditions */ assert(p_tcp != 00); assert(p_manager != 00); - assert(p_tcp->ppt_buffer == NULL); + + if (p_tcp->ppt_buffer != NULL) { + opj_event_msg(p_manager, EVT_ERROR, + "opj_j2k_merge_ppt() has already been called\n"); + return OPJ_FALSE; + } if (p_tcp->ppt == 0U) { return OPJ_TRUE; @@ -8836,7 +8841,10 @@ OPJ_BOOL opj_j2k_read_tile_header(opj_j2k_t * p_j2k, /* Current marker is the EOC marker ?*/ if (l_current_marker == J2K_MS_EOC) { - p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC; + if (p_j2k->m_specific_param.m_decoder.m_state != J2K_STATE_EOC) { + p_j2k->m_current_tile_number = 0; + p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC; + } } /* FIXME DOC ???*/ |