diff options
| author | thestig <thestig@chromium.org> | 2016-04-29 09:18:49 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-04-29 09:18:49 -0700 |
| commit | b7a9604a34c3edf2d26dd109577fc417e45e149b (patch) | |
| tree | 39bc4319d7f1998d243dadda6319a8368f024716 | |
| parent | 495bda110a6ea8e7a6fc313ec0232a9ca6e3cfdc (diff) | |
| download | pdfium-b7a9604a34c3edf2d26dd109577fc417e45e149b.tar.xz | |
Avoid nullptr dereferences in sycc444_to_rgb().
BUG=607739
Review-Url: https://codereview.chromium.org/1934483002
| -rw-r--r-- | core/fxcodec/codec/fx_codec_jpx_opj.cpp | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/core/fxcodec/codec/fx_codec_jpx_opj.cpp b/core/fxcodec/codec/fx_codec_jpx_opj.cpp index 85b0b767ac..a0f2e65c75 100644 --- a/core/fxcodec/codec/fx_codec_jpx_opj.cpp +++ b/core/fxcodec/codec/fx_codec_jpx_opj.cpp @@ -169,14 +169,15 @@ static void sycc_to_rgb(int offset, } *out_b = b; } + static void sycc444_to_rgb(opj_image_t* img) { int prec = img->comps[0].prec; int offset = 1 << (prec - 1); int upb = (1 << prec) - 1; OPJ_UINT32 maxw = - std::min(std::min(img->comps[0].w, img->comps[1].w), img->comps[2].w); + std::min({img->comps[0].w, img->comps[1].w, img->comps[2].w}); OPJ_UINT32 maxh = - std::min(std::min(img->comps[0].h, img->comps[1].h), img->comps[2].h); + std::min({img->comps[0].h, img->comps[1].h, img->comps[2].h}); FX_SAFE_SIZE_T max_size = maxw; max_size *= maxh; if (!max_size.IsValid()) @@ -185,10 +186,15 @@ static void sycc444_to_rgb(opj_image_t* img) { const int* y = img->comps[0].data; const int* cb = img->comps[1].data; const int* cr = img->comps[2].data; - int *d0, *d1, *d2, *r, *g, *b; - d0 = r = FX_Alloc(int, max_size.ValueOrDie()); - d1 = g = FX_Alloc(int, max_size.ValueOrDie()); - d2 = b = FX_Alloc(int, max_size.ValueOrDie()); + if (!y || !cb || !cr) + return; + + int* r = FX_Alloc(int, max_size.ValueOrDie()); + int* g = FX_Alloc(int, max_size.ValueOrDie()); + int* b = FX_Alloc(int, max_size.ValueOrDie()); + int* d0 = r; + int* d1 = g; + int* d2 = b; for (size_t i = 0; i < max_size.ValueOrDie(); ++i) { sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); ++y; @@ -199,12 +205,13 @@ static void sycc444_to_rgb(opj_image_t* img) { ++b; } FX_Free(img->comps[0].data); - img->comps[0].data = d0; FX_Free(img->comps[1].data); - img->comps[1].data = d1; FX_Free(img->comps[2].data); + img->comps[0].data = d0; + img->comps[1].data = d1; img->comps[2].data = d2; } + static bool sycc420_422_size_is_valid(opj_image_t* img) { return (img && img->comps[0].w != std::numeric_limits<OPJ_UINT32>::max() && (img->comps[0].w + 1) / 2 == img->comps[1].w && |