Verify value of prec before using

The fx_codec_jpx_opj code will attempt to do a 1 << (prec - 1). If the prec value is >=32 then that shift will overflow the int value. This CL adds a check that prec is < 32 before attempting the shift. BUG=chromium:633208 Review-Url: https://codereview.chromium.org/2334823002
author: dsinclair <dsinclair@chromium.org> 2016-09-12 14:04:08 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-09-12 14:04:08 -0700
commit: db319ec6a9330e75276b873f6027caddf2a15ec0 (patch)
tree: 846a18c97bdd9f2649c7bc868ab37cde591ec3d4
parent: 01b67ed9b441cd485997bc08482def1f2ab265db (diff)
download: pdfium-db319ec6a9330e75276b873f6027caddf2a15ec0.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/core/fxcodec/codec/fx_codec_jpx_opj.cpp b/core/fxcodec/codec/fx_codec_jpx_opj.cpp
index ed9331974d..a1c38d06e9 100644
--- a/core/fxcodec/codec/fx_codec_jpx_opj.cpp
+++ b/core/fxcodec/codec/fx_codec_jpx_opj.cpp
@@ -231,6 +231,9 @@ static void sycc422_to_rgb(opj_image_t* img) {
     return;
 
   int prec = img->comps[0].prec;
+  if (prec <= 0 || prec >= 32)
+    return;
+
   int offset = 1 << (prec - 1);
   int upb = (1 << prec) - 1;
author	dsinclair <dsinclair@chromium.org>	2016-09-12 14:04:08 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-09-12 14:04:08 -0700
commit	db319ec6a9330e75276b873f6027caddf2a15ec0 (patch)
tree	846a18c97bdd9f2649c7bc868ab37cde591ec3d4
parent	01b67ed9b441cd485997bc08482def1f2ab265db (diff)
download	pdfium-db319ec6a9330e75276b873f6027caddf2a15ec0.tar.xz