Fix assertion in opj_j2k_merge_ppt().

This patches in: https://github.com/uclouvain/openjpeg/commit/832dfd18 https://github.com/uclouvain/openjpeg/commit/0c913b0a Also clean up a duplicate patch number and update README.pdfium. BUG=chromium:614691 Change-Id: I282abfe227e2f667418e5d9058e96e253b220de7 Reviewed-on: https://pdfium-review.googlesource.com/39352 Reviewed-by: Nicolás Peña Moreno <npm@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
author: Lei Zhang <thestig@chromium.org> 2018-08-01 17:44:48 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-08-01 17:44:48 +0000
commit: 0fa150a12267b69abcfe5e380b698bbbbd37d5de (patch)
tree: 0c6d5c396bb4fdf875271fe65c63ac7752ba5f49
parent: b9e6281b72cd2ae51fd2d320430fba9c1f63fd2f (diff)
download: pdfium-0fa150a12267b69abcfe5e380b698bbbbd37d5de.tar.xz
4 files changed, 43 insertions, 3 deletions
diff --git a/third_party/libopenjpeg20/0035-opj_j2k_update_image_dimensions.patch b/third_party/libopenjpeg20/0036-opj_j2k_update_image_dimensions.patch
index b918c0586e..b918c0586e 100644
--- a/third_party/libopenjpeg20/0035-opj_j2k_update_image_dimensions.patch
+++ b/third_party/libopenjpeg20/0036-opj_j2k_update_image_dimensions.patch
diff --git a/third_party/libopenjpeg20/0037-opj_j2k_merge_ppt_leak.patch b/third_party/libopenjpeg20/0037-opj_j2k_merge_ppt_leak.patch
new file mode 100644
index 0000000000..3ea17f9390
--- /dev/null
+++ b/third_party/libopenjpeg20/0037-opj_j2k_merge_ppt_leak.patch
@@ -0,0 +1,30 @@
+diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c
+index cea614709..afcd597ee 100644
+--- a/third_party/libopenjpeg20/j2k.c
++++ b/third_party/libopenjpeg20/j2k.c
+@@ -4085,7 +4085,12 @@ static OPJ_BOOL opj_j2k_merge_ppt(opj_tcp_t *p_tcp, opj_event_mgr_t * p_manager)
+     /* preconditions */
+     assert(p_tcp != 00);
+     assert(p_manager != 00);
+-    assert(p_tcp->ppt_buffer == NULL);
++
++    if (p_tcp->ppt_buffer != NULL) {
++        opj_event_msg(p_manager, EVT_ERROR,
++                      "opj_j2k_merge_ppt() has already been called\n");
++        return OPJ_FALSE;
++    }
+ 
+     if (p_tcp->ppt == 0U) {
+         return OPJ_TRUE;
+@@ -8836,7 +8841,10 @@ OPJ_BOOL opj_j2k_read_tile_header(opj_j2k_t * p_j2k,
+ 
+     /* Current marker is the EOC marker ?*/
+     if (l_current_marker == J2K_MS_EOC) {
+-        p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC;
++        if (p_j2k->m_specific_param.m_decoder.m_state != J2K_STATE_EOC) {
++            p_j2k->m_current_tile_number = 0;
++            p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC;
++        }
+     }
+ 
+     /* FIXME DOC ???*/
diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium
index 1805000634..2c944d5999 100644
--- a/third_party/libopenjpeg20/README.pdfium
+++ b/third_party/libopenjpeg20/README.pdfium
@@ -27,4 +27,6 @@ Local Modifications:
 0026-use_opj_uint_ceildiv.patch: Remove (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)a, (OPJ_INT32) b).
 0033-undefined-shift-opj_t1_dec_clnpass.patch: fix undefined shifts originated from opj_t1_decode_cblk.
 0034-opj_malloc.patch: PDFium changes in opj_malloc.
-0035-opj_j2k_update_image_dimensions.patch: fix integer overflow.
+0035-opj_image_data_free.patch: Use the right free function in opj_jp2_apply_pclr.
+0036-opj_j2k_update_image_dimensions.patch: fix integer overflow.
+0037-opj_j2k_merge_ppt_leak.patch: fix memory leak.
diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c
index cea6147096..afcd597ee0 100644
--- a/third_party/libopenjpeg20/j2k.c
+++ b/third_party/libopenjpeg20/j2k.c
@@ -4085,7 +4085,12 @@ static OPJ_BOOL opj_j2k_merge_ppt(opj_tcp_t *p_tcp, opj_event_mgr_t * p_manager)
     /* preconditions */
     assert(p_tcp != 00);
     assert(p_manager != 00);
-    assert(p_tcp->ppt_buffer == NULL);
+
+    if (p_tcp->ppt_buffer != NULL) {
+        opj_event_msg(p_manager, EVT_ERROR,
+                      "opj_j2k_merge_ppt() has already been called\n");
+        return OPJ_FALSE;
+    }
 
     if (p_tcp->ppt == 0U) {
         return OPJ_TRUE;
@@ -8836,7 +8841,10 @@ OPJ_BOOL opj_j2k_read_tile_header(opj_j2k_t * p_j2k,
 
     /* Current marker is the EOC marker ?*/
     if (l_current_marker == J2K_MS_EOC) {
-        p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC;
+        if (p_j2k->m_specific_param.m_decoder.m_state != J2K_STATE_EOC) {
+            p_j2k->m_current_tile_number = 0;
+            p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC;
+        }
     }
 
     /* FIXME DOC ???*/
author	Lei Zhang <thestig@chromium.org>	2018-08-01 17:44:48 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-08-01 17:44:48 +0000
commit	0fa150a12267b69abcfe5e380b698bbbbd37d5de (patch)
tree	0c6d5c396bb4fdf875271fe65c63ac7752ba5f49
parent	b9e6281b72cd2ae51fd2d320430fba9c1f63fd2f (diff)
download	pdfium-0fa150a12267b69abcfe5e380b698bbbbd37d5de.tar.xz