Do not copy data in DecodeAllScanlines().

The copy will never be read. Change-Id: I129859ed7569e054e66f00314f8ecf20e2c67715 Reviewed-on: https://pdfium-review.googlesource.com/41854 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
author: Lei Zhang <thestig@chromium.org> 2018-09-11 07:59:58 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-09-11 07:59:58 +0000
commit: 9039169b64e117516cd274bfb85ca9d696d4ef5b (patch)
tree: 33c795b1bc48995d63484a871ee703f064188e51
parent: bb06ae5ad0b6389490befc6831517ab383e94031 (diff)
download: pdfium-9039169b64e117516cd274bfb85ca9d696d4ef5b.tar.xz
1 files changed, 21 insertions, 26 deletions
diff --git a/core/fpdfapi/page/cpdf_streamparser.cpp b/core/fpdfapi/page/cpdf_streamparser.cpp
index 88b3993327..a64e14d741 100644
--- a/core/fpdfapi/page/cpdf_streamparser.cpp
+++ b/core/fpdfapi/page/cpdf_streamparser.cpp
@@ -29,6 +29,7 @@
 #include "core/fpdfapi/parser/fpdf_parser_utility.h"
 #include "core/fxcodec/codec/ccodec_jpegmodule.h"
 #include "core/fxcodec/codec/ccodec_scanlinedecoder.h"
+#include "core/fxcodec/fx_codec.h"
 #include "core/fxcrt/fx_extension.h"
 
 namespace {
@@ -36,27 +37,26 @@ namespace {
 const uint32_t kMaxNestedParsingLevel = 512;
 const size_t kMaxStringLength = 32767;
 
-uint32_t DecodeAllScanlines(std::unique_ptr<CCodec_ScanlineDecoder> pDecoder,
-                            uint8_t** dest_buf,
-                            uint32_t* dest_size) {
+uint32_t DecodeAllScanlines(std::unique_ptr<CCodec_ScanlineDecoder> pDecoder) {
   if (!pDecoder)
     return FX_INVALID_OFFSET;
+
   int ncomps = pDecoder->CountComps();
   int bpc = pDecoder->GetBPC();
   int width = pDecoder->GetWidth();
   int height = pDecoder->GetHeight();
-  int pitch = (width * ncomps * bpc + 7) / 8;
-  if (height == 0 || pitch > (1 << 30) / height)
+  if (width <= 0 || height <= 0)
+    return FX_INVALID_OFFSET;
+
+  FX_SAFE_UINT32 size = CalculatePitch8(bpc, ncomps, width);
+  size *= height;
+  if (size.ValueOrDefault(0) == 0)
     return FX_INVALID_OFFSET;
 
-  *dest_buf = FX_Alloc2D(uint8_t, pitch, height);
-  *dest_size = pitch * height;  // Safe since checked alloc returned.
   for (int row = 0; row < height; ++row) {
-    const uint8_t* pLine = pDecoder->GetScanline(row);
-    if (!pLine)
+    if (!pDecoder->GetScanline(row))
       break;
 
-    memcpy(*dest_buf + row * pitch, pLine, pitch);
   }
   return pDecoder->GetSrcOffset();
 }
@@ -66,38 +66,36 @@ uint32_t DecodeInlineStream(pdfium::span<const uint8_t> src_span,
                             int height,
                             const ByteString& decoder,
                             CPDF_Dictionary* pParam,
-                            uint8_t** dest_buf,
-                            uint32_t* dest_size) {
-  *dest_buf = nullptr;
-  *dest_size = 0;
+                            uint32_t orig_size) {
   std::unique_ptr<uint8_t, FxFreeDeleter> ignored_result;
+  uint32_t ignored_size;
   if (decoder == "FlateDecode" || decoder == "Fl") {
-    return FlateOrLZWDecode(false, src_span, pParam, *dest_size,
-                            &ignored_result, dest_size);
+    return FlateOrLZWDecode(false, src_span, pParam, orig_size, &ignored_result,
+                            &ignored_size);
   }
   if (decoder == "LZWDecode" || decoder == "LZW") {
     return FlateOrLZWDecode(true, src_span, pParam, 0, &ignored_result,
-                            dest_size);
+                            &ignored_size);
   }
   if (decoder == "DCTDecode" || decoder == "DCT") {
     std::unique_ptr<CCodec_ScanlineDecoder> pDecoder =
         CPDF_ModuleMgr::Get()->GetJpegModule()->CreateDecoder(
             src_span, width, height, 0,
             !pParam || pParam->GetIntegerFor("ColorTransform", 1));
-    return DecodeAllScanlines(std::move(pDecoder), dest_buf, dest_size);
+    return DecodeAllScanlines(std::move(pDecoder));
   }
   if (decoder == "CCITTFaxDecode" || decoder == "CCF") {
     std::unique_ptr<CCodec_ScanlineDecoder> pDecoder =
         CreateFaxDecoder(src_span, width, height, pParam);
-    return DecodeAllScanlines(std::move(pDecoder), dest_buf, dest_size);
+    return DecodeAllScanlines(std::move(pDecoder));
   }
 
   if (decoder == "ASCII85Decode" || decoder == "A85")
-    return A85Decode(src_span, &ignored_result, dest_size);
+    return A85Decode(src_span, &ignored_result, &ignored_size);
   if (decoder == "ASCIIHexDecode" || decoder == "AHx")
-    return HexDecode(src_span, &ignored_result, dest_size);
+    return HexDecode(src_span, &ignored_result, &ignored_size);
   if (decoder == "RunLengthDecode" || decoder == "RL")
-    return RunLengthDecode(src_span, &ignored_result, dest_size);
+    return RunLengthDecode(src_span, &ignored_result, &ignored_size);
 
   return FX_INVALID_OFFSET;
 }
@@ -186,11 +184,8 @@ std::unique_ptr<CPDF_Stream> CPDF_StreamParser::ReadInlineStream(
     dwStreamSize = OrigSize;
     m_Pos += OrigSize;
   } else {
-    uint8_t* pIgnore = nullptr;
-    uint32_t dwDestSize = OrigSize;
     dwStreamSize = DecodeInlineStream(m_pBuf.subspan(m_Pos), width, height,
-                                      Decoder, pParam, &pIgnore, &dwDestSize);
-    FX_Free(pIgnore);
+                                      Decoder, pParam, OrigSize);
     if (static_cast<int>(dwStreamSize) < 0)
       return nullptr;
author	Lei Zhang <thestig@chromium.org>	2018-09-11 07:59:58 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-09-11 07:59:58 +0000
commit	9039169b64e117516cd274bfb85ca9d696d4ef5b (patch)
tree	33c795b1bc48995d63484a871ee703f064188e51
parent	bb06ae5ad0b6389490befc6831517ab383e94031 (diff)
download	pdfium-9039169b64e117516cd274bfb85ca9d696d4ef5b.tar.xz