summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfoxit <jun_fang@foxitsoftware.com>2014-06-20 17:03:04 -0700
committerBo Xu <bo_xu@foxitsoftware.com>2014-07-30 17:23:36 -0700
commitf8a1a2c591bdf25b568e012824322a2c7c55f857 (patch)
tree61c9976a9d6e667bb989181d10d5a62f61cce79a
parent6b7e2cfb29baedc498238284eb20d88bdfa8258f (diff)
downloadpdfium-f8a1a2c591bdf25b568e012824322a2c7c55f857.tar.xz
Fix a crash in CFXMEM_FixedMgr::AllocLarge
BUG=382243 R=palmer@chromium.org Review URL: https://codereview.chromium.org/333213002
Diffstat
-rw-r--r--core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c
index 94feb17e4a..c1086755d6 100644
--- a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c
+++ b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c
@@ -775,6 +775,8 @@ OPJ_BOOL FUNCTION ( opj_tcd_t *p_tcd, \
/* p. 35, table A-23, ISO/IEC FDIS154444-1 : 2000 (18 august 2000) */ \
l_pdx = l_tccp->prcw[resno]; \
l_pdy = l_tccp->prch[resno]; \
+ if (l_pdx == 0 || l_pdy == 0) \
+ return OPJ_FALSE; \
/*fprintf(stderr, "\t\t\tpdx=%d, pdy=%d\n", l_pdx, l_pdy);*/ \
/* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */ \
l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx; \
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 14:35:06 +0000