diff options
author | Ryan Harrison <rharrison@chromium.org> | 2018-06-20 13:43:04 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-06-20 13:43:04 +0000 |
commit | b6e0117285a918f4f2f3a350b8a648d2247d3d8e (patch) | |
tree | 94f88604744aa9a15ed4f1a2a20ef8eb32150425 /core/fxcodec/codec/fx_codec_jpx_opj.cpp | |
parent | e005dc33c31a2e701e1af3a0a3e5775cabbf1ddd (diff) | |
download | pdfium-b6e0117285a918f4f2f3a350b8a648d2247d3d8e.tar.xz |
Add in a size guard to JPX fuzzer
Setting an upper limit to the size of images being processed in the
JPX fuzzer to reduce timeouts due to images just being really big.
Also cleaned the types for passing pitch down to reduce the signedness
conversions.
BUG=chromium:834561
Change-Id: I28b7a2537a922ed7a9ca2f8ed049ae78dd471f49
Reviewed-on: https://pdfium-review.googlesource.com/35570
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'core/fxcodec/codec/fx_codec_jpx_opj.cpp')
-rw-r--r-- | core/fxcodec/codec/fx_codec_jpx_opj.cpp | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/core/fxcodec/codec/fx_codec_jpx_opj.cpp b/core/fxcodec/codec/fx_codec_jpx_opj.cpp index c828167315..e5ba37cc06 100644 --- a/core/fxcodec/codec/fx_codec_jpx_opj.cpp +++ b/core/fxcodec/codec/fx_codec_jpx_opj.cpp @@ -567,13 +567,12 @@ void CJPX_Decoder::GetInfo(uint32_t* width, } bool CJPX_Decoder::Decode(uint8_t* dest_buf, - int pitch, + uint32_t pitch, const std::vector<uint8_t>& offsets) { if (m_Image->comps[0].w != m_Image->x1 || m_Image->comps[0].h != m_Image->y1) return false; - if (pitch<static_cast<int>(m_Image->comps[0].w * 8 * m_Image->numcomps + 31)>> - 5 << 2) { + if (pitch<(m_Image->comps[0].w * 8 * m_Image->numcomps + 31)>> 5 << 2) { return false; } @@ -591,14 +590,14 @@ bool CJPX_Decoder::Decode(uint8_t* dest_buf, } } } - int width = m_Image->comps[0].w; - int height = m_Image->comps[0].h; + uint32_t width = m_Image->comps[0].w; + uint32_t height = m_Image->comps[0].h; for (uint32_t channel = 0; channel < m_Image->numcomps; ++channel) { uint8_t* pChannel = channel_bufs[channel]; if (adjust_comps[channel] < 0) { - for (int row = 0; row < height; ++row) { + for (uint32_t row = 0; row < height; ++row) { uint8_t* pScanline = pChannel + row * pitch; - for (int col = 0; col < width; ++col) { + for (uint32_t col = 0; col < width; ++col) { uint8_t* pPixel = pScanline + col * m_Image->numcomps; if (!m_Image->comps[channel].data) continue; @@ -615,9 +614,9 @@ bool CJPX_Decoder::Decode(uint8_t* dest_buf, } } } else { - for (int row = 0; row < height; ++row) { + for (uint32_t row = 0; row < height; ++row) { uint8_t* pScanline = pChannel + row * pitch; - for (int col = 0; col < width; ++col) { + for (uint32_t col = 0; col < width; ++col) { uint8_t* pPixel = pScanline + col * m_Image->numcomps; if (!m_Image->comps[channel].data) continue; @@ -662,7 +661,7 @@ void CCodec_JpxModule::GetImageInfo(CJPX_Decoder* pDecoder, bool CCodec_JpxModule::Decode(CJPX_Decoder* pDecoder, uint8_t* dest_data, - int pitch, + uint32_t pitch, const std::vector<uint8_t>& offsets) { return pDecoder->Decode(dest_data, pitch, offsets); } |