diff options
| author | Dan Sinclair <dsinclair@chromium.org> | 2017-03-28 12:44:58 -0400 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-03-28 17:07:05 +0000 |
| commit | eed6421dc45a5cc74986b2ef0870974c829f829e (patch) | |
| tree | f2da4f8ddf08ca108a8a47381e5cb7dc1bd85d3e /core/fxcodec/jbig2/JBig2_ArithDecoder.h | |
| parent | 8149ae111536d6f7272e676ad4b95b1b194d11b8 (diff) | |
| download | pdfium-eed6421dc45a5cc74986b2ef0870974c829f829e.tar.xz | |
Add bounds check into JBIG2 Arith decoder.
Currently when the BitStream runs out of bits it pretends that it
still has content and will continue to return the last byte over and
over again. This Cl updates the jbig decoder to detect that the bit
stream is complete and returns a decode error.
Bug: chromium:665056
Change-Id: I61ca75713e677a2c280e80374b8dcfd48bee67d8
Reviewed-on: https://pdfium-review.googlesource.com/3244
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcodec/jbig2/JBig2_ArithDecoder.h')
| -rw-r--r-- | core/fxcodec/jbig2/JBig2_ArithDecoder.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/core/fxcodec/jbig2/JBig2_ArithDecoder.h b/core/fxcodec/jbig2/JBig2_ArithDecoder.h index a8ab5dd730..24fb80cfbd 100644 --- a/core/fxcodec/jbig2/JBig2_ArithDecoder.h +++ b/core/fxcodec/jbig2/JBig2_ArithDecoder.h @@ -7,6 +7,8 @@ #ifndef CORE_FXCODEC_JBIG2_JBIG2_ARITHDECODER_H_ #define CORE_FXCODEC_JBIG2_JBIG2_ARITHDECODER_H_ +#include <stdint.h> + class CJBig2_BitStream; struct JBig2ArithCtx { @@ -24,11 +26,14 @@ class CJBig2_ArithDecoder { int DECODE(JBig2ArithCtx* pCX); + bool IsComplete() const { return m_Complete; } + private: void BYTEIN(); void ReadValueA(); - unsigned char m_B; + bool m_Complete; + uint8_t m_B; unsigned int m_C; unsigned int m_A; unsigned int m_CT; |