Check for success of decodes to avoid infinite loops

Bug: 790693
Change-Id: I9b1d87e024229d8b01f55ec554e2cc544db6ac06
Reviewed-on: https://pdfium-review.googlesource.com/20230
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>

1 files changed, 11 insertions, 1 deletions

diff --git a/core/fxcodec/jbig2/JBig2_ArithIntDecoder.cpp b/core/fxcodec/jbig2/JBig2_ArithIntDecoder.cpp
index 7ed7702964..8ef1e0dc45 100644
--- a/core/fxcodec/jbig2/JBig2_ArithIntDecoder.cpp
+++ b/core/fxcodec/jbig2/JBig2_ArithIntDecoder.cpp
@@ -53,6 +53,9 @@ bool CJBig2_ArithIntDecoder::decode(CJBig2_ArithDecoder* pArithDecoder,
   // Decoding Procedure" on page 113 of the JBIG2 specification (ISO/IEC FCD
   // 14492).
   int PREV = 1;
+  if (pArithDecoder->IsComplete())
+    return false;
+
   const int S = pArithDecoder->DECODE(&m_IAx[PREV]);
   PREV = ShiftOr(PREV, S);
 
@@ -61,6 +64,9 @@ bool CJBig2_ArithIntDecoder::decode(CJBig2_ArithDecoder* pArithDecoder,
 
   int nTemp = 0;
   for (int i = 0; i < g_ArithIntDecodeData[nDecodeDataIndex].nNeedBits; ++i) {
+    if (pArithDecoder->IsComplete())
+      return false;
+
     int D = pArithDecoder->DECODE(&m_IAx[PREV]);
     PREV = ShiftOr(PREV, D);
     if (PREV >= 256)
@@ -92,13 +98,17 @@ CJBig2_ArithIaidDecoder::CJBig2_ArithIaidDecoder(unsigned char SBSYMCODELENA)
 
 CJBig2_ArithIaidDecoder::~CJBig2_ArithIaidDecoder() {}
 
-void CJBig2_ArithIaidDecoder::decode(CJBig2_ArithDecoder* pArithDecoder,
+bool CJBig2_ArithIaidDecoder::decode(CJBig2_ArithDecoder* pArithDecoder,
                                      uint32_t* nResult) {
   int PREV = 1;
   for (unsigned char i = 0; i < SBSYMCODELEN; ++i) {
     JBig2ArithCtx* pCX = &m_IAID[PREV];
+    if (pArithDecoder->IsComplete())
+      return false;
+
     int D = pArithDecoder->DECODE(pCX);
     PREV = ShiftOr(PREV, D);
   }
   *nResult = PREV - (1 << SBSYMCODELEN);
+  return true;
 }