Fix undefined shift in CJBig2_Context::decodeSymbolIDHuffmanTable

Bug: chromium:755532 Change-Id: Ib04426fab52d0ca1d2544a21fd2ce4faaa57123f Reviewed-on: https://pdfium-review.googlesource.com/12430 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
author: Nicolas Pena <npm@chromium.org> 2017-08-30 15:50:09 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-08-30 20:07:56 +0000
commit: fd70d79ca67ac87dd95ab23d548b1fcb879ad259 (patch)
tree: d23251e5d07bef79d613d2a2c93ddc21f07135d2 /core/fxcodec/jbig2/JBig2_Context.cpp
parent: 674bbfe24ded465a4d27b268ca84f75976d556da (diff)
download: pdfium-fd70d79ca67ac87dd95ab23d548b1fcb879ad259.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/core/fxcodec/jbig2/JBig2_Context.cpp b/core/fxcodec/jbig2/JBig2_Context.cpp
index eaaed312d6..778db1c591 100644
--- a/core/fxcodec/jbig2/JBig2_Context.cpp
+++ b/core/fxcodec/jbig2/JBig2_Context.cpp
@@ -7,6 +7,7 @@
 #include "core/fxcodec/jbig2/JBig2_Context.h"
 
 #include <algorithm>
+#include <limits>
 #include <list>
 #include <utility>
 #include <vector>
@@ -1254,8 +1255,10 @@ std::vector<JBig2HuffmanCode> CJBig2_Context::decodeSymbolIDHuffmanTable(
     int32_t nBits = 0;
     uint32_t nTemp;
     while (true) {
-      if (pStream->read1Bit(&nTemp) != 0)
+      if (nVal > std::numeric_limits<int32_t>::max() / 2 ||
+          pStream->read1Bit(&nTemp) != 0) {
         return std::vector<JBig2HuffmanCode>();
+      }
 
       nVal = (nVal << 1) | nTemp;
       ++nBits;
author	Nicolas Pena <npm@chromium.org>	2017-08-30 15:50:09 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-08-30 20:07:56 +0000
commit	fd70d79ca67ac87dd95ab23d548b1fcb879ad259 (patch)
tree	d23251e5d07bef79d613d2a2c93ddc21f07135d2 /core/fxcodec/jbig2/JBig2_Context.cpp
parent	674bbfe24ded465a4d27b268ca84f75976d556da (diff)
download	pdfium-fd70d79ca67ac87dd95ab23d548b1fcb879ad259.tar.xz