summaryrefslogtreecommitdiff
path: root/core/fxcodec/jbig2/JBig2_Context.cpp
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2018-08-21 20:32:39 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-08-21 20:32:39 +0000
commite4110926f26fcd9a906b2ceb722a4f3b50461130 (patch)
tree3364431a1c9d90332155540bf1a42ef89bd4b5f4 /core/fxcodec/jbig2/JBig2_Context.cpp
parent2696aa066d9bd10641e4d88cb3c020af7b8086b3 (diff)
downloadpdfium-e4110926f26fcd9a906b2ceb722a4f3b50461130.tar.xz
Fix lifetime issue in CJBig2_GRDProc::ProgressiveArithDecodeState
Bug: 876222 Change-Id: I56c20c006ee26650f32b9ec90f3c7f91466b7470 Reviewed-on: https://pdfium-review.googlesource.com/40890 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcodec/jbig2/JBig2_Context.cpp')
-rw-r--r--core/fxcodec/jbig2/JBig2_Context.cpp43
1 files changed, 23 insertions, 20 deletions
diff --git a/core/fxcodec/jbig2/JBig2_Context.cpp b/core/fxcodec/jbig2/JBig2_Context.cpp
index 5bf9df9dc4..d976abdf31 100644
--- a/core/fxcodec/jbig2/JBig2_Context.cpp
+++ b/core/fxcodec/jbig2/JBig2_Context.cpp
@@ -1013,29 +1013,32 @@ JBig2_Result CJBig2_Context::ParseGenericRegion(CJBig2_Segment* pSegment,
m_pArithDecoder =
pdfium::MakeUnique<CJBig2_ArithDecoder>(m_pStream.get());
}
- CJBig2_GRDProc::ProgressiveArithDecodeState state;
- state.pImage = &pSegment->m_Image;
- state.pArithDecoder = m_pArithDecoder.get();
- state.gbContext = m_gbContext.data();
- state.pPause = pPause;
- m_ProcessingStatus = bStart ? m_pGRD->StartDecodeArith(&state)
- : m_pGRD->ContinueDecode(&state);
- if (m_ProcessingStatus == FXCODEC_STATUS_DECODE_TOBECONTINUE) {
- if (pSegment->m_cFlags.s.type != 36) {
- if (!m_bBufSpecified) {
- const auto& pPageInfo = m_PageInfoList.back();
- if ((pPageInfo->m_bIsStriped == 1) &&
- (m_ri.y + m_ri.height > m_pPage->height())) {
- m_pPage->Expand(m_ri.y + m_ri.height,
- (pPageInfo->m_cFlags & 4) ? 1 : 0);
+ {
+ // |state.gbContext| can't exist when m_gbContext.clear() called below.
+ CJBig2_GRDProc::ProgressiveArithDecodeState state;
+ state.pImage = &pSegment->m_Image;
+ state.pArithDecoder = m_pArithDecoder.get();
+ state.gbContext = m_gbContext.data();
+ state.pPause = pPause;
+ m_ProcessingStatus = bStart ? m_pGRD->StartDecodeArith(&state)
+ : m_pGRD->ContinueDecode(&state);
+ if (m_ProcessingStatus == FXCODEC_STATUS_DECODE_TOBECONTINUE) {
+ if (pSegment->m_cFlags.s.type != 36) {
+ if (!m_bBufSpecified) {
+ const auto& pPageInfo = m_PageInfoList.back();
+ if ((pPageInfo->m_bIsStriped == 1) &&
+ (m_ri.y + m_ri.height > m_pPage->height())) {
+ m_pPage->Expand(m_ri.y + m_ri.height,
+ (pPageInfo->m_cFlags & 4) ? 1 : 0);
+ }
}
+ const FX_RECT& rect = m_pGRD->GetReplaceRect();
+ m_pPage->ComposeFromWithRect(m_ri.x + rect.left, m_ri.y + rect.top,
+ pSegment->m_Image.get(), rect,
+ (JBig2ComposeOp)(m_ri.flags & 0x03));
}
- const FX_RECT& rect = m_pGRD->GetReplaceRect();
- m_pPage->ComposeFromWithRect(m_ri.x + rect.left, m_ri.y + rect.top,
- pSegment->m_Image.get(), rect,
- (JBig2ComposeOp)(m_ri.flags & 0x03));
+ return JBig2_Result::kSuccess;
}
- return JBig2_Result::kSuccess;
}
m_pArithDecoder.reset();
m_gbContext.clear();