Check CJBig2_Image is valid before filling.chromium/3423 chromium/3422 chromium/3421

Skip a lot of work that will all fail anyway. BUG=chromium:838347 Change-Id: Iba45120e436b5547e106feb27dadea92cc948258 Reviewed-on: https://pdfium-review.googlesource.com/32053 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
author: Lei Zhang <thestig@chromium.org> 2018-05-04 18:49:57 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-05-04 18:49:57 +0000
commit: 36b3d19281e2911a97d6ce84538a3ae575ac38a7 (patch)
tree: 9695f3a5d67dc08c993a844adbda086b480f275a /core/fxcodec/jbig2/JBig2_GrdProc.cpp
parent: ad178855775da18d7abfadce4b64825f3e32adbd (diff)
download: pdfium-36b3d19281e2911a97d6ce84538a3ae575ac38a7.tar.xz
1 files changed, 16 insertions, 4 deletions
diff --git a/core/fxcodec/jbig2/JBig2_GrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
index 5343df269e..215d6fe6cf 100644
--- a/core/fxcodec/jbig2/JBig2_GrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
@@ -166,9 +166,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate0Opt3(
 std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate0Unopt(
     CJBig2_ArithDecoder* pArithDecoder,
     JBig2ArithCtx* gbContext) {
-  int LTP = 0;
   auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+  if (!GBREG->data())
+    return nullptr;
+
   GBREG->fill(0);
+  int LTP = 0;
   for (uint32_t h = 0; h < GBH; h++) {
     if (TPGDON) {
       if (pArithDecoder->IsComplete())
@@ -314,9 +317,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate1Opt3(
 std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate1Unopt(
     CJBig2_ArithDecoder* pArithDecoder,
     JBig2ArithCtx* gbContext) {
-  int LTP = 0;
   auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+  if (!GBREG->data())
+    return nullptr;
+
   GBREG->fill(0);
+  int LTP = 0;
   for (uint32_t h = 0; h < GBH; h++) {
     if (TPGDON) {
       if (pArithDecoder->IsComplete())
@@ -460,9 +466,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate2Opt3(
 std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate2Unopt(
     CJBig2_ArithDecoder* pArithDecoder,
     JBig2ArithCtx* gbContext) {
-  int LTP = 0;
   auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+  if (!GBREG->data())
+    return nullptr;
+
   GBREG->fill(0);
+  int LTP = 0;
   for (uint32_t h = 0; h < GBH; h++) {
     if (TPGDON) {
       if (pArithDecoder->IsComplete())
@@ -592,9 +601,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate3Opt3(
 std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate3Unopt(
     CJBig2_ArithDecoder* pArithDecoder,
     JBig2ArithCtx* gbContext) {
-  int LTP = 0;
   auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+  if (!GBREG->data())
+    return nullptr;
+
   GBREG->fill(0);
+  int LTP = 0;
   for (uint32_t h = 0; h < GBH; h++) {
     if (TPGDON) {
       if (pArithDecoder->IsComplete())
author	Lei Zhang <thestig@chromium.org>	2018-05-04 18:49:57 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-05-04 18:49:57 +0000
commit	36b3d19281e2911a97d6ce84538a3ae575ac38a7 (patch)
tree	9695f3a5d67dc08c993a844adbda086b480f275a /core/fxcodec/jbig2/JBig2_GrdProc.cpp
parent	ad178855775da18d7abfadce4b64825f3e32adbd (diff)
download	pdfium-36b3d19281e2911a97d6ce84538a3ae575ac38a7.tar.xz