summaryrefslogtreecommitdiff
path: root/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2017-08-23 23:40:22 -0700
committerChromium commit bot <commit-bot@chromium.org>2017-08-28 16:03:50 +0000
commit41799881d04a01168700558ff394962b3b318b46 (patch)
tree834f8f87a9e97897826cabc55863a2ce42461243 /core/fxcodec/jbig2/JBig2_GrrdProc.cpp
parenta8efb5183422e07210771c975e5ae7655957cc77 (diff)
downloadpdfium-41799881d04a01168700558ff394962b3b318b46.tar.xz
Skip decoding of excessively large JBIG2 images.
BUG=chromium:749610. Change-Id: I4de7855aec552e6c143e7a8be6b90e44945a0fcb Reviewed-on: https://pdfium-review.googlesource.com/11930 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxcodec/jbig2/JBig2_GrrdProc.cpp')
-rw-r--r--core/fxcodec/jbig2/JBig2_GrrdProc.cpp4
1 files changed, 3 insertions, 1 deletions
diff --git a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
index 11fa39945d..049e50a1a9 100644
--- a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
@@ -16,8 +16,10 @@
std::unique_ptr<CJBig2_Image> CJBig2_GRRDProc::decode(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* grContext) {
- if (GRW == 0 || GRH == 0)
+ if (GRW == 0 || GRW > JBIG2_MAX_IMAGE_SIZE || GRH == 0 ||
+ GRH > JBIG2_MAX_IMAGE_SIZE) {
return pdfium::MakeUnique<CJBig2_Image>(GRW, GRH);
+ }
if (!GRTEMPLATE) {
if ((GRAT[0] == -1) && (GRAT[1] == -1) && (GRAT[2] == -1) &&