diff options
author | Dan Sinclair <dsinclair@chromium.org> | 2017-04-10 13:14:39 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-04-10 18:56:49 +0000 |
commit | 76c9a1b146145fc3605f91a807b0bc99d2607a0f (patch) | |
tree | 25dca4829862b71905f20d101d883979c473ff31 /core/fxcodec/jbig2/JBig2_HuffmanTable.h | |
parent | ecc3c836cf6965fbb7ad06b61da87332e59ea5d8 (diff) | |
download | pdfium-76c9a1b146145fc3605f91a807b0bc99d2607a0f.tar.xz |
Guard against negative shift in jbig2 huffman initialization
Depending on the code table, it's possible to have the largest PREFLEN
value in the huffman table to be > 32. This will, potentially, cause the
calcuation of ((FIRSTCODE[i - 1] + LENCOUNT[i - 1]) << 1 to overflow the
int value and cause a negative shift.
This Cl checks the shift value and failes the initialization if we would
shift a negative value.
Bug: chromium:709781
Change-Id: Ia165a01ba9412e31c5e5a43717d415fcb42eafe5
Reviewed-on: https://pdfium-review.googlesource.com/3990
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxcodec/jbig2/JBig2_HuffmanTable.h')
-rw-r--r-- | core/fxcodec/jbig2/JBig2_HuffmanTable.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fxcodec/jbig2/JBig2_HuffmanTable.h b/core/fxcodec/jbig2/JBig2_HuffmanTable.h index 58a3124881..b49fcebc9c 100644 --- a/core/fxcodec/jbig2/JBig2_HuffmanTable.h +++ b/core/fxcodec/jbig2/JBig2_HuffmanTable.h @@ -35,7 +35,7 @@ class CJBig2_HuffmanTable { private: void ParseFromStandardTable(const JBig2TableLine* pTable); bool ParseFromCodedBuffer(CJBig2_BitStream* pStream); - void InitCodes(); + bool InitCodes(); void ExtendBuffers(bool increment); bool m_bOK; |