Bound total pixels in JBig2 images to avoid overflows later.

Also make these private to ensure they aren't modified so as to violate the bounds checks applied at creation time. BUG=633002 Review-Url: https://codereview.chromium.org/2202013002
author: tsepez <tsepez@chromium.org> 2016-08-02 13:36:16 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-08-02 13:36:16 -0700
commit: e21501d9427539828b5d547b9d20a752d06914aa (patch)
tree: 78cc1bfe0ea26fd2a55ef7576e0cbd170dcbc396 /core/fxcodec/jbig2/JBig2_SddProc.cpp
parent: 0a7552ffa04bfb0c0523bd9c88e55e82842f53a8 (diff)
download: pdfium-e21501d9427539828b5d547b9d20a752d06914aa.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fxcodec/jbig2/JBig2_SddProc.cpp b/core/fxcodec/jbig2/JBig2_SddProc.cpp
index 9ab6cb8a2e..c6adfce784 100644
--- a/core/fxcodec/jbig2/JBig2_SddProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_SddProc.cpp
@@ -523,7 +523,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman(
         if (pStream->getByteLeft() >= stride * HCHEIGHT) {
           BHC = new CJBig2_Image(TOTWIDTH, HCHEIGHT);
           for (I = 0; I < HCHEIGHT; I++) {
-            JBIG2_memcpy(BHC->m_pData + I * BHC->m_nStride,
+            JBIG2_memcpy(BHC->m_pData + I * BHC->stride(),
                          pStream->getPointer(), stride);
             pStream->offset(stride);
           }
author	tsepez <tsepez@chromium.org>	2016-08-02 13:36:16 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-08-02 13:36:16 -0700
commit	e21501d9427539828b5d547b9d20a752d06914aa (patch)
tree	78cc1bfe0ea26fd2a55ef7576e0cbd170dcbc396 /core/fxcodec/jbig2/JBig2_SddProc.cpp
parent	0a7552ffa04bfb0c0523bd9c88e55e82842f53a8 (diff)
download	pdfium-e21501d9427539828b5d547b9d20a752d06914aa.tar.xz