Check for success of decodes to avoid infinite loops

Bug: 790693 Change-Id: I9b1d87e024229d8b01f55ec554e2cc544db6ac06 Reviewed-on: https://pdfium-review.googlesource.com/20230 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
author: Nicolas Pena <npm@chromium.org> 2017-12-01 21:40:23 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2017-12-01 21:40:23 +0000
commit: dca380ffe0571be4023b11b06b8aecad9934bb06 (patch)
tree: 17daabe5cc361a543dd69f8f783c34f5a5a598d4 /core/fxcodec/jbig2/JBig2_TrdProc.cpp
parent: 752e9bf892abdf1ee588ba87c857d0783a017b27 (diff)
download: pdfium-dca380ffe0571be4023b11b06b8aecad9934bb06.tar.xz
1 files changed, 19 insertions, 12 deletions
diff --git a/core/fxcodec/jbig2/JBig2_TrdProc.cpp b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
index 332e5868ac..78eb78012a 100644
--- a/core/fxcodec/jbig2/JBig2_TrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
@@ -281,7 +281,9 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::decode_Arith(
     for (;;) {
       if (bFirst) {
         int32_t DFS;
-        pIAFS->decode(pArithDecoder, &DFS);
+        if (!pIAFS->decode(pArithDecoder, &DFS))
+          return nullptr;
+
         FIRSTS += DFS;
         CURS = FIRSTS;
         bFirst = false;
@@ -297,8 +299,10 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::decode_Arith(
         break;
 
       int CURT = 0;
-      if (SBSTRIPS != 1)
-        pIAIT->decode(pArithDecoder, &CURT);
+      if (SBSTRIPS != 1) {
+        if (!pIAIT->decode(pArithDecoder, &CURT))
+          return nullptr;
+      }
 
       FX_SAFE_INT32 SAFE_TI = STRIPT + CURT;
       if (!SAFE_TI.IsValid())
@@ -306,15 +310,16 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::decode_Arith(
 
       int32_t TI = SAFE_TI.ValueOrDie();
       uint32_t IDI;
-      pIAID->decode(pArithDecoder, &IDI);
-      if (IDI >= SBNUMSYMS)
+      if (!pIAID->decode(pArithDecoder, &IDI) || IDI >= SBNUMSYMS)
         return nullptr;
 
       int RI;
-      if (SBREFINE == 0)
+      if (SBREFINE == 0) {
         RI = 0;
-      else
-        pIARI->decode(pArithDecoder, &RI);
+      } else {
+        if (!pIARI->decode(pArithDecoder, &RI))
+          return nullptr;
+      }
 
       MaybeOwned<CJBig2_Image> pIBI;
       if (RI == 0) {
@@ -324,10 +329,12 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::decode_Arith(
         int32_t RDHI;
         int32_t RDXI;
         int32_t RDYI;
-        pIARDW->decode(pArithDecoder, &RDWI);
-        pIARDH->decode(pArithDecoder, &RDHI);
-        pIARDX->decode(pArithDecoder, &RDXI);
-        pIARDY->decode(pArithDecoder, &RDYI);
+        if (!pIARDW->decode(pArithDecoder, &RDWI) ||
+            !pIARDH->decode(pArithDecoder, &RDHI) ||
+            !pIARDX->decode(pArithDecoder, &RDXI) ||
+            !pIARDY->decode(pArithDecoder, &RDYI)) {
+          return nullptr;
+        }
         CJBig2_Image* IBOI = SBSYMS[IDI];
         if (!IBOI)
           return nullptr;
author	Nicolas Pena <npm@chromium.org>	2017-12-01 21:40:23 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2017-12-01 21:40:23 +0000
commit	dca380ffe0571be4023b11b06b8aecad9934bb06 (patch)
tree	17daabe5cc361a543dd69f8f783c34f5a5a598d4 /core/fxcodec/jbig2/JBig2_TrdProc.cpp
parent	752e9bf892abdf1ee588ba87c857d0783a017b27 (diff)
download	pdfium-dca380ffe0571be4023b11b06b8aecad9934bb06.tar.xz