diff options
author | Nicolas Pena <npm@chromium.org> | 2017-03-29 16:04:37 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-03-29 20:48:07 +0000 |
commit | f761a3aa4a001736249e1d7c3dce3b9dc8436a8d (patch) | |
tree | a35fecf16d41a6395a229fefb04fb23e5b59a84b /core/fxcodec/jbig2 | |
parent | bd5176ef75d850fd6a59bbd1fd5bebf1f2c8140f (diff) | |
download | pdfium-f761a3aa4a001736249e1d7c3dce3b9dc8436a8d.tar.xz |
Fix undefined shift in JBig2_SddProc
Bug: chromium:655535
Change-Id: I114a9447a9af107e6056e6056e7514ba789e282b
Reviewed-on: https://pdfium-review.googlesource.com/3294
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxcodec/jbig2')
-rw-r--r-- | core/fxcodec/jbig2/JBig2_SddProc.cpp | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/core/fxcodec/jbig2/JBig2_SddProc.cpp b/core/fxcodec/jbig2/JBig2_SddProc.cpp index bca2aef716..cf23884848 100644 --- a/core/fxcodec/jbig2/JBig2_SddProc.cpp +++ b/core/fxcodec/jbig2/JBig2_SddProc.cpp @@ -301,7 +301,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman( uint32_t EXINDEX; bool CUREXFLAG; uint32_t EXRUNLENGTH; - int32_t nVal, nBits; + int32_t nVal; uint32_t nTmp; uint32_t SBNUMSYMS; uint8_t SBSYMCODELEN; @@ -439,30 +439,19 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman( nTmp++; } SBSYMCODELEN = (uint8_t)nTmp; - SBSYMCODES = FX_Alloc(JBig2HuffmanCode, SBNUMSYMS); - for (I = 0; I < SBNUMSYMS; I++) { - SBSYMCODES[I].codelen = SBSYMCODELEN; - SBSYMCODES[I].code = I; - } nVal = 0; - nBits = 0; for (;;) { - if (pStream->read1Bit(&nTmp) != 0) { - FX_Free(SBSYMCODES); + if (pStream->read1Bit(&nTmp) != 0) goto failed; - } + nVal = (nVal << 1) | nTmp; - for (IDI = 0; IDI < SBNUMSYMS; IDI++) { - if ((nVal == SBSYMCODES[IDI].code) && - (nBits == SBSYMCODES[IDI].codelen)) { - break; - } - } - if (IDI < SBNUMSYMS) { + if (nVal < 0 || static_cast<uint32_t>(nVal) >= SBNUMSYMS) + goto failed; + + IDI = SBSYMCODELEN == 0 ? nVal : SBNUMSYMS; + if (IDI < SBNUMSYMS) break; - } } - FX_Free(SBSYMCODES); auto SBHUFFRDX = pdfium::MakeUnique<CJBig2_HuffmanTable>( HuffmanTable_B15, HuffmanTable_B15_Size, HuffmanTable_HTOOB_B15); auto SBHUFFRSIZE = pdfium::MakeUnique<CJBig2_HuffmanTable>( |