diff options
author | Tom Sepez <tsepez@chromium.org> | 2018-08-21 20:32:39 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-08-21 20:32:39 +0000 |
commit | e4110926f26fcd9a906b2ceb722a4f3b50461130 (patch) | |
tree | 3364431a1c9d90332155540bf1a42ef89bd4b5f4 /core/fxcodec/jbig2 | |
parent | 2696aa066d9bd10641e4d88cb3c020af7b8086b3 (diff) | |
download | pdfium-e4110926f26fcd9a906b2ceb722a4f3b50461130.tar.xz |
Fix lifetime issue in CJBig2_GRDProc::ProgressiveArithDecodeState
Bug: 876222
Change-Id: I56c20c006ee26650f32b9ec90f3c7f91466b7470
Reviewed-on: https://pdfium-review.googlesource.com/40890
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fxcodec/jbig2')
-rw-r--r-- | core/fxcodec/jbig2/JBig2_Context.cpp | 43 |
1 files changed, 23 insertions, 20 deletions
diff --git a/core/fxcodec/jbig2/JBig2_Context.cpp b/core/fxcodec/jbig2/JBig2_Context.cpp index 5bf9df9dc4..d976abdf31 100644 --- a/core/fxcodec/jbig2/JBig2_Context.cpp +++ b/core/fxcodec/jbig2/JBig2_Context.cpp @@ -1013,29 +1013,32 @@ JBig2_Result CJBig2_Context::ParseGenericRegion(CJBig2_Segment* pSegment, m_pArithDecoder = pdfium::MakeUnique<CJBig2_ArithDecoder>(m_pStream.get()); } - CJBig2_GRDProc::ProgressiveArithDecodeState state; - state.pImage = &pSegment->m_Image; - state.pArithDecoder = m_pArithDecoder.get(); - state.gbContext = m_gbContext.data(); - state.pPause = pPause; - m_ProcessingStatus = bStart ? m_pGRD->StartDecodeArith(&state) - : m_pGRD->ContinueDecode(&state); - if (m_ProcessingStatus == FXCODEC_STATUS_DECODE_TOBECONTINUE) { - if (pSegment->m_cFlags.s.type != 36) { - if (!m_bBufSpecified) { - const auto& pPageInfo = m_PageInfoList.back(); - if ((pPageInfo->m_bIsStriped == 1) && - (m_ri.y + m_ri.height > m_pPage->height())) { - m_pPage->Expand(m_ri.y + m_ri.height, - (pPageInfo->m_cFlags & 4) ? 1 : 0); + { + // |state.gbContext| can't exist when m_gbContext.clear() called below. + CJBig2_GRDProc::ProgressiveArithDecodeState state; + state.pImage = &pSegment->m_Image; + state.pArithDecoder = m_pArithDecoder.get(); + state.gbContext = m_gbContext.data(); + state.pPause = pPause; + m_ProcessingStatus = bStart ? m_pGRD->StartDecodeArith(&state) + : m_pGRD->ContinueDecode(&state); + if (m_ProcessingStatus == FXCODEC_STATUS_DECODE_TOBECONTINUE) { + if (pSegment->m_cFlags.s.type != 36) { + if (!m_bBufSpecified) { + const auto& pPageInfo = m_PageInfoList.back(); + if ((pPageInfo->m_bIsStriped == 1) && + (m_ri.y + m_ri.height > m_pPage->height())) { + m_pPage->Expand(m_ri.y + m_ri.height, + (pPageInfo->m_cFlags & 4) ? 1 : 0); + } } + const FX_RECT& rect = m_pGRD->GetReplaceRect(); + m_pPage->ComposeFromWithRect(m_ri.x + rect.left, m_ri.y + rect.top, + pSegment->m_Image.get(), rect, + (JBig2ComposeOp)(m_ri.flags & 0x03)); } - const FX_RECT& rect = m_pGRD->GetReplaceRect(); - m_pPage->ComposeFromWithRect(m_ri.x + rect.left, m_ri.y + rect.top, - pSegment->m_Image.get(), rect, - (JBig2ComposeOp)(m_ri.flags & 0x03)); + return JBig2_Result::kSuccess; } - return JBig2_Result::kSuccess; } m_pArithDecoder.reset(); m_gbContext.clear(); |