diff options
| author | Ryan Harrison <rharrison@chromium.org> | 2017-09-14 11:18:45 -0400 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-09-14 15:44:21 +0000 |
| commit | 3ad06a513bc490065b860a543ffb43eb169769bd (patch) | |
| tree | 99331ccbff37abbf9bb7e18eac5d321895ed7c5d /core/fxcodec | |
| parent | 038740c2fbd27f5a6a0fad8903546ecb69a2f9a4 (diff) | |
| download | pdfium-3ad06a513bc490065b860a543ffb43eb169769bd.tar.xz | |
Revert moving JPX library decode from Init to Decode
Due to some of the size parameters for allocating space in Decode()
depending on the values produced by opj_decode(), this change was
causing misallocation of space, which in turn was causing illegal
reads/writes.
The issue with excessive memory usage that the original CL was trying
to change is less significant than the above mentioned problems, so
reverting this fix and looking for another solution to the
problem. This will re-open bugs https://crbug.com/754423 and
https://crbug.com/761005.
BUG=chromium:764177,chromium:754423,chromium:761005
Change-Id: I1cafac8a8117ec1e3bc32b31196bdec719d46477
Reviewed-on: https://pdfium-review.googlesource.com/13950
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Diffstat (limited to 'core/fxcodec')
| -rw-r--r-- | core/fxcodec/codec/fx_codec_jpx_opj.cpp | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/core/fxcodec/codec/fx_codec_jpx_opj.cpp b/core/fxcodec/codec/fx_codec_jpx_opj.cpp index 21d971bc8c..03f06b872d 100644 --- a/core/fxcodec/codec/fx_codec_jpx_opj.cpp +++ b/core/fxcodec/codec/fx_codec_jpx_opj.cpp @@ -492,28 +492,6 @@ bool CJPX_Decoder::Init(const unsigned char* src_data, uint32_t src_size) { } m_Image->pdfium_use_colorspace = !!m_ColorSpace; - return true; -} - -void CJPX_Decoder::GetInfo(uint32_t* width, - uint32_t* height, - uint32_t* components) { - *width = m_Image->x1; - *height = m_Image->y1; - *components = m_Image->numcomps; -} - -bool CJPX_Decoder::Decode(uint8_t* dest_buf, - int pitch, - const std::vector<uint8_t>& offsets) { - if (m_Image->comps[0].w != m_Image->x1 || m_Image->comps[0].h != m_Image->y1) - return false; - - if (pitch<static_cast<int>(m_Image->comps[0].w * 8 * m_Image->numcomps + 31)>> - 5 << 2) { - return false; - } - if (!m_Parameters.nb_tile_to_decode) { if (!opj_set_decode_area(m_Codec, m_Image, m_Parameters.DA_x0, m_Parameters.DA_y0, m_Parameters.DA_x1, @@ -554,6 +532,28 @@ bool CJPX_Decoder::Decode(uint8_t* dest_buf, m_Image->icc_profile_len = 0; } + return true; +} + +void CJPX_Decoder::GetInfo(uint32_t* width, + uint32_t* height, + uint32_t* components) { + *width = m_Image->x1; + *height = m_Image->y1; + *components = m_Image->numcomps; +} + +bool CJPX_Decoder::Decode(uint8_t* dest_buf, + int pitch, + const std::vector<uint8_t>& offsets) { + if (m_Image->comps[0].w != m_Image->x1 || m_Image->comps[0].h != m_Image->y1) + return false; + + if (pitch<static_cast<int>(m_Image->comps[0].w * 8 * m_Image->numcomps + 31)>> + 5 << 2) { + return false; + } + memset(dest_buf, 0xff, m_Image->y1 * pitch); std::vector<uint8_t*> channel_bufs(m_Image->numcomps); std::vector<int> adjust_comps(m_Image->numcomps); |