diff options
author | JUN FANG <jun_fang@foxitsoftware.com> | 2015-04-13 10:34:10 -0700 |
---|---|---|
committer | JUN FANG <jun_fang@foxitsoftware.com> | 2015-04-13 10:34:10 -0700 |
commit | eddab4425614e49146f904f00da4a664ba4b581b (patch) | |
tree | 0717e75ef75e5f814aa540daeb4774767f013d98 /core/src/fxcodec/jbig2/JBig2_ArithDecoder.h | |
parent | eeccab8f6a1785d9c94c126524b982c9d4c4b946 (diff) | |
download | pdfium-eddab4425614e49146f904f00da4a664ba4b581b.tar.xz |
Fix a heap overflow in CJBig2_Context::parseSymbolDictchromium/2371chromium/2370chromium/2369
BUG=476107
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1080893002
Diffstat (limited to 'core/src/fxcodec/jbig2/JBig2_ArithDecoder.h')
-rw-r--r-- | core/src/fxcodec/jbig2/JBig2_ArithDecoder.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h b/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h index 214688d3b2..33bbe39d0d 100644 --- a/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h +++ b/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h @@ -72,6 +72,10 @@ inline void CJBig2_ArithDecoder::BYTEIN() } inline int CJBig2_ArithDecoder::DECODE(JBig2ArithCtx *pCX) { + if (!pCX || pCX->I >= JBIG2_QE_NUM) { + return 0; + } + int D; const JBig2ArithQe * qe = &QeTable[pCX->I]; A = A - qe->Qe; |