diff options
| author | JUN FANG <jun_fang@foxitsoftware.com> | 2015-04-13 10:34:10 -0700 |
|---|---|---|
| committer | JUN FANG <jun_fang@foxitsoftware.com> | 2015-04-13 10:44:51 -0700 |
| commit | 63de95b699a4374982c2ddffced89e0da028fe4c (patch) | |
| tree | 227c497f0f9200c0d1baffc760705c6653f3c248 /core/src/fxcodec/jbig2/JBig2_ArithDecoder.h | |
| parent | c0c944cb1adadede295af97fb272feb7050d9c0a (diff) | |
| download | pdfium-63de95b699a4374982c2ddffced89e0da028fe4c.tar.xz | |
Merge to XFA: Fix a heap overflow in CJBig2_Context::parseSymbolDict
BUG=476107
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1080893002
Diffstat (limited to 'core/src/fxcodec/jbig2/JBig2_ArithDecoder.h')
| -rw-r--r-- | core/src/fxcodec/jbig2/JBig2_ArithDecoder.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h b/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h index 214688d3b2..33bbe39d0d 100644 --- a/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h +++ b/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h @@ -72,6 +72,10 @@ inline void CJBig2_ArithDecoder::BYTEIN() } inline int CJBig2_ArithDecoder::DECODE(JBig2ArithCtx *pCX) { + if (!pCX || pCX->I >= JBIG2_QE_NUM) { + return 0; + } + int D; const JBig2ArithQe * qe = &QeTable[pCX->I]; A = A - qe->Qe; |