diff options
author | JUN FANG <jun_fang@foxitsoftware.com> | 2015-05-20 12:25:56 -0700 |
---|---|---|
committer | JUN FANG <jun_fang@foxitsoftware.com> | 2015-05-20 12:25:56 -0700 |
commit | e9ccc9bc449846107f1c539e25677f4877ddf22f (patch) | |
tree | 95ad9b3d81189bfd211d1c017979db7333428825 /core/src/fxcodec/libjpeg/jpeglib.h | |
parent | 3a251306b0fc80eadbd49a806b27c31e285c3223 (diff) | |
download | pdfium-e9ccc9bc449846107f1c539e25677f4877ddf22f.tar.xz |
Integer overflow in CJBig2_Image::expand
1. New size should be larger than old size in JBig2_Realloc.
2. Arguments are integers but parameters are size_t in JBIG2_memset.
After integer overflows, it will be presented as a huge
unsigned number on 64 bits system.
BUG=483981
R=brucedawson@chromium.org, tsepez@chromium.org
Review URL: https://codereview.chromium.org/1148643002
Diffstat (limited to 'core/src/fxcodec/libjpeg/jpeglib.h')
0 files changed, 0 insertions, 0 deletions