summaryrefslogtreecommitdiff
path: root/core/src
diff options
context:
space:
mode:
authorBo Xu <bo_xu@foxitsoftware.com>2014-10-03 12:29:54 -0700
committerBo Xu <bo_xu@foxitsoftware.com>2014-10-03 12:29:54 -0700
commite93d5341d87c54713a9632c8823288fa901a3b78 (patch)
tree4da94c85f99786e9d9031a888991588116d081be /core/src
parent043f07f7c25af0064d093781106a12c3c749a50f (diff)
downloadpdfium-e93d5341d87c54713a9632c8823288fa901a3b78.tar.xz
check pointer overflow in t2.c
BUG=413375 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/624023003
Diffstat (limited to 'core/src')
-rw-r--r--core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/jp2.c2
-rw-r--r--core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/jp2.c b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/jp2.c
index dd188c1ba7..683d0415cf 100644
--- a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/jp2.c
+++ b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/jp2.c
@@ -1280,7 +1280,7 @@ OPJ_BOOL opj_jp2_read_colr( opj_jp2_t *jp2,
}
else if (jp2->meth > 2)
{
- /* ISO/IEC 15444-1:2004 (E), Table I.9 ­ Legal METH values:
+ /* ISO/IEC 15444-1:2004 (E), Table I.9 Legal METH values:
conforming JP2 reader shall ignore the entire Colour Specification box.*/
opj_event_msg(p_manager, EVT_INFO, "COLR BOX meth value is not a regular value (%d), "
"so we will ignore the entire Colour Specification box. \n", jp2->meth);
diff --git a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c
index f2a7c9a57c..cdd35e8c22 100644
--- a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c
+++ b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c
@@ -1132,7 +1132,7 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2,
do {
/* Check possible overflow (on l_current_data only, assumes input args already checked) then size */
- if (((OPJ_SIZE_T)(l_current_data + l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) {
+ if ((((OPJ_SIZE_T)l_current_data + (OPJ_SIZE_T)l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) {
fprintf(stderr, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
return OPJ_FALSE;