diff options
author | Lei Zhang <thestig@chromium.org> | 2015-10-02 11:19:21 -0700 |
---|---|---|
committer | Lei Zhang <thestig@chromium.org> | 2015-10-02 11:19:21 -0700 |
commit | 9e75b82d5d18f748b260202fed5a59682631475c (patch) | |
tree | 18f712c7f80326459258fda3d45bd8d13724db61 /core | |
parent | c955a2aa76e6fb681f84177942df1b305430c471 (diff) | |
download | pdfium-9e75b82d5d18f748b260202fed5a59682631475c.tar.xz |
Merge to XFA: Prevent divide by zeros in CJBig2_GSIDProc::decode_MMR().
Check the image size before attempting to decode.
BUG=538103
TBR=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1377493005 .
(cherry picked from commit 9fb70fbded5c0bf4f5313a49fd3496b4d4fa71ca)
Review URL: https://codereview.chromium.org/1379233003 .
Diffstat (limited to 'core')
-rw-r--r-- | core/src/fxcodec/jbig2/JBig2_Context.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/src/fxcodec/jbig2/JBig2_Context.cpp b/core/src/fxcodec/jbig2/JBig2_Context.cpp index 2e2cf9eeee..f2c44b726a 100644 --- a/core/src/fxcodec/jbig2/JBig2_Context.cpp +++ b/core/src/fxcodec/jbig2/JBig2_Context.cpp @@ -1127,6 +1127,11 @@ int32_t CJBig2_Context::parseHalftoneRegion(CJBig2_Segment* pSegment, nRet = JBIG2_ERROR_TOO_SHORT; goto failed; } + if (pHRD->HGW == 0 || pHRD->HGH == 0) { + nRet = JBIG2_ERROR_FATAL; + goto failed; + } + pHRD->HBW = ri.width; pHRD->HBH = ri.height; pHRD->HMMR = cFlags & 0x01; |