summaryrefslogtreecommitdiff
path: root/fpdfsdk/javascript/color.cpp
diff options
context:
space:
mode:
authorDan Sinclair <dsinclair@chromium.org>2017-04-10 13:14:39 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-04-10 18:56:49 +0000
commit76c9a1b146145fc3605f91a807b0bc99d2607a0f (patch)
tree25dca4829862b71905f20d101d883979c473ff31 /fpdfsdk/javascript/color.cpp
parentecc3c836cf6965fbb7ad06b61da87332e59ea5d8 (diff)
downloadpdfium-76c9a1b146145fc3605f91a807b0bc99d2607a0f.tar.xz
Guard against negative shift in jbig2 huffman initialization
Depending on the code table, it's possible to have the largest PREFLEN value in the huffman table to be > 32. This will, potentially, cause the calcuation of ((FIRSTCODE[i - 1] + LENCOUNT[i - 1]) << 1 to overflow the int value and cause a negative shift. This Cl checks the shift value and failes the initialization if we would shift a negative value. Bug: chromium:709781 Change-Id: Ia165a01ba9412e31c5e5a43717d415fcb42eafe5 Reviewed-on: https://pdfium-review.googlesource.com/3990 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'fpdfsdk/javascript/color.cpp')
0 files changed, 0 insertions, 0 deletions