diff options
| author | Nicolas Pena <npm@chromium.org> | 2017-09-01 13:25:16 -0400 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-09-05 14:10:37 +0000 |
| commit | 088ca03f25fe1f6d75c0ff3b71e0ad3d018a5e0c (patch) | |
| tree | 27f55db27d9112910d9219efa58474a0c2bd9b52 /third_party/libopenjpeg20/0019-tcd_init_tile.patch | |
| parent | 740bcd892d22136873b2b123b94e51bf6e77b8f9 (diff) | |
| download | pdfium-088ca03f25fe1f6d75c0ff3b71e0ad3d018a5e0c.tar.xz | |
Upgrade OpenJPEG to 2.2.0
This CL upgrades OpenJPEG by copying the files from 2.2.0 and then applying
patches. Patch files that are no longer relevant are deleted. The relevant
ones are applied manually due to changes in formatting in OpenJPEG. Patch 34
is added to account for opj_malloc changes in PDFium.
Bug: chromium:718731
Change-Id: I3d316893eab5e235c9f71222a6818b8ae0c98383
Reviewed-on: https://pdfium-review.googlesource.com/12770
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'third_party/libopenjpeg20/0019-tcd_init_tile.patch')
| -rw-r--r-- | third_party/libopenjpeg20/0019-tcd_init_tile.patch | 45 |
1 files changed, 18 insertions, 27 deletions
diff --git a/third_party/libopenjpeg20/0019-tcd_init_tile.patch b/third_party/libopenjpeg20/0019-tcd_init_tile.patch index d8e18facc9..fc5a3aac91 100644 --- a/third_party/libopenjpeg20/0019-tcd_init_tile.patch +++ b/third_party/libopenjpeg20/0019-tcd_init_tile.patch @@ -1,30 +1,21 @@ -diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium -index a9e289d..b1012af 100644 ---- a/third_party/libopenjpeg20/README.pdfium -+++ b/third_party/libopenjpeg20/README.pdfium -@@ -28,4 +28,5 @@ Local Modifications: - 0016-read_SQcd_SQcc_overflow.patch: Prevent a buffer overflow in opj_j2k_read_SQcd_SQcc. - 0017-tcd_init_tile.patch: Prevent integer overflows during calculation of |l_nb_precinct_size|. - 0018-tcd_get_decoded_tile_size.patch: Fix an integer overflow in opj_tcd_get_decoded_tile_size. -+0019-tcd_init_tile.patch: Prevent integer overflows during calculation of |l_nb_code_blocks_size|. - TODO(thestig): List all the other patches. diff --git a/third_party/libopenjpeg20/tcd.c b/third_party/libopenjpeg20/tcd.c -index cd1c439..9270efe 100644 +index f0710cd14..35d15e3d1 100644 --- a/third_party/libopenjpeg20/tcd.c +++ b/third_party/libopenjpeg20/tcd.c -@@ -939,8 +939,15 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no, - l_current_precinct->cw = (OPJ_UINT32)((brcblkxend - tlcblkxstart) >> cblkwidthexpn); - l_current_precinct->ch = (OPJ_UINT32)((brcblkyend - tlcblkystart) >> cblkheightexpn); - -+ if (l_current_precinct->cw && ((OPJ_UINT32)-1) / l_current_precinct->cw < l_current_precinct->ch) { -+ return OPJ_FALSE; -+ } - l_nb_code_blocks = l_current_precinct->cw * l_current_precinct->ch; - /*fprintf(stderr, "\t\t\t\t precinct_cw = %d x recinct_ch = %d\n",l_current_precinct->cw, l_current_precinct->ch); */ -+ -+ if (((OPJ_UINT32)-1) / (OPJ_UINT32)sizeof_block < l_nb_code_blocks) { -+ return OPJ_FALSE; -+ } - l_nb_code_blocks_size = l_nb_code_blocks * (OPJ_UINT32)sizeof_block; - - if (! l_current_precinct->cblks.blocks) { +@@ -1040,9 +1040,15 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no, + cblkwidthexpn); + l_current_precinct->ch = (OPJ_UINT32)((brcblkyend - tlcblkystart) >> + cblkheightexpn); +- ++ if (l_current_precinct->cw && ((OPJ_UINT32)-1) / l_current_precinct->cw < l_current_precinct->ch) { ++ return OPJ_FALSE; ++ } + l_nb_code_blocks = l_current_precinct->cw * l_current_precinct->ch; + /*fprintf(stderr, "\t\t\t\t precinct_cw = %d x recinct_ch = %d\n",l_current_precinct->cw, l_current_precinct->ch); */ ++ ++ if (((OPJ_UINT32)-1) / (OPJ_UINT32)sizeof_block < l_nb_code_blocks) { ++ return OPJ_FALSE; ++ } + l_nb_code_blocks_size = l_nb_code_blocks * (OPJ_UINT32)sizeof_block; + + if (!l_current_precinct->cblks.blocks && (l_nb_code_blocks > 0U)) { |