diff options
author | Nicolas Pena <npm@chromium.org> | 2017-09-01 13:25:16 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-09-05 14:10:37 +0000 |
commit | 088ca03f25fe1f6d75c0ff3b71e0ad3d018a5e0c (patch) | |
tree | 27f55db27d9112910d9219efa58474a0c2bd9b52 /third_party/libopenjpeg20/0020-opj_aligned_malloc.patch | |
parent | 740bcd892d22136873b2b123b94e51bf6e77b8f9 (diff) | |
download | pdfium-088ca03f25fe1f6d75c0ff3b71e0ad3d018a5e0c.tar.xz |
Upgrade OpenJPEG to 2.2.0
This CL upgrades OpenJPEG by copying the files from 2.2.0 and then applying
patches. Patch files that are no longer relevant are deleted. The relevant
ones are applied manually due to changes in formatting in OpenJPEG. Patch 34
is added to account for opj_malloc changes in PDFium.
Bug: chromium:718731
Change-Id: I3d316893eab5e235c9f71222a6818b8ae0c98383
Reviewed-on: https://pdfium-review.googlesource.com/12770
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'third_party/libopenjpeg20/0020-opj_aligned_malloc.patch')
-rw-r--r-- | third_party/libopenjpeg20/0020-opj_aligned_malloc.patch | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/third_party/libopenjpeg20/0020-opj_aligned_malloc.patch b/third_party/libopenjpeg20/0020-opj_aligned_malloc.patch deleted file mode 100644 index 7de6e967b6..0000000000 --- a/third_party/libopenjpeg20/0020-opj_aligned_malloc.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium -index b1012af..a40ed7b 100644 ---- a/third_party/libopenjpeg20/README.pdfium -+++ b/third_party/libopenjpeg20/README.pdfium -@@ -29,4 +29,5 @@ Local Modifications: - 0017-tcd_init_tile.patch: Prevent integer overflows during calculation of |l_nb_precinct_size|. - 0018-tcd_get_decoded_tile_size.patch: Fix an integer overflow in opj_tcd_get_decoded_tile_size. - 0019-tcd_init_tile.patch: Prevent integer overflows during calculation of |l_nb_code_blocks_size|. -+0020-opj_aligned_malloc.patch: Prevent overflows when using opj_aligned_malloc(). - TODO(thestig): List all the other patches. -diff --git a/third_party/libopenjpeg20/dwt.c b/third_party/libopenjpeg20/dwt.c -index 3b92bdf..a666d1c 100644 ---- a/third_party/libopenjpeg20/dwt.c -+++ b/third_party/libopenjpeg20/dwt.c -@@ -576,6 +576,9 @@ static OPJ_BOOL opj_dwt_decode_tile(const opj_tcd_tilecomp_t* tilec, OPJ_UINT32 - OPJ_UINT32 w = (OPJ_UINT32)(tilec->x1 - tilec->x0); - - h.mem_count = opj_dwt_max_resolution(tr, numres); -+ if (((OPJ_UINT32)-1) / (OPJ_UINT32)sizeof(OPJ_INT32) < (OPJ_UINT32)h.mem_count) { -+ return OPJ_FALSE; -+ } - h.mem = (OPJ_INT32*)opj_aligned_malloc(h.mem_count * sizeof(OPJ_INT32)); - if (! h.mem){ - /* FIXME event manager error callback */ -@@ -850,7 +853,17 @@ OPJ_BOOL opj_dwt_decode_real(opj_tcd_tilecomp_t* restrict tilec, OPJ_UINT32 numr - - OPJ_UINT32 w = (OPJ_UINT32)(tilec->x1 - tilec->x0); - -- h.wavelet = (opj_v4_t*) opj_aligned_malloc((opj_dwt_max_resolution(res, numres)+5) * sizeof(opj_v4_t)); -+ OPJ_UINT32 mr = opj_dwt_max_resolution(res, numres); -+ -+ if (mr >= ((OPJ_UINT32)-5)) { -+ return OPJ_FALSE; -+ } -+ mr += 5; -+ -+ if (((OPJ_UINT32)-1) / (OPJ_UINT32)sizeof(opj_v4_t) < mr) { -+ return OPJ_FALSE; -+ } -+ h.wavelet = (opj_v4_t*) opj_aligned_malloc(mr * sizeof(opj_v4_t)); - if (!h.wavelet) { - /* FIXME event manager error callback */ - return OPJ_FALSE; -diff --git a/third_party/libopenjpeg20/t1.c b/third_party/libopenjpeg20/t1.c -index 108ce78..a119db1 100644 ---- a/third_party/libopenjpeg20/t1.c -+++ b/third_party/libopenjpeg20/t1.c -@@ -1173,6 +1173,9 @@ static OPJ_BOOL opj_t1_allocate_buffers( - if (!t1->encoder) { - if(datasize > t1->datasize){ - opj_aligned_free(t1->data); -+ if (((OPJ_UINT32)-1) / (OPJ_UINT32)sizeof(OPJ_INT32) < datasize) { -+ return OPJ_FALSE; -+ } - t1->data = (OPJ_INT32*) opj_aligned_malloc(datasize * sizeof(OPJ_INT32)); - if(!t1->data){ - /* FIXME event manager error callback */ -@@ -1187,6 +1190,9 @@ static OPJ_BOOL opj_t1_allocate_buffers( - - if(flagssize > t1->flagssize){ - opj_aligned_free(t1->flags); -+ if (((OPJ_UINT32)-1) / (OPJ_UINT32)sizeof(opj_flag_t) < flagssize) { -+ return OPJ_FALSE; -+ } - t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize * sizeof(opj_flag_t)); - if(!t1->flags){ - /* FIXME event manager error callback */ |