diff options
| author | Nicolas Pena <npm@chromium.org> | 2017-01-10 16:40:29 -0500 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-01-10 22:09:38 +0000 |
| commit | 44bc1f818dd791c2a5a81103be3853093fd934b3 (patch) | |
| tree | 0029aebd34fc0a1af99e65b62b844629b8ccc099 /third_party/libopenjpeg20/README.pdfium | |
| parent | 0cb9b8cb094532ff868314350680d3fb0ca2fe51 (diff) | |
| download | pdfium-44bc1f818dd791c2a5a81103be3853093fd934b3.tar.xz | |
Fix m_nb_mct_records calculation in opj_j2k_read_mct
Now we update m_nb_mct_records only when there was a new mct record, and
l_mct_data computations all went through. In previous version, the
++l_tcp->m_nb_mcc_records was in the end, without the if. Notice that
this is similar to the analoguous in opj_j2k_read_mcc.
CL that changed the calculation:
https://github.com/uclouvain/openjpeg/commit/7a8cdc4bb071494fccf4714413191a52eb924b60
BUG=678461
Change-Id: I9a9e7eb03d1da085f8eb15a221a6bc0a91736662
Reviewed-on: https://pdfium-review.googlesource.com/2165
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'third_party/libopenjpeg20/README.pdfium')
| -rw-r--r-- | third_party/libopenjpeg20/README.pdfium | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium index 2c8d93c1d0..283daf609f 100644 --- a/third_party/libopenjpeg20/README.pdfium +++ b/third_party/libopenjpeg20/README.pdfium @@ -32,4 +32,5 @@ Local Modifications: 0020-opj_aligned_malloc.patch: Prevent overflows when using opj_aligned_malloc(). 0021-tcd_init_tile_negative.patch: Prevent negative x, y values in opj_tcd_init_tile. 0022-jp2_apply_pclr_overflow.patch: Prevent integer overflow in opj_jp2_apply_pclr. +0023-opj_j2k_read_mct_records.patch: Fix opj_j2k_read to prevent heap-use-after-free. TODO(thestig): List all the other patches. |