Fix an integer overflow in opj_tcd_get_decoded_tile_size().chromium/2810 chromium/2809

Based on suggested patch by reporter. BUG=629919 Review-Url: https://codereview.chromium.org/2182683002
author: ochang <ochang@chromium.org> 2016-07-25 15:09:34 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-07-25 15:09:34 -0700
commit: d8cc503575463ff3d81b22dad292665f2c88911e (patch)
tree: a6f1df9bb80ceeccc778c5ed186d9e4868b99506 /third_party/libopenjpeg20/j2k.c
parent: 22b05fc0f0cbfd3841b0963b577719fd16725081 (diff)
download: pdfium-d8cc503575463ff3d81b22dad292665f2c88911e.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c
index b5f6fe90f5..6346c21907 100644
--- a/third_party/libopenjpeg20/j2k.c
+++ b/third_party/libopenjpeg20/j2k.c
@@ -8028,6 +8028,10 @@ OPJ_BOOL opj_j2k_read_tile_header(      opj_j2k_t * p_j2k,
         *p_tile_index = p_j2k->m_current_tile_number;
         *p_go_on = OPJ_TRUE;
         *p_data_size = opj_tcd_get_decoded_tile_size(p_j2k->m_tcd);
+        if (*p_data_size == (OPJ_UINT32)-1) {
+                return OPJ_FALSE;
+        }
+
         *p_tile_x0 = p_j2k->m_tcd->tcd_image->tiles->x0;
         *p_tile_y0 = p_j2k->m_tcd->tcd_image->tiles->y0;
         *p_tile_x1 = p_j2k->m_tcd->tcd_image->tiles->x1;
author	ochang <ochang@chromium.org>	2016-07-25 15:09:34 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-07-25 15:09:34 -0700
commit	d8cc503575463ff3d81b22dad292665f2c88911e (patch)
tree	a6f1df9bb80ceeccc778c5ed186d9e4868b99506 /third_party/libopenjpeg20/j2k.c
parent	22b05fc0f0cbfd3841b0963b577719fd16725081 (diff)
download	pdfium-d8cc503575463ff3d81b22dad292665f2c88911e.tar.xz