diff options
author | Nicolas Pena <npm@chromium.org> | 2017-05-09 14:56:06 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-05-09 19:46:29 +0000 |
commit | fe5c7c28c2f048eda4aa58cb8932d0d6f3f98114 (patch) | |
tree | d8bc200fcbbe9928641a0e7ced0cb6d9f0f0819e /third_party | |
parent | 6161445d85f28115519985e616039623b970b0a1 (diff) | |
download | pdfium-fe5c7c28c2f048eda4aa58cb8932d0d6f3f98114.tar.xz |
LibOpenJPEG: restrict l_img_comp->prec to avoid undefined shift
The 38 value seems arbitrary, and the prec is used in OPJ_INT32 with 1 <<
(prec - 1). So limit it to be at most 31, and avoid undefined shifts.
Bug: chromium:698498
Change-Id: I840f2e65231ac7847ed26bcaea36471a53be49e8
Reviewed-on: https://pdfium-review.googlesource.com/5173
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
Diffstat (limited to 'third_party')
-rw-r--r-- | third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch | 16 | ||||
-rw-r--r-- | third_party/libopenjpeg20/README.pdfium | 1 | ||||
-rw-r--r-- | third_party/libopenjpeg20/j2k.c | 4 |
3 files changed, 19 insertions, 2 deletions
diff --git a/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch b/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch new file mode 100644 index 0000000000..f89025fa72 --- /dev/null +++ b/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch @@ -0,0 +1,16 @@ +diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c +index cb5a28373..9e35de186 100644 +--- a/third_party/libopenjpeg20/j2k.c ++++ b/third_party/libopenjpeg20/j2k.c +@@ -2121,9 +2121,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, + i, l_img_comp->dx, l_img_comp->dy); + return OPJ_FALSE; + } +- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ ++ if( l_img_comp->prec > 31) { /* TODO openjpeg won't handle more than ? */ + opj_event_msg(p_manager, EVT_ERROR, +- "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", ++ "Invalid values for comp = %d : prec=%u (should be between 1 and 31 according to the JPEG2000 norm)\n", + i, l_img_comp->prec); + return OPJ_FALSE; + } diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium index d73c72b827..cae9a9a98e 100644 --- a/third_party/libopenjpeg20/README.pdfium +++ b/third_party/libopenjpeg20/README.pdfium @@ -41,4 +41,5 @@ Local Modifications: 0029-avoid-division-by-0: fix some /0 and %0 in pi.c (caused by bad shifts). 0030-undefined-shift-opj_get_all_encoding_parameters.patch: fix undefined shift in pi.c method. 0031-undefined-shift-opj_bio_read.patch: fix undefined shift in bio.c method. +0032-undefined-shift-opj_j2k_read_siz.patch: fix undefined shift in j2k.c method. TODO(thestig): List all the other patches. diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c index cb5a283732..9e35de1861 100644 --- a/third_party/libopenjpeg20/j2k.c +++ b/third_party/libopenjpeg20/j2k.c @@ -2121,9 +2121,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, i, l_img_comp->dx, l_img_comp->dy); return OPJ_FALSE; } - if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ + if( l_img_comp->prec > 31) { /* TODO openjpeg won't handle more than ? */ opj_event_msg(p_manager, EVT_ERROR, - "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", + "Invalid values for comp = %d : prec=%u (should be between 1 and 31 according to the JPEG2000 norm)\n", i, l_img_comp->prec); return OPJ_FALSE; } |