summaryrefslogtreecommitdiff
path: root/third_party
diff options
context:
space:
mode:
authorNicolas Pena <npm@chromium.org>2017-05-09 14:56:06 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-05-09 19:46:29 +0000
commitfe5c7c28c2f048eda4aa58cb8932d0d6f3f98114 (patch)
treed8bc200fcbbe9928641a0e7ced0cb6d9f0f0819e /third_party
parent6161445d85f28115519985e616039623b970b0a1 (diff)
downloadpdfium-fe5c7c28c2f048eda4aa58cb8932d0d6f3f98114.tar.xz
LibOpenJPEG: restrict l_img_comp->prec to avoid undefined shift
The 38 value seems arbitrary, and the prec is used in OPJ_INT32 with 1 << (prec - 1). So limit it to be at most 31, and avoid undefined shifts. Bug: chromium:698498 Change-Id: I840f2e65231ac7847ed26bcaea36471a53be49e8 Reviewed-on: https://pdfium-review.googlesource.com/5173 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
Diffstat (limited to 'third_party')
-rw-r--r--third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch16
-rw-r--r--third_party/libopenjpeg20/README.pdfium1
-rw-r--r--third_party/libopenjpeg20/j2k.c4
3 files changed, 19 insertions, 2 deletions
diff --git a/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch b/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch
new file mode 100644
index 0000000000..f89025fa72
--- /dev/null
+++ b/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch
@@ -0,0 +1,16 @@
+diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c
+index cb5a28373..9e35de186 100644
+--- a/third_party/libopenjpeg20/j2k.c
++++ b/third_party/libopenjpeg20/j2k.c
+@@ -2121,9 +2121,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
+ i, l_img_comp->dx, l_img_comp->dy);
+ return OPJ_FALSE;
+ }
+- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
++ if( l_img_comp->prec > 31) { /* TODO openjpeg won't handle more than ? */
+ opj_event_msg(p_manager, EVT_ERROR,
+- "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
++ "Invalid values for comp = %d : prec=%u (should be between 1 and 31 according to the JPEG2000 norm)\n",
+ i, l_img_comp->prec);
+ return OPJ_FALSE;
+ }
diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium
index d73c72b827..cae9a9a98e 100644
--- a/third_party/libopenjpeg20/README.pdfium
+++ b/third_party/libopenjpeg20/README.pdfium
@@ -41,4 +41,5 @@ Local Modifications:
0029-avoid-division-by-0: fix some /0 and %0 in pi.c (caused by bad shifts).
0030-undefined-shift-opj_get_all_encoding_parameters.patch: fix undefined shift in pi.c method.
0031-undefined-shift-opj_bio_read.patch: fix undefined shift in bio.c method.
+0032-undefined-shift-opj_j2k_read_siz.patch: fix undefined shift in j2k.c method.
TODO(thestig): List all the other patches.
diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c
index cb5a283732..9e35de1861 100644
--- a/third_party/libopenjpeg20/j2k.c
+++ b/third_party/libopenjpeg20/j2k.c
@@ -2121,9 +2121,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
i, l_img_comp->dx, l_img_comp->dy);
return OPJ_FALSE;
}
- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
+ if( l_img_comp->prec > 31) { /* TODO openjpeg won't handle more than ? */
opj_event_msg(p_manager, EVT_ERROR,
- "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
+ "Invalid values for comp = %d : prec=%u (should be between 1 and 31 according to the JPEG2000 norm)\n",
i, l_img_comp->prec);
return OPJ_FALSE;
}