diff options
-rw-r--r-- | core/fxcodec/jbig2/JBig2_SddProc.cpp | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/core/fxcodec/jbig2/JBig2_SddProc.cpp b/core/fxcodec/jbig2/JBig2_SddProc.cpp index 1a7e96d26b..f6afb13497 100644 --- a/core/fxcodec/jbig2/JBig2_SddProc.cpp +++ b/core/fxcodec/jbig2/JBig2_SddProc.cpp @@ -38,6 +38,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Arith( uint32_t SBNUMSYMS; uint8_t SBSYMCODELEN; int32_t RDXI, RDYI; + uint32_t num_ex_syms; CJBig2_Image** SBSYMS; std::unique_ptr<CJBig2_ArithIaidDecoder> IAID; std::unique_ptr<CJBig2_SymbolDict> pDict; @@ -235,6 +236,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Arith( EXINDEX = 0; CUREXFLAG = 0; EXFLAGS = FX_Alloc(FX_BOOL, SDNUMINSYMS + SDNUMNEWSYMS); + num_ex_syms = 0; while (EXINDEX < SDNUMINSYMS + SDNUMNEWSYMS) { IAEX->decode(pArithDecoder, (int*)&EXRUNLENGTH); if (EXINDEX + EXRUNLENGTH > SDNUMINSYMS + SDNUMNEWSYMS) { @@ -243,12 +245,19 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Arith( } if (EXRUNLENGTH != 0) { for (I = EXINDEX; I < EXINDEX + EXRUNLENGTH; I++) { + if (CUREXFLAG) + num_ex_syms++; EXFLAGS[I] = CUREXFLAG; } } EXINDEX = EXINDEX + EXRUNLENGTH; CUREXFLAG = !CUREXFLAG; } + if (num_ex_syms > SDNUMEXSYMS) { + FX_Free(EXFLAGS); + goto failed; + } + pDict.reset(new CJBig2_SymbolDict); I = J = 0; for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) { @@ -303,6 +312,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman( int32_t RDXI, RDYI; uint32_t BMSIZE; uint32_t stride; + uint32_t num_ex_syms; CJBig2_Image** SBSYMS; std::unique_ptr<CJBig2_HuffmanDecoder> pHuffmanDecoder( new CJBig2_HuffmanDecoder(pStream)); @@ -555,6 +565,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman( pTable.reset(new CJBig2_HuffmanTable(HuffmanTable_B1, HuffmanTable_B1_Size, HuffmanTable_HTOOB_B1)); EXFLAGS = FX_Alloc(FX_BOOL, SDNUMINSYMS + SDNUMNEWSYMS); + num_ex_syms = 0; while (EXINDEX < SDNUMINSYMS + SDNUMNEWSYMS) { if (pHuffmanDecoder->decodeAValue(pTable.get(), (int*)&EXRUNLENGTH) != 0) { FX_Free(EXFLAGS); @@ -566,12 +577,20 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman( } if (EXRUNLENGTH != 0) { for (I = EXINDEX; I < EXINDEX + EXRUNLENGTH; I++) { + if (CUREXFLAG) + num_ex_syms++; + EXFLAGS[I] = CUREXFLAG; } } EXINDEX = EXINDEX + EXRUNLENGTH; CUREXFLAG = !CUREXFLAG; } + if (num_ex_syms > SDNUMEXSYMS) { + FX_Free(EXFLAGS); + goto failed; + } + I = J = 0; for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) { if (EXFLAGS[I] && J < SDNUMEXSYMS) { |