summaryrefslogtreecommitdiff
path: root/core/fxcodec/jbig2
diff options
context:
space:
mode:
Diffstat (limited to 'core/fxcodec/jbig2')
-rw-r--r--core/fxcodec/jbig2/JBig2_GrdProc.cpp7
-rw-r--r--core/fxcodec/jbig2/JBig2_GrrdProc.cpp4
2 files changed, 8 insertions, 3 deletions
diff --git a/core/fxcodec/jbig2/JBig2_GrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
index 764723bc6d..1d76f9053d 100644
--- a/core/fxcodec/jbig2/JBig2_GrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
@@ -45,8 +45,10 @@ bool CJBig2_GRDProc::UseTemplate23Opt3() const {
std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::decode_Arith(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext) {
- if (GBW == 0 || GBH == 0)
+ if (GBW == 0 || GBW > JBIG2_MAX_IMAGE_SIZE || GBH == 0 ||
+ GBH > JBIG2_MAX_IMAGE_SIZE) {
return pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+ }
if (GBTEMPLATE == 0) {
if (UseTemplate0Opt3())
@@ -639,7 +641,8 @@ FXCODEC_STATUS CJBig2_GRDProc::Start_decode_Arith(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext,
IFX_Pause* pPause) {
- if (GBW == 0 || GBH == 0) {
+ if (GBW == 0 || GBW > JBIG2_MAX_IMAGE_SIZE || GBH == 0 ||
+ GBH > JBIG2_MAX_IMAGE_SIZE) {
m_ProssiveStatus = FXCODEC_STATUS_DECODE_FINISH;
return FXCODEC_STATUS_DECODE_FINISH;
}
diff --git a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
index 11fa39945d..049e50a1a9 100644
--- a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
@@ -16,8 +16,10 @@
std::unique_ptr<CJBig2_Image> CJBig2_GRRDProc::decode(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* grContext) {
- if (GRW == 0 || GRH == 0)
+ if (GRW == 0 || GRW > JBIG2_MAX_IMAGE_SIZE || GRH == 0 ||
+ GRH > JBIG2_MAX_IMAGE_SIZE) {
return pdfium::MakeUnique<CJBig2_Image>(GRW, GRH);
+ }
if (!GRTEMPLATE) {
if ((GRAT[0] == -1) && (GRAT[1] == -1) && (GRAT[2] == -1) &&