summaryrefslogtreecommitdiff
path: root/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp
AgeCommit message (Collapse)Author
2017-11-30Prevent integer overflow in CJBig2_HuffmanTable::ParseFromCodedBufferNicolas Pena
In this CL we prevent integer overflow by checking that the integers are in the appropriate range before casting from unsigned to signed. Bug: 789524 Change-Id: I41572849f18ffb0f0739c80130ee6b5061845d29 Reviewed-on: https://pdfium-review.googlesource.com/20011 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-04-10Use checked_numeric to guard shiftDan Sinclair
It's possible for the RANGELEN[NTEMP] value to be larger then 32. This will make the shift invalid if the 1 is an int. This CL changes to 1L and uses the CheckedNumeric to validate that the result is inside the needed range for an int. Bug: chromium:708439 Change-Id: I1f0359985c2d7769367bd0edcf5e081f5bb58816 Reviewed-on: https://pdfium-review.googlesource.com/3991 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-10Guard against negative shift in jbig2 huffman initializationDan Sinclair
Depending on the code table, it's possible to have the largest PREFLEN value in the huffman table to be > 32. This will, potentially, cause the calcuation of ((FIRSTCODE[i - 1] + LENCOUNT[i - 1]) << 1 to overflow the int value and cause a negative shift. This Cl checks the shift value and failes the initialization if we would shift a negative value. Bug: chromium:709781 Change-Id: Ia165a01ba9412e31c5e5a43717d415fcb42eafe5 Reviewed-on: https://pdfium-review.googlesource.com/3990 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-03Check for overflow in JBig2 Huffman decoderDan Sinclair
This CL updates the Huffman decoder in the JBig2 codex to check the low field does not overflow. BUG=chromium:675236 Change-Id: I7f5f6fe8329df4ece6f317fac521fe2373686479 Reviewed-on: https://pdfium-review.googlesource.com/2131 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2016-10-06Reject JBig2 Huffman table with too large shift valuekcwu
BUG=chromium:653044 Review-Url: https://codereview.chromium.org/2397783002
2016-09-29Move core/fxcrt/include to core/fxcrtdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2382723003
2016-03-25Remove FX_DWORD from core/ and delete definitionchromium/2695chromium/2694chromium/2693chromium/2692tsepez
Review URL: https://codereview.chromium.org/1832173003
2016-03-23Move core/include/fxcrt to core/fxcrt/include.Dan Sinclair
This CL moves the fxcrt code into the core/fxcrt directory. The only exception was fx_bidi.h which was moved into core/fxcrt as it is not used outside of core/. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1825953002 .
2016-03-14Move core/src/ up to core/.Dan Sinclair
This CL moves the core/src/ files up to core/ and fixes up the include guards, includes and build files. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1800523005 .
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 05:03:09 +0000