summaryrefslogtreecommitdiff
path: root/core/fxcodec/jbig2
AgeCommit message (Collapse)Author
2018-04-23Add more image size checks in CJBig2_Context.Lei Zhang
BUG=chromium:834557 Change-Id: I8fb8d74f87097b39608c3f83f2fa1c4e49e69980 Reviewed-on: https://pdfium-review.googlesource.com/31170 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2018-03-06Rename core/fxcrt IFX files to IfaceDan Sinclair
This CL renames the 3 IFX files in core/fxcrt to Iface instead. Change-Id: I7cee6836650b71bc5c5729a8147fda62f0910fe3 Reviewed-on: https://pdfium-review.googlesource.com/27970 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2018-02-26Shrink some tables and kill dead code in xfa.Tom Sepez
Change-Id: Ic1260417e7d1475dd518655b2ab08f0184955d88 Reviewed-on: https://pdfium-review.googlesource.com/27170 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2018-02-12Fix signedness in CJBig2_HuffmanTable, and add overflow checkNicolas Pena
Bug: 808902 Change-Id: Iad5ab63eeedc3ea85001337ba73626178c71f8b8 Reviewed-on: https://pdfium-review.googlesource.com/26470 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2018-01-30Revert "Revert "Use UnownedPtr instead of T* in MaybeOwned.""Tom Sepez
This reverts commit 77d8ed02c7e97471ceccee5abbabeb2fdea413c7. Reason for revert: <INSERT REASONING HERE> Original change's description: > Revert "Use UnownedPtr instead of T* in MaybeOwned." > > This reverts commit e563e8352139e4852a955e319023b09f2844aee9. > > Reason for revert: <INSERT REASONING HERE> > > Original change's description: > > Use UnownedPtr instead of T* in MaybeOwned. > > > > Always check the liftime in the unowned case. Doing so unearthed > > the following issues: > > > > Transient lifetime issue in jbig2_image when doing realloc(). > > Stale (but unused) dictionary pointer in CPDF_Image. > > Destruction order in error branch in cpdf_dibsource.cpp > > > > Change-Id: I12b758aafeefedc7abe1e8b21a18db959929e95f > > Reviewed-on: https://pdfium-review.googlesource.com/24552 > > Commit-Queue: Tom Sepez <tsepez@chromium.org> > > Reviewed-by: dsinclair <dsinclair@chromium.org> > > TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org > > Change-Id: I3c56ee6ab502da90e3adb7507dbc8cc92f090140 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://pdfium-review.googlesource.com/24670 > Reviewed-by: Tom Sepez <tsepez@chromium.org> > Commit-Queue: Tom Sepez <tsepez@chromium.org> TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org Change-Id: I0ccbbeab8be6cadc9b3a5bfefe2aca733654342f No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://pdfium-review.googlesource.com/24671 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-01-30Revert "Use UnownedPtr instead of T* in MaybeOwned."Tom Sepez
This reverts commit e563e8352139e4852a955e319023b09f2844aee9. Reason for revert: <INSERT REASONING HERE> Original change's description: > Use UnownedPtr instead of T* in MaybeOwned. > > Always check the liftime in the unowned case. Doing so unearthed > the following issues: > > Transient lifetime issue in jbig2_image when doing realloc(). > Stale (but unused) dictionary pointer in CPDF_Image. > Destruction order in error branch in cpdf_dibsource.cpp > > Change-Id: I12b758aafeefedc7abe1e8b21a18db959929e95f > Reviewed-on: https://pdfium-review.googlesource.com/24552 > Commit-Queue: Tom Sepez <tsepez@chromium.org> > Reviewed-by: dsinclair <dsinclair@chromium.org> TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org Change-Id: I3c56ee6ab502da90e3adb7507dbc8cc92f090140 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://pdfium-review.googlesource.com/24670 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2018-01-30Use UnownedPtr instead of T* in MaybeOwned.Tom Sepez
Always check the liftime in the unowned case. Doing so unearthed the following issues: Transient lifetime issue in jbig2_image when doing realloc(). Stale (but unused) dictionary pointer in CPDF_Image. Destruction order in error branch in cpdf_dibsource.cpp Change-Id: I12b758aafeefedc7abe1e8b21a18db959929e95f Reviewed-on: https://pdfium-review.googlesource.com/24552 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2018-01-18Avoid integer overflows in CJBig2_Image::composeTo_opt2().Lei Zhang
BUG=chromium:802983 Change-Id: I866ece9c370bf05571b76b50ad23598f5038332b Reviewed-on: https://pdfium-review.googlesource.com/23151 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-01-18Declare variables closer to use in CJBig2_Image::composeTo_opt2().Lei Zhang
Change-Id: Ifabaf71bb45ffa7e9af7da4acb21d8757e9596ce Reviewed-on: https://pdfium-review.googlesource.com/23150 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-01-15Revert "Check for success of decodes to avoid infinite loops"Nicolás Peña Moreno
This reverts commit dca380ffe0571be4023b11b06b8aecad9934bb06. Reason for revert: Causes missing text in a user's PDF Original change's description: > Check for success of decodes to avoid infinite loops > > Bug: 790693 > Change-Id: I9b1d87e024229d8b01f55ec554e2cc544db6ac06 > Reviewed-on: https://pdfium-review.googlesource.com/20230 > Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> > Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> TBR=npm@chromium.org,hnakashima@chromium.org,rharrison@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 790693 Change-Id: I886b14e120c34da757a96f8a1f9c6a081d8326b6 Reviewed-on: https://pdfium-review.googlesource.com/22950 Reviewed-by: Nicolás Peña Moreno <npm@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-12-11Remove default arguments to CPDF_StreamAcc::LoadAllData().Lei Zhang
Add LoadAllDataFiltered() and LoadAllDataRaw() and update callers. Change-Id: I9b80ee34a358db204968acdc8b1adc9db0b6b83f Reviewed-on: https://pdfium-review.googlesource.com/20810 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-12-01Get rid of else after break/continue/return.chromium/3284chromium/3283Lei Zhang
Change-Id: I3efc57cd7325d16e3ca8ebdeeaec06012b2c56e3 Reviewed-on: https://pdfium-review.googlesource.com/20110 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-12-01Check for success of decodes to avoid infinite loopsNicolas Pena
Bug: 790693 Change-Id: I9b1d87e024229d8b01f55ec554e2cc544db6ac06 Reviewed-on: https://pdfium-review.googlesource.com/20230 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-30Prevent integer overflow in CJBig2_HuffmanTable::ParseFromCodedBufferNicolas Pena
In this CL we prevent integer overflow by checking that the integers are in the appropriate range before casting from unsigned to signed. Bug: 789524 Change-Id: I41572849f18ffb0f0739c80130ee6b5061845d29 Reviewed-on: https://pdfium-review.googlesource.com/20011 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-28Remove CollectionSize from JBig2_ContextDan Sinclair
Bug: pdfium:774 Change-Id: Ie7674ac55dea6284a0d974cef107ef357197a06b Reviewed-on: https://pdfium-review.googlesource.com/19610 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2017-11-10Check for decoder completeness in CJBig2_GRRDProcNicolas Pena
This CL adds checks in CJBig2_GRRDProc to verify if the decoder is completed before trying to decode. This is currently done in all decoding calls in CJBig2_GRDProc. Bug: chromium:782826 Change-Id: Ifb4ee4d09e8357e969aefa107b4dafbc2284324b Reviewed-on: https://pdfium-review.googlesource.com/18333 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-09Rename some methods in CJBig2_Contextchromium/3264Nicolas Pena
This CL improves some method names and does other basic cleanup. Change-Id: I32ea88ff29383e9685d4c686625088c96f73f035 Reviewed-on: https://pdfium-review.googlesource.com/18210 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-08Prevent cyclic offset on CJBig2_ContextNicolas Pena
This CL changes the type of |m_dwOffset| to safe unsigned integer to prevent the offset from cycling from MAX_UINT32 back to 0. Bug: chromium:778912 Change-Id: Ib93a8392e52eecf2cc223438ac85e9dc529b0f43 Reviewed-on: https://pdfium-review.googlesource.com/18130 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-07Use MaybeOwned in CJBig2_ImageNicolas Pena
Change-Id: Id53cbb8c95f6eb929f6e4eb57333daa24f1b776f Reviewed-on: https://pdfium-review.googlesource.com/18010 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-07More FX_SAFE_INT32 in CJBig2_TRDProcNicolas Pena
Bug: chromium:781780 Change-Id: Ie92d8b570c37e9b3364d1ff4502f444a275ee6c2 Reviewed-on: https://pdfium-review.googlesource.com/17910 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-10-30More safe ints in CJBig2_TRDProcNicolas Pena
Bug: chromium:778961 Change-Id: I1d08b3282304931276c24e50392c10b21780dcde Reviewed-on: https://pdfium-review.googlesource.com/16971 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-10-25Enforce end of data in CJBig2_ArithDecoderNicolas Pena
Quoting the JBIG2 spec: "If B is a 0xFF byte, then B1 (the byte pointed to by BP+1) is tested. If B1 exceeds 0x8F, then B1 must be one of the marker codes. The marker code is interpreted as required, and the buffer pointer remains pointed to the 0xFF prefix of the marker code which terminates the arithmetically compressed data. 1-bits are then fed to the decoder until the decoding is complete. This is shown by adding 0xFF00 to the C-register and setting the bit counter CT to 8." Our implementation is the alternative (faster for software according to the spec), where only CT is changed to 8. Reaching this part of the code means we will never read from stream again so we should be wrapping up the decoding. To ensure this, the |m_Complete| attribute is set to true if we reach this code again, which will result in bailing out next time DECODE is called. Bug: 767156 Change-Id: I434d46bc7914713a065f0e4da079bbc9b5dd216c Reviewed-on: https://pdfium-review.googlesource.com/16791 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-10-23Fix some integer overflows in CJBig2_TRDProcNicolas Pena
Bug: 649278 Change-Id: Ib9084f6d9bb7dc7bf3713faa22d3a26822a96681 Reviewed-on: https://pdfium-review.googlesource.com/16550 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-10-02Removing unused definesDan Sinclair
Remove unused defines. Change-Id: Ibf10d8470f19cbf4528fe1342398a39ef15c1d12 Reviewed-on: https://pdfium-review.googlesource.com/15110 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2017-09-21Move CFX_UnownedPtr to UnownedPtrDan Sinclair
This CL moves CFX_UnownedPtr to UnownedPtr and places in the fxcrt namespace. Bug: pdfium:898 Change-Id: I6d1fa463f365e5cb3aafa8c8a7a5f7eff62ed8e0 Reviewed-on: https://pdfium-review.googlesource.com/14620 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-09-21Rename CFX_RetainPtr to RetainPtrDan Sinclair
This CL renames CFX_RetainPtr to RetainPtr and places in the fxcrt namespace. Bug: pdfium:898 Change-Id: I8798a9f79cb0840d3f037e8d04937cedd742914e Reviewed-on: https://pdfium-review.googlesource.com/14616 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-09-21Move CFX_MaybeOwned to fxcrt::MaybeOwnedDan Sinclair
This CL moves CFX_MaybeOwned into the fxcrt namespace and removes the CFX_ prefix. The test names for maybe owned were updated to be in the MaybeOned test suite instead of the fxcrt suite. Bug: pdfium:898 Change-Id: I0c07057d66c8610e7b19133094b4507fff725e76 Reviewed-on: https://pdfium-review.googlesource.com/14470 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-09-14Fix decoding of JBIG2 integers for values with large magnitude.Henrique Nakashima
Now considering anything not representable by a 32-bit signed int as OOB rather than decoding some arbitrary overflowed value. Bug: chromium:761666 Change-Id: I00f5a3abadca51f9bedc5e5d78f7f184040c2f33 Reviewed-on: https://pdfium-review.googlesource.com/14010 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2017-08-31Remove fx_basic.hDan Sinclair
This CL removes the fx_basic.h header and fixes up includes as needed. Change-Id: I49af32a8327bdbcda40c50a61ffbd75d06609040 Reviewed-on: https://pdfium-review.googlesource.com/12670 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-31Use vector instead of pointer in CJBig2_SegmentNicolas Pena
Change-Id: Ic54e0491d9b33a06b5f85963f8127bfa4263f4d6 Reviewed-on: https://pdfium-review.googlesource.com/12450 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-31Split IFX_Pause out of fx_basicDan Sinclair
This CL moves IFX_Pause out to its own class from fx_basic and updates includes as needed. Change-Id: Iebdd183d8c85aa17570f190f1a7d1602c0af3c8b Reviewed-on: https://pdfium-review.googlesource.com/12491 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-30Fix undefined shift in CJBig2_Context::decodeSymbolIDHuffmanTableNicolas Pena
Bug: chromium:755532 Change-Id: Ib04426fab52d0ca1d2544a21fd2ce4faaa57123f Reviewed-on: https://pdfium-review.googlesource.com/12430 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-28Add helper methods in CJBig2_GRRDProc.Lei Zhang
Refactor identical code used in decode_Template0_unopt() into their own methods. Change-Id: I37348a280ecc66d91fdcd3c9aabe49d2a8065417 Reviewed-on: https://pdfium-review.googlesource.com/11950 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-28Skip decoding of excessively large JBIG2 images.Lei Zhang
BUG=chromium:749610. Change-Id: I4de7855aec552e6c143e7a8be6b90e44945a0fcb Reviewed-on: https://pdfium-review.googlesource.com/11930 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-20Create helper method in CJBig2_HTRDProcNicolas Pena
This CL creates CJBig2_HTRDProc::decode_image to reduce duplicated code in the class. Change-Id: Ie348179c96ff534f95cba401c4b9bd46e1c4e6ac Reviewed-on: https://pdfium-review.googlesource.com/8410 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-19Remove JBig2_GsidProc classNicolas Pena
This CL removes the JBig2_GsidProc since it is only used as a single instance in each of the methods in CJBig2_HTRDProc, so it is completely unnecessary. Change-Id: I69d0a4a059b9eb6ebcbbb79b92ea1cd6c22cb1cb Reviewed-on: https://pdfium-review.googlesource.com/7930 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-07-17Simplify CJBig2_Context::huffman_assign_codeNicolas Pena
This CL removes duplicate huffman_assign_code()s and changes some return values and members to std::vector. Change-Id: I47a1e0e2e88ff54ec799c97e92ec9ff5ca87c6c7 Reviewed-on: https://pdfium-review.googlesource.com/7910 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-14Use CFX_MaybeOwned in CJBig2_TRDProcNicolas Pena
Change-Id: I874c537454bda024224a01c905b7ba01a90a6970 Reviewed-on: https://pdfium-review.googlesource.com/7732 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-14More unique_ptrs in JBIG2 code part 2Nicolas Pena
This CL makes HDPATS in CJBig2_PatternDict be a vector of unique_ptr. Change-Id: Ib23aed6323d4a988b2eedc4bfe95f2098d32c188 Reviewed-on: https://pdfium-review.googlesource.com/7871 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-13More unique_ptrs in JBig2 codeNicolas Pena
This CL makes CJBig2_Segment own the results: symbol, pattern, huffman, and huffman. This causes a lot more unique_ptr usage in JBig2 code. Change-Id: I1f0a5bfaaf85053658b467bef5325c72d1f496c7 Reviewed-on: https://pdfium-review.googlesource.com/7690 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-26IFX_Pause is passed to CJBig2_Context, no need to store.chromium/3113Tom Sepez
Avoids the possibility of having a stale pointer in the context. Bug: 726653 Change-Id: I8b41d2ab04e7ab07e694431b53491b3d0861e4ee Reviewed-on: https://pdfium-review.googlesource.com/6074 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-26Pass CJBig2_ArithDecoder to CJBig2_GRDProc as needed.Tom Sepez
Avoid holding a stale pointer to it in CJBig2_GRDProc. Bug: 726732 Change-Id: Ia3797a3e087f61bd2126f867fd5a282e873de5bc Reviewed-on: https://pdfium-review.googlesource.com/6050 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-25Mass conversion of remaining class members (non-xfa)Tom Sepez
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3 Reviewed-on: https://pdfium-review.googlesource.com/5970 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Mass conversion of all const-lifetime class membersTom Sepez
Sed + minimal conversions to compile, including moving some constructors into the .cpp file. Any that caused ASAN issues during the tests were omitted rather than trying to resolve the underlying issue. Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335 Reviewed-on: https://pdfium-review.googlesource.com/5891 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-05More unused IFX_Pause parameters removedchromium/3091Dan Sinclair
Remove IFX_Pause parameters which are passed but not used. Change-Id: I51a491c7f9a429676d114a387390fac3ae65e187 Reviewed-on: https://pdfium-review.googlesource.com/4950 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-04Remove unused IFX_Pause memberDan Sinclair
The IFX_Pause param is stored but never used. Remove. Change-Id: I9e5298fc05c6d408873b7bee307a76dcf3d2d4da Reviewed-on: https://pdfium-review.googlesource.com/4931 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-10Guard against negative shift in nVal calculationDan Sinclair
It's possible for the nVal to become negative as it is shifted. This Cl changes nVal to be a checked_numeric and bails out if the shift is invalid. Bug: chromium:708504 Change-Id: Ia2ebbc828ece7f7d443432542784b39defe6a897 Reviewed-on: https://pdfium-review.googlesource.com/4010 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-10Use checked_numeric to guard shiftDan Sinclair
It's possible for the RANGELEN[NTEMP] value to be larger then 32. This will make the shift invalid if the 1 is an int. This CL changes to 1L and uses the CheckedNumeric to validate that the result is inside the needed range for an int. Bug: chromium:708439 Change-Id: I1f0359985c2d7769367bd0edcf5e081f5bb58816 Reviewed-on: https://pdfium-review.googlesource.com/3991 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-10Guard against negative shift in jbig2 huffman initializationDan Sinclair
Depending on the code table, it's possible to have the largest PREFLEN value in the huffman table to be > 32. This will, potentially, cause the calcuation of ((FIRSTCODE[i - 1] + LENCOUNT[i - 1]) << 1 to overflow the int value and cause a negative shift. This Cl checks the shift value and failes the initialization if we would shift a negative value. Bug: chromium:709781 Change-Id: Ia165a01ba9412e31c5e5a43717d415fcb42eafe5 Reviewed-on: https://pdfium-review.googlesource.com/3990 Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-04Remove a couple checks for MakeUnique failures.Lei Zhang
Combine some common CCodec_Jbig2Module code. Change-Id: I9a046314bc0e9dddc9a8c1a06b37764e9f3cc4b6 Reviewed-on: https://pdfium-review.googlesource.com/3713 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>