From 026f3d306d339585612d63a9f6ac5ed8839a3179 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Fri, 17 Feb 2017 13:15:02 -0500 Subject: Libopenjpeg upstream fix for undefined shift MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Patch: https://github.com/uclouvain/openjpeg/commit/20789fed4ec7746e938dd2934a1fb5aa352f4d12 BUG=657440 Change-Id: Ic2320cd4baabbd7bc09ec428c5f49b7ab3e7eb66 Reviewed-on: https://pdfium-review.googlesource.com/2795 Reviewed-by: Tom Sepez Commit-Queue: Nicolás Peña --- .../0027-undefined-shift-opj_t1_decode_cblk.patch | 13 +++++++++++++ third_party/libopenjpeg20/README.pdfium | 1 + third_party/libopenjpeg20/t1.c | 2 +- 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 third_party/libopenjpeg20/0027-undefined-shift-opj_t1_decode_cblk.patch diff --git a/third_party/libopenjpeg20/0027-undefined-shift-opj_t1_decode_cblk.patch b/third_party/libopenjpeg20/0027-undefined-shift-opj_t1_decode_cblk.patch new file mode 100644 index 0000000000..7ba877ab98 --- /dev/null +++ b/third_party/libopenjpeg20/0027-undefined-shift-opj_t1_decode_cblk.patch @@ -0,0 +1,13 @@ +diff --git a/third_party/libopenjpeg20/t1.c b/third_party/libopenjpeg20/t1.c +index a119db1f7..1ad850c77 100644 +--- a/third_party/libopenjpeg20/t1.c ++++ b/third_party/libopenjpeg20/t1.c +@@ -1411,7 +1411,7 @@ static OPJ_BOOL opj_t1_decode_cblk(opj_t1_t *t1, + } + } + +- for (passno = 0; passno < seg->real_num_passes; ++passno) { ++ for (passno = 0; (passno < seg->real_num_passes) && (bpno_plus_one >= 1); ++passno) { + switch (passtype) { + case 0: + if (type == T1_TYPE_RAW) { diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium index 8ed63771f7..ea8f5239ba 100644 --- a/third_party/libopenjpeg20/README.pdfium +++ b/third_party/libopenjpeg20/README.pdfium @@ -36,4 +36,5 @@ Local Modifications: 0024-l_marker_size_check.patch: Return error before overflow in opj_j2k_read_header_procedure. 0025-opj_j2k_add_mct_null_data.patch: Check m_data != null before trying to read from it. 0026-use_opj_uint_ceildiv.patch: Remove (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)a, (OPJ_INT32) b). +0027-undefined-shift-opj_t1_decode_cblk.patch: upstream fix for a ubsan bug. TODO(thestig): List all the other patches. diff --git a/third_party/libopenjpeg20/t1.c b/third_party/libopenjpeg20/t1.c index a119db1f76..1ad850c77e 100644 --- a/third_party/libopenjpeg20/t1.c +++ b/third_party/libopenjpeg20/t1.c @@ -1411,7 +1411,7 @@ static OPJ_BOOL opj_t1_decode_cblk(opj_t1_t *t1, } } - for (passno = 0; passno < seg->real_num_passes; ++passno) { + for (passno = 0; (passno < seg->real_num_passes) && (bpno_plus_one >= 1); ++passno) { switch (passtype) { case 0: if (type == T1_TYPE_RAW) { -- cgit v1.2.3