From 0294f3d06517265a3b63ec3238b32f77d92a71bf Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Mon, 12 Feb 2018 22:48:25 +0000 Subject: Fix signedness in CJBig2_HuffmanTable, and add overflow check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: 808902 Change-Id: Iad5ab63eeedc3ea85001337ba73626178c71f8b8 Reviewed-on: https://pdfium-review.googlesource.com/26470 Reviewed-by: Tom Sepez Commit-Queue: Nicolás Peña Moreno --- core/fxcodec/jbig2/JBig2_HuffmanTable.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp index 1127f52a52..83f9fed010 100644 --- a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp +++ b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp @@ -53,9 +53,7 @@ bool CJBig2_HuffmanTable::ParseFromCodedBuffer(CJBig2_BitStream* pStream) { uint32_t HTLOW; uint32_t HTHIGH; if (pStream->readInteger(&HTLOW) == -1 || - pStream->readInteger(&HTHIGH) == -1 || - HTLOW > static_cast(std::numeric_limits::max()) || - HTHIGH > static_cast(std::numeric_limits::max())) { + pStream->readInteger(&HTHIGH) == -1) { return false; } @@ -87,6 +85,9 @@ bool CJBig2_HuffmanTable::ParseFromCodedBuffer(CJBig2_BitStream* pStream) { return false; RANGELEN[NTEMP] = 32; + if (low == std::numeric_limits::min()) + return false; + RANGELOW[NTEMP] = low - 1; ExtendBuffers(true); -- cgit v1.2.3