From 06f255ca4040f3d73cf09f1dbd63a3b167f6a4c1 Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Thu, 8 Oct 2015 15:27:28 -0700 Subject: Fix a malloc/delete mismatch introduced in commit 8a9ce57. Just get rid of the malloc altogether and use CJBig2_List instead. BUG=540873 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1394933002 . --- core/src/fxcodec/jbig2/JBig2_GsidProc.cpp | 48 +++++++++++-------------------- core/src/fxcodec/jbig2/JBig2_List.h | 7 +++++ 2 files changed, 24 insertions(+), 31 deletions(-) diff --git a/core/src/fxcodec/jbig2/JBig2_GsidProc.cpp b/core/src/fxcodec/jbig2/JBig2_GsidProc.cpp index d89bb8f249..5f423c4b04 100644 --- a/core/src/fxcodec/jbig2/JBig2_GsidProc.cpp +++ b/core/src/fxcodec/jbig2/JBig2_GsidProc.cpp @@ -11,6 +11,7 @@ #include "JBig2_BitStream.h" #include "JBig2_GrdProc.h" #include "JBig2_Image.h" +#include "JBig2_List.h" FX_DWORD* CJBig2_GSIDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder, JBig2ArithCtx* gbContext, @@ -38,47 +39,32 @@ FX_DWORD* CJBig2_GSIDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder, pGRD->GBAT[7] = -2; } - nonstd::unique_ptr GSPLANES( - FX_Alloc(CJBig2_Image*, GSBPP)); - JBIG2_memset(GSPLANES.get(), 0, sizeof(CJBig2_Image*) * GSBPP); - FXCODEC_STATUS status = pGRD->Start_decode_Arith( - &GSPLANES.get()[GSBPP - 1], pArithDecoder, gbContext, nullptr); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) { - pGRD->Continue_decode(pPause); - } - if (!GSPLANES.get()[GSBPP - 1]) - return nullptr; - - int32_t J = GSBPP - 2; - while (J >= 0) { - FXCODEC_STATUS status = pGRD->Start_decode_Arith( - &GSPLANES.get()[J], pArithDecoder, gbContext, nullptr); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) { + CJBig2_List GSPLANES(GSBPP); + for (int32_t i = GSBPP - 1; i >= 0; --i) { + CJBig2_Image* pImage = nullptr; + FXCODEC_STATUS status = + pGRD->Start_decode_Arith(&pImage, pArithDecoder, gbContext, nullptr); + while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) pGRD->Continue_decode(pPause); - } - if (!GSPLANES.get()[J]) { - for (int32_t K = GSBPP - 1; K > J; --K) { - delete GSPLANES.get()[K]; - return nullptr; - } - } - GSPLANES.get()[J]->composeFrom(0, 0, GSPLANES.get()[J + 1], - JBIG2_COMPOSE_XOR); - J = J - 1; + + if (!pImage) + return nullptr; + + GSPLANES.set(i, pImage); + + if (i < GSBPP - 1) + pImage->composeFrom(0, 0, GSPLANES.get(i + 1), JBIG2_COMPOSE_XOR); } nonstd::unique_ptr GSVALS( FX_Alloc2D(FX_DWORD, GSW, GSH)); JBIG2_memset(GSVALS.get(), 0, sizeof(FX_DWORD) * GSW * GSH); for (FX_DWORD y = 0; y < GSH; ++y) { for (FX_DWORD x = 0; x < GSW; ++x) { - for (J = 0; J < GSBPP; ++J) { - GSVALS.get()[y * GSW + x] |= GSPLANES.get()[J]->getPixel(x, y) << J; + for (int32_t i = 0; i < GSBPP; ++i) { + GSVALS.get()[y * GSW + x] |= GSPLANES.get(i)->getPixel(x, y) << i; } } } - for (J = 0; J < GSBPP; ++J) { - delete GSPLANES.get()[J]; - } return GSVALS.release(); } diff --git a/core/src/fxcodec/jbig2/JBig2_List.h b/core/src/fxcodec/jbig2/JBig2_List.h index ffdd22c3ca..6097294e17 100644 --- a/core/src/fxcodec/jbig2/JBig2_List.h +++ b/core/src/fxcodec/jbig2/JBig2_List.h @@ -15,6 +15,7 @@ template class CJBig2_List { public: CJBig2_List() {} + explicit CJBig2_List(size_t count) { resize(count); } ~CJBig2_List() { clear(); @@ -34,6 +35,12 @@ class CJBig2_List { // Takes ownership of |pItem|. void push_back(TYPE* pItem) { m_vector.push_back(pItem); } + // Takes ownership of |pItem|. + void set(size_t index, TYPE* pItem) { + delete m_vector[index]; + m_vector[index] = pItem; + } + void resize(size_t count) { for (size_t i = count; i < size(); ++i) delete m_vector[i]; -- cgit v1.2.3