From 3ad06a513bc490065b860a543ffb43eb169769bd Mon Sep 17 00:00:00 2001
From: Ryan Harrison <rharrison@chromium.org>
Date: Thu, 14 Sep 2017 11:18:45 -0400
Subject: Revert moving JPX library decode from Init to Decode

Due to some of the size parameters for allocating space in Decode()
depending on the values produced by opj_decode(), this change was
causing misallocation of space, which in turn was causing illegal
reads/writes.

The issue with excessive memory usage that the original CL was trying
to change is less significant than the above mentioned problems, so
reverting this fix and looking for another solution to the
problem. This will re-open bugs https://crbug.com/754423 and
https://crbug.com/761005.

BUG=chromium:764177,chromium:754423,chromium:761005

Change-Id: I1cafac8a8117ec1e3bc32b31196bdec719d46477
Reviewed-on: https://pdfium-review.googlesource.com/13950
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
---
 core/fxcodec/codec/fx_codec_jpx_opj.cpp | 44 ++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/core/fxcodec/codec/fx_codec_jpx_opj.cpp b/core/fxcodec/codec/fx_codec_jpx_opj.cpp
index 21d971bc8c..03f06b872d 100644
--- a/core/fxcodec/codec/fx_codec_jpx_opj.cpp
+++ b/core/fxcodec/codec/fx_codec_jpx_opj.cpp
@@ -492,28 +492,6 @@ bool CJPX_Decoder::Init(const unsigned char* src_data, uint32_t src_size) {
   }
   m_Image->pdfium_use_colorspace = !!m_ColorSpace;
 
-  return true;
-}
-
-void CJPX_Decoder::GetInfo(uint32_t* width,
-                           uint32_t* height,
-                           uint32_t* components) {
-  *width = m_Image->x1;
-  *height = m_Image->y1;
-  *components = m_Image->numcomps;
-}
-
-bool CJPX_Decoder::Decode(uint8_t* dest_buf,
-                          int pitch,
-                          const std::vector<uint8_t>& offsets) {
-  if (m_Image->comps[0].w != m_Image->x1 || m_Image->comps[0].h != m_Image->y1)
-    return false;
-
-  if (pitch<static_cast<int>(m_Image->comps[0].w * 8 * m_Image->numcomps + 31)>>
-      5 << 2) {
-    return false;
-  }
-
   if (!m_Parameters.nb_tile_to_decode) {
     if (!opj_set_decode_area(m_Codec, m_Image, m_Parameters.DA_x0,
                              m_Parameters.DA_y0, m_Parameters.DA_x1,
@@ -554,6 +532,28 @@ bool CJPX_Decoder::Decode(uint8_t* dest_buf,
     m_Image->icc_profile_len = 0;
   }
 
+  return true;
+}
+
+void CJPX_Decoder::GetInfo(uint32_t* width,
+                           uint32_t* height,
+                           uint32_t* components) {
+  *width = m_Image->x1;
+  *height = m_Image->y1;
+  *components = m_Image->numcomps;
+}
+
+bool CJPX_Decoder::Decode(uint8_t* dest_buf,
+                          int pitch,
+                          const std::vector<uint8_t>& offsets) {
+  if (m_Image->comps[0].w != m_Image->x1 || m_Image->comps[0].h != m_Image->y1)
+    return false;
+
+  if (pitch<static_cast<int>(m_Image->comps[0].w * 8 * m_Image->numcomps + 31)>>
+      5 << 2) {
+    return false;
+  }
+
   memset(dest_buf, 0xff, m_Image->y1 * pitch);
   std::vector<uint8_t*> channel_bufs(m_Image->numcomps);
   std::vector<int> adjust_comps(m_Image->numcomps);
-- 
cgit v1.2.3