From 3f8cb532c93bd2839073ed4949d051245de5a4cb Mon Sep 17 00:00:00 2001
From: npm <npm@chromium.org>
Date: Wed, 9 Nov 2016 17:26:27 -0800
Subject: Add early returns in CJBig2_TRDProc::decode_Arith when decode fails.

None of the decodes in the method are currently being checked. This is
causing pdfium to take a long time rendering corrupted files. Thus, I
added a couple of early returns to help prevent this from happening.

BUG=450971

Review-Url: https://codereview.chromium.org/2493633002
---
 core/fxcodec/jbig2/JBig2_TrdProc.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/core/fxcodec/jbig2/JBig2_TrdProc.cpp b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
index ccd8ebf98d..1329cde5f0 100644
--- a/core/fxcodec/jbig2/JBig2_TrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
@@ -266,7 +266,8 @@ CJBig2_Image* CJBig2_TRDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder,
   std::unique_ptr<CJBig2_Image> SBREG(new CJBig2_Image(SBW, SBH));
   SBREG->fill(SBDEFPIXEL);
   int32_t STRIPT;
-  pIADT->decode(pArithDecoder, &STRIPT);
+  if (!pIADT->decode(pArithDecoder, &STRIPT))
+    return nullptr;
   STRIPT *= SBSTRIPS;
   STRIPT = -STRIPT;
   int32_t FIRSTS = 0;
@@ -274,7 +275,8 @@ CJBig2_Image* CJBig2_TRDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder,
   while (NINSTANCES < SBNUMINSTANCES) {
     int32_t CURS = 0;
     int32_t DT;
-    pIADT->decode(pArithDecoder, &DT);
+    if (!pIADT->decode(pArithDecoder, &DT))
+      return nullptr;
     DT *= SBSTRIPS;
     STRIPT += DT;
     bool bFirst = true;
-- 
cgit v1.2.3