From 61f66c9be2abf4f2a5f8bc299ad6e1900c63dbc3 Mon Sep 17 00:00:00 2001
From: Lei Zhang <thestig@chromium.org>
Date: Fri, 27 Apr 2018 16:54:28 +0000
Subject: Add CJBig2_Image::IsValidImageSize() helper method.

Change-Id: Ic2acd6f03b9b2e52b3d94d7579d5dc36c8e62c96
Reviewed-on: https://pdfium-review.googlesource.com/31530
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
---
 core/fxcodec/jbig2/JBig2_Context.cpp  | 16 ++++------------
 core/fxcodec/jbig2/JBig2_GrdProc.cpp  |  7 ++-----
 core/fxcodec/jbig2/JBig2_GrrdProc.cpp |  4 +---
 core/fxcodec/jbig2/JBig2_Image.cpp    |  6 ++++++
 core/fxcodec/jbig2/JBig2_Image.h      |  2 ++
 5 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/core/fxcodec/jbig2/JBig2_Context.cpp b/core/fxcodec/jbig2/JBig2_Context.cpp
index c8095c8448..a3c6f587b4 100644
--- a/core/fxcodec/jbig2/JBig2_Context.cpp
+++ b/core/fxcodec/jbig2/JBig2_Context.cpp
@@ -637,10 +637,8 @@ int32_t CJBig2_Context::parseTextRegion(CJBig2_Segment* pSegment) {
       m_pStream->readShortInteger(&wFlags) != 0) {
     return JBIG2_ERROR_TOO_SHORT;
   }
-  if (ri.width <= 0 || ri.width > JBIG2_MAX_IMAGE_SIZE || ri.height <= 0 ||
-      ri.height > JBIG2_MAX_IMAGE_SIZE) {
+  if (!CJBig2_Image::IsValidImageSize(ri.width, ri.height))
     return JBIG2_ERROR_FATAL;
-  }
 
   auto pTRD = pdfium::MakeUnique<CJBig2_TRDProc>();
   pTRD->SBW = ri.width;
@@ -995,15 +993,11 @@ int32_t CJBig2_Context::parseHalftoneRegion(CJBig2_Segment* pSegment,
     return JBIG2_ERROR_TOO_SHORT;
   }
 
-  if (pHRD->HGW == 0 || pHRD->HGW > JBIG2_MAX_IMAGE_SIZE || pHRD->HGH == 0 ||
-      pHRD->HGH > JBIG2_MAX_IMAGE_SIZE) {
+  if (!CJBig2_Image::IsValidImageSize(pHRD->HGW, pHRD->HGH))
     return JBIG2_ERROR_FATAL;
-  }
 
-  if (ri.width <= 0 || ri.width > JBIG2_MAX_IMAGE_SIZE || ri.height <= 0 ||
-      ri.height > JBIG2_MAX_IMAGE_SIZE) {
+  if (!CJBig2_Image::IsValidImageSize(ri.width, ri.height))
     return JBIG2_ERROR_FATAL;
-  }
 
   pHRD->HBW = ri.width;
   pHRD->HBH = ri.height;
@@ -1169,10 +1163,8 @@ int32_t CJBig2_Context::parseGenericRefinementRegion(CJBig2_Segment* pSegment) {
       m_pStream->read1Byte(&cFlags) != 0) {
     return JBIG2_ERROR_TOO_SHORT;
   }
-  if (ri.width <= 0 || ri.width > JBIG2_MAX_IMAGE_SIZE || ri.height <= 0 ||
-      ri.height > JBIG2_MAX_IMAGE_SIZE) {
+  if (!CJBig2_Image::IsValidImageSize(ri.width, ri.height))
     return JBIG2_ERROR_FATAL;
-  }
 
   auto pGRRD = pdfium::MakeUnique<CJBig2_GRRDProc>();
   pGRRD->GRW = ri.width;
diff --git a/core/fxcodec/jbig2/JBig2_GrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
index faa4865bc4..55c6bb9a97 100644
--- a/core/fxcodec/jbig2/JBig2_GrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
@@ -46,10 +46,8 @@ bool CJBig2_GRDProc::UseTemplate23Opt3() const {
 std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::decode_Arith(
     CJBig2_ArithDecoder* pArithDecoder,
     JBig2ArithCtx* gbContext) {
-  if (GBW == 0 || GBW > JBIG2_MAX_IMAGE_SIZE || GBH == 0 ||
-      GBH > JBIG2_MAX_IMAGE_SIZE) {
+  if (!CJBig2_Image::IsValidImageSize(GBW, GBH))
     return pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
-  }
 
   if (GBTEMPLATE == 0) {
     if (UseTemplate0Opt3())
@@ -642,8 +640,7 @@ FXCODEC_STATUS CJBig2_GRDProc::Start_decode_Arith(
     CJBig2_ArithDecoder* pArithDecoder,
     JBig2ArithCtx* gbContext,
     PauseIndicatorIface* pPause) {
-  if (GBW == 0 || GBW > JBIG2_MAX_IMAGE_SIZE || GBH == 0 ||
-      GBH > JBIG2_MAX_IMAGE_SIZE) {
+  if (!CJBig2_Image::IsValidImageSize(GBW, GBH)) {
     m_ProssiveStatus = FXCODEC_STATUS_DECODE_FINISH;
     return FXCODEC_STATUS_DECODE_FINISH;
   }
diff --git a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
index f5f569c04a..8622090006 100644
--- a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
@@ -16,10 +16,8 @@
 std::unique_ptr<CJBig2_Image> CJBig2_GRRDProc::decode(
     CJBig2_ArithDecoder* pArithDecoder,
     JBig2ArithCtx* grContext) {
-  if (GRW == 0 || GRW > JBIG2_MAX_IMAGE_SIZE || GRH == 0 ||
-      GRH > JBIG2_MAX_IMAGE_SIZE) {
+  if (!CJBig2_Image::IsValidImageSize(GRW, GRH))
     return pdfium::MakeUnique<CJBig2_Image>(GRW, GRH);
-  }
 
   if (!GRTEMPLATE) {
     if ((GRAT[0] == -1) && (GRAT[1] == -1) && (GRAT[2] == -1) &&
diff --git a/core/fxcodec/jbig2/JBig2_Image.cpp b/core/fxcodec/jbig2/JBig2_Image.cpp
index d229e0ca01..7a01d01d64 100644
--- a/core/fxcodec/jbig2/JBig2_Image.cpp
+++ b/core/fxcodec/jbig2/JBig2_Image.cpp
@@ -68,6 +68,12 @@ CJBig2_Image::CJBig2_Image(const CJBig2_Image& other)
 
 CJBig2_Image::~CJBig2_Image() {}
 
+// static
+bool CJBig2_Image::IsValidImageSize(int32_t w, int32_t h) {
+  return w > 0 && w <= JBIG2_MAX_IMAGE_SIZE && h > 0 &&
+         h <= JBIG2_MAX_IMAGE_SIZE;
+}
+
 int CJBig2_Image::getPixel(int32_t x, int32_t y) const {
   if (!m_pData)
     return 0;
diff --git a/core/fxcodec/jbig2/JBig2_Image.h b/core/fxcodec/jbig2/JBig2_Image.h
index c0980407db..51ccaeb8f7 100644
--- a/core/fxcodec/jbig2/JBig2_Image.h
+++ b/core/fxcodec/jbig2/JBig2_Image.h
@@ -29,6 +29,8 @@ class CJBig2_Image {
   CJBig2_Image(const CJBig2_Image& im);
   ~CJBig2_Image();
 
+  static bool IsValidImageSize(int32_t w, int32_t h);
+
   int32_t width() const { return m_nWidth; }
   int32_t height() const { return m_nHeight; }
   int32_t stride() const { return m_nStride; }
-- 
cgit v1.2.3