From 9fb70fbded5c0bf4f5313a49fd3496b4d4fa71ca Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Fri, 2 Oct 2015 10:58:42 -0700 Subject: Prevent divide by zeros in CJBig2_GSIDProc::decode_MMR(). Check the image size before attempting to decode. BUG=538103 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1377493005 . --- core/src/fxcodec/jbig2/JBig2_Context.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/src/fxcodec/jbig2/JBig2_Context.cpp b/core/src/fxcodec/jbig2/JBig2_Context.cpp index 2e2cf9eeee..f2c44b726a 100644 --- a/core/src/fxcodec/jbig2/JBig2_Context.cpp +++ b/core/src/fxcodec/jbig2/JBig2_Context.cpp @@ -1127,6 +1127,11 @@ int32_t CJBig2_Context::parseHalftoneRegion(CJBig2_Segment* pSegment, nRet = JBIG2_ERROR_TOO_SHORT; goto failed; } + if (pHRD->HGW == 0 || pHRD->HGH == 0) { + nRet = JBIG2_ERROR_FATAL; + goto failed; + } + pHRD->HBW = ri.width; pHRD->HBH = ri.height; pHRD->HMMR = cFlags & 0x01; -- cgit v1.2.3