From a63dd01d2fdda06f96e6188dbc3b415447bf2bc9 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Wed, 11 Jan 2017 13:25:51 -0500 Subject: Really fix m_nb_mct_records calculation in opj_j2k_read_mct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit My previous attempt did not follow precisely the way m_nb_mcc_records is increased in opj_j2k_read_mcc. Previous: https://pdfium-review.googlesource.com/c/2165/ BUG=678461, 680102 Change-Id: I3e14c440e3a49b714f8cd82d44992fe647200336 Reviewed-on: https://pdfium-review.googlesource.com/2171 Commit-Queue: Nicolás Peña Reviewed-by: Tom Sepez --- .../0023-opj_j2k_read_mct_records.patch | 28 ++++++++++------------ third_party/libopenjpeg20/j2k.c | 7 +++--- 2 files changed, 16 insertions(+), 19 deletions(-) diff --git a/third_party/libopenjpeg20/0023-opj_j2k_read_mct_records.patch b/third_party/libopenjpeg20/0023-opj_j2k_read_mct_records.patch index 3a40b75189..6775f4f3dc 100644 --- a/third_party/libopenjpeg20/0023-opj_j2k_read_mct_records.patch +++ b/third_party/libopenjpeg20/0023-opj_j2k_read_mct_records.patch @@ -1,33 +1,29 @@ diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c -index 6346c2190..d4dd65827 100644 +index 6346c2190..45187e8e6 100644 --- a/third_party/libopenjpeg20/j2k.c +++ b/third_party/libopenjpeg20/j2k.c -@@ -5170,10 +5170,11 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, - ++l_mct_data; - } - -+ opj_mct_data_t *new_mct_records = NULL; -+ - /* NOT FOUND */ - if (i == l_tcp->m_nb_mct_records) { - if (l_tcp->m_nb_mct_records == l_tcp->m_nb_max_mct_records) { -- opj_mct_data_t *new_mct_records; - l_tcp->m_nb_max_mct_records += OPJ_J2K_MCT_DEFAULT_NB_RECORDS; +@@ -5129,6 +5129,7 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, + OPJ_UINT32 l_tmp; + OPJ_UINT32 l_indix; + opj_mct_data_t * l_mct_data; ++ OPJ_BOOL new_mct = OPJ_FALSE; - new_mct_records = (opj_mct_data_t *) opj_realloc(l_tcp->m_mct_records, l_tcp->m_nb_max_mct_records * sizeof(opj_mct_data_t)); -@@ -5191,7 +5192,6 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, + /* preconditions */ + assert(p_header_data != 00); +@@ -5191,7 +5192,7 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, } l_mct_data = l_tcp->m_mct_records + l_tcp->m_nb_mct_records; - ++l_tcp->m_nb_mct_records; ++ new_mct = OPJ_TRUE; } if (l_mct_data->m_data) { -@@ -5221,6 +5221,9 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, +@@ -5221,6 +5222,9 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, l_mct_data->m_data_size = p_header_size; -+ if (new_mct_records) { ++ if (new_mct) { + ++l_tcp->m_nb_mct_records; + } return OPJ_TRUE; diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c index d4dd65827c..45187e8e67 100644 --- a/third_party/libopenjpeg20/j2k.c +++ b/third_party/libopenjpeg20/j2k.c @@ -5129,6 +5129,7 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, OPJ_UINT32 l_tmp; OPJ_UINT32 l_indix; opj_mct_data_t * l_mct_data; + OPJ_BOOL new_mct = OPJ_FALSE; /* preconditions */ assert(p_header_data != 00); @@ -5170,11 +5171,10 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, ++l_mct_data; } - opj_mct_data_t *new_mct_records = NULL; - /* NOT FOUND */ if (i == l_tcp->m_nb_mct_records) { if (l_tcp->m_nb_mct_records == l_tcp->m_nb_max_mct_records) { + opj_mct_data_t *new_mct_records; l_tcp->m_nb_max_mct_records += OPJ_J2K_MCT_DEFAULT_NB_RECORDS; new_mct_records = (opj_mct_data_t *) opj_realloc(l_tcp->m_mct_records, l_tcp->m_nb_max_mct_records * sizeof(opj_mct_data_t)); @@ -5192,6 +5192,7 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, } l_mct_data = l_tcp->m_mct_records + l_tcp->m_nb_mct_records; + new_mct = OPJ_TRUE; } if (l_mct_data->m_data) { @@ -5221,7 +5222,7 @@ static OPJ_BOOL opj_j2k_read_mct ( opj_j2k_t *p_j2k, l_mct_data->m_data_size = p_header_size; - if (new_mct_records) { + if (new_mct) { ++l_tcp->m_nb_mct_records; } return OPJ_TRUE; -- cgit v1.2.3