From bda823275ac5a54d688a62e15d406b502b317973 Mon Sep 17 00:00:00 2001 From: foxit Date: Fri, 20 Jun 2014 17:03:04 -0700 Subject: Fix a crash in CFXMEM_FixedMgr::AllocLarge BUG=382243 R=palmer@chromium.org Review URL: https://codereview.chromium.org/333213002 --- core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c index 94feb17e4a..c1086755d6 100644 --- a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c +++ b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c @@ -775,6 +775,8 @@ OPJ_BOOL FUNCTION ( opj_tcd_t *p_tcd, \ /* p. 35, table A-23, ISO/IEC FDIS154444-1 : 2000 (18 august 2000) */ \ l_pdx = l_tccp->prcw[resno]; \ l_pdy = l_tccp->prch[resno]; \ + if (l_pdx == 0 || l_pdy == 0) \ + return OPJ_FALSE; \ /*fprintf(stderr, "\t\t\tpdx=%d, pdy=%d\n", l_pdx, l_pdy);*/ \ /* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */ \ l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx; \ -- cgit v1.2.3