From cdfc035f4ea2e786c7d7820e143c18bdb11fac3f Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Fri, 26 May 2017 12:21:14 -0700 Subject: Pass CJBig2_ArithDecoder to CJBig2_GRDProc as needed. Avoid holding a stale pointer to it in CJBig2_GRDProc. Bug: 726732 Change-Id: Ia3797a3e087f61bd2126f867fd5a282e873de5bc Reviewed-on: https://pdfium-review.googlesource.com/6050 Reviewed-by: Lei Zhang Commit-Queue: Tom Sepez --- core/fxcodec/jbig2/JBig2_Context.cpp | 35 +++++++++++------------- core/fxcodec/jbig2/JBig2_GrdProc.cpp | 50 ++++++++++++++++++----------------- core/fxcodec/jbig2/JBig2_GrdProc.h | 7 ++--- core/fxcodec/jbig2/JBig2_GsidProc.cpp | 2 +- core/fxcodec/jbig2/JBig2_PddProc.cpp | 2 +- 5 files changed, 47 insertions(+), 49 deletions(-) diff --git a/core/fxcodec/jbig2/JBig2_Context.cpp b/core/fxcodec/jbig2/JBig2_Context.cpp index c9570022bb..69a9dd0daa 100644 --- a/core/fxcodec/jbig2/JBig2_Context.cpp +++ b/core/fxcodec/jbig2/JBig2_Context.cpp @@ -1064,7 +1064,6 @@ int32_t CJBig2_Context::parseGenericRegion(CJBig2_Segment* pSegment, } if (m_ri.height < 0 || m_ri.width < 0) return JBIG2_FAILED; - pGRD->GBW = m_ri.width; pGRD->GBH = m_ri.height; pGRD->MMR = cFlags & 0x01; @@ -1073,15 +1072,13 @@ int32_t CJBig2_Context::parseGenericRegion(CJBig2_Segment* pSegment, if (pGRD->MMR == 0) { if (pGRD->GBTEMPLATE == 0) { for (int32_t i = 0; i < 8; ++i) { - if (m_pStream->read1Byte((uint8_t*)&pGRD->GBAT[i]) != 0) { + if (m_pStream->read1Byte((uint8_t*)&pGRD->GBAT[i]) != 0) return JBIG2_ERROR_TOO_SHORT; - } } } else { for (int32_t i = 0; i < 2; ++i) { - if (m_pStream->read1Byte((uint8_t*)&pGRD->GBAT[i]) != 0) { + if (m_pStream->read1Byte((uint8_t*)&pGRD->GBAT[i]) != 0) return JBIG2_ERROR_TOO_SHORT; - } } } } @@ -1090,10 +1087,8 @@ int32_t CJBig2_Context::parseGenericRegion(CJBig2_Segment* pSegment, } pSegment->m_nResultType = JBIG2_IMAGE_POINTER; if (m_pGRD->MMR == 0) { - if (m_gbContext.empty()) { - const size_t size = GetHuffContextSize(m_pGRD->GBTEMPLATE); - m_gbContext.resize(size); - } + if (m_gbContext.empty()) + m_gbContext.resize(GetHuffContextSize(m_pGRD->GBTEMPLATE)); if (!m_pArithDecoder) { m_pArithDecoder = pdfium::MakeUnique(m_pStream.get()); @@ -1101,7 +1096,8 @@ int32_t CJBig2_Context::parseGenericRegion(CJBig2_Segment* pSegment, m_pArithDecoder.get(), &m_gbContext[0], pPause); } else { - m_ProcessingStatus = m_pGRD->Continue_decode(pPause); + m_ProcessingStatus = + m_pGRD->Continue_decode(pPause, m_pArithDecoder.get()); } if (m_ProcessingStatus == FXCODEC_STATUS_DECODE_TOBECONTINUE) { if (pSegment->m_cFlags.s.type != 36) { @@ -1119,17 +1115,16 @@ int32_t CJBig2_Context::parseGenericRegion(CJBig2_Segment* pSegment, (JBig2ComposeOp)(m_ri.flags & 0x03), &Rect); } return JBIG2_SUCCESS; - } else { - m_pArithDecoder.reset(); - m_gbContext.clear(); - if (!pSegment->m_Result.im) { - m_ProcessingStatus = FXCODEC_STATUS_ERROR; - m_pGRD.reset(); - return JBIG2_ERROR_FATAL; - } - m_pStream->alignByte(); - m_pStream->offset(2); } + m_pArithDecoder.reset(); + m_gbContext.clear(); + if (!pSegment->m_Result.im) { + m_ProcessingStatus = FXCODEC_STATUS_ERROR; + m_pGRD.reset(); + return JBIG2_ERROR_FATAL; + } + m_pStream->alignByte(); + m_pStream->offset(2); } else { m_pGRD->Start_decode_MMR(&pSegment->m_Result.im, m_pStream.get()); if (!pSegment->m_Result.im) { diff --git a/core/fxcodec/jbig2/JBig2_GrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrdProc.cpp index a8140bdd24..c63a40dc33 100644 --- a/core/fxcodec/jbig2/JBig2_GrdProc.cpp +++ b/core/fxcodec/jbig2/JBig2_GrdProc.cpp @@ -652,57 +652,58 @@ FXCODEC_STATUS CJBig2_GRDProc::Start_decode_Arith( m_DecodeType = 1; m_pImage = pImage; (*m_pImage)->fill(0); - m_pArithDecoder = pArithDecoder; m_gbContext = gbContext; m_LTP = 0; m_pLine = nullptr; m_loopIndex = 0; - return decode_Arith(pPause); + return decode_Arith(pPause, pArithDecoder); } -FXCODEC_STATUS CJBig2_GRDProc::decode_Arith(IFX_Pause* pPause) { +FXCODEC_STATUS CJBig2_GRDProc::decode_Arith( + IFX_Pause* pPause, + CJBig2_ArithDecoder* pArithDecoder) { int iline = m_loopIndex; CJBig2_Image* pImage = *m_pImage; if (GBTEMPLATE == 0) { if (UseTemplate0Opt3()) { - m_ProssiveStatus = decode_Arith_Template0_opt3( - pImage, m_pArithDecoder.Get(), m_gbContext, pPause); + m_ProssiveStatus = decode_Arith_Template0_opt3(pImage, pArithDecoder, + m_gbContext, pPause); } else { - m_ProssiveStatus = decode_Arith_Template0_unopt( - pImage, m_pArithDecoder.Get(), m_gbContext, pPause); + m_ProssiveStatus = decode_Arith_Template0_unopt(pImage, pArithDecoder, + m_gbContext, pPause); } } else if (GBTEMPLATE == 1) { if (UseTemplate1Opt3()) { - m_ProssiveStatus = decode_Arith_Template1_opt3( - pImage, m_pArithDecoder.Get(), m_gbContext, pPause); + m_ProssiveStatus = decode_Arith_Template1_opt3(pImage, pArithDecoder, + m_gbContext, pPause); } else { - m_ProssiveStatus = decode_Arith_Template1_unopt( - pImage, m_pArithDecoder.Get(), m_gbContext, pPause); + m_ProssiveStatus = decode_Arith_Template1_unopt(pImage, pArithDecoder, + m_gbContext, pPause); } } else if (GBTEMPLATE == 2) { if (UseTemplate23Opt3()) { - m_ProssiveStatus = decode_Arith_Template2_opt3( - pImage, m_pArithDecoder.Get(), m_gbContext, pPause); + m_ProssiveStatus = decode_Arith_Template2_opt3(pImage, pArithDecoder, + m_gbContext, pPause); } else { - m_ProssiveStatus = decode_Arith_Template2_unopt( - pImage, m_pArithDecoder.Get(), m_gbContext, pPause); + m_ProssiveStatus = decode_Arith_Template2_unopt(pImage, pArithDecoder, + m_gbContext, pPause); } } else { if (UseTemplate23Opt3()) { - m_ProssiveStatus = decode_Arith_Template3_opt3( - pImage, m_pArithDecoder.Get(), m_gbContext, pPause); + m_ProssiveStatus = decode_Arith_Template3_opt3(pImage, pArithDecoder, + m_gbContext, pPause); } else { - m_ProssiveStatus = decode_Arith_Template3_unopt( - pImage, m_pArithDecoder.Get(), m_gbContext, pPause); + m_ProssiveStatus = decode_Arith_Template3_unopt(pImage, pArithDecoder, + m_gbContext, pPause); } } m_ReplaceRect.left = 0; m_ReplaceRect.right = pImage->width(); m_ReplaceRect.top = iline; m_ReplaceRect.bottom = m_loopIndex; - if (m_ProssiveStatus == FXCODEC_STATUS_DECODE_FINISH) { + if (m_ProssiveStatus == FXCODEC_STATUS_DECODE_FINISH) m_loopIndex = 0; - } + return m_ProssiveStatus; } @@ -727,7 +728,9 @@ FXCODEC_STATUS CJBig2_GRDProc::Start_decode_MMR(CJBig2_Image** pImage, return m_ProssiveStatus; } -FXCODEC_STATUS CJBig2_GRDProc::Continue_decode(IFX_Pause* pPause) { +FXCODEC_STATUS CJBig2_GRDProc::Continue_decode( + IFX_Pause* pPause, + CJBig2_ArithDecoder* pArithDecoder) { if (m_ProssiveStatus != FXCODEC_STATUS_DECODE_TOBECONTINUE) return m_ProssiveStatus; @@ -735,8 +738,7 @@ FXCODEC_STATUS CJBig2_GRDProc::Continue_decode(IFX_Pause* pPause) { m_ProssiveStatus = FXCODEC_STATUS_ERROR; return m_ProssiveStatus; } - - return decode_Arith(pPause); + return decode_Arith(pPause, pArithDecoder); } FXCODEC_STATUS CJBig2_GRDProc::decode_Arith_Template0_opt3( diff --git a/core/fxcodec/jbig2/JBig2_GrdProc.h b/core/fxcodec/jbig2/JBig2_GrdProc.h index c6e8ae38d0..3e4d3d403e 100644 --- a/core/fxcodec/jbig2/JBig2_GrdProc.h +++ b/core/fxcodec/jbig2/JBig2_GrdProc.h @@ -32,7 +32,8 @@ class CJBig2_GRDProc { IFX_Pause* pPause); FXCODEC_STATUS Start_decode_MMR(CJBig2_Image** pImage, CJBig2_BitStream* pStream); - FXCODEC_STATUS Continue_decode(IFX_Pause* pPause); + FXCODEC_STATUS Continue_decode(IFX_Pause* pPause, + CJBig2_ArithDecoder* pArithDecoder); FX_RECT GetReplaceRect() const { return m_ReplaceRect; } bool MMR; @@ -49,7 +50,8 @@ class CJBig2_GRDProc { bool UseTemplate1Opt3() const; bool UseTemplate23Opt3() const; - FXCODEC_STATUS decode_Arith(IFX_Pause* pPause); + FXCODEC_STATUS decode_Arith(IFX_Pause* pPause, + CJBig2_ArithDecoder* pArithDecoder); FXCODEC_STATUS decode_Arith_Template0_opt3(CJBig2_Image* pImage, CJBig2_ArithDecoder* pArithDecoder, JBig2ArithCtx* gbContext, @@ -114,7 +116,6 @@ class CJBig2_GRDProc { uint8_t* m_pLine; FXCODEC_STATUS m_ProssiveStatus; CJBig2_Image** m_pImage; - CFX_UnownedPtr m_pArithDecoder; JBig2ArithCtx* m_gbContext; uint16_t m_DecodeType; int m_LTP; diff --git a/core/fxcodec/jbig2/JBig2_GsidProc.cpp b/core/fxcodec/jbig2/JBig2_GsidProc.cpp index 0f0a16da1b..842d7df3bf 100644 --- a/core/fxcodec/jbig2/JBig2_GsidProc.cpp +++ b/core/fxcodec/jbig2/JBig2_GsidProc.cpp @@ -47,7 +47,7 @@ uint32_t* CJBig2_GSIDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder, FXCODEC_STATUS status = pGRD->Start_decode_Arith(&pImage, pArithDecoder, gbContext, nullptr); while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) - status = pGRD->Continue_decode(pPause); + status = pGRD->Continue_decode(pPause, pArithDecoder); if (!pImage) return nullptr; diff --git a/core/fxcodec/jbig2/JBig2_PddProc.cpp b/core/fxcodec/jbig2/JBig2_PddProc.cpp index e3403eec26..040ee6666b 100644 --- a/core/fxcodec/jbig2/JBig2_PddProc.cpp +++ b/core/fxcodec/jbig2/JBig2_PddProc.cpp @@ -44,7 +44,7 @@ CJBig2_PatternDict* CJBig2_PDDProc::decode_Arith( FXCODEC_STATUS status = pGRD->Start_decode_Arith(&BHDC, pArithDecoder, gbContext, nullptr); while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) - status = pGRD->Continue_decode(pPause); + status = pGRD->Continue_decode(pPause, pArithDecoder); if (!BHDC) return nullptr; -- cgit v1.2.3