From d03bc01003ae2603dafdc07b901ffef0a509a2b9 Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Tue, 24 Nov 2015 11:29:36 -0800 Subject: Fix a NULL pointer crash in the CJBig2_Image copy constructor. Also change the copy ctor to take a const ref. BUG=560520 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1472113002 . --- core/src/fxcodec/jbig2/JBig2_Image.cpp | 2 +- core/src/fxcodec/jbig2/JBig2_Image.h | 9 +++++---- core/src/fxcodec/jbig2/JBig2_SddProc.cpp | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/core/src/fxcodec/jbig2/JBig2_Image.cpp b/core/src/fxcodec/jbig2/JBig2_Image.cpp index a2a0acfe95..074458744d 100644 --- a/core/src/fxcodec/jbig2/JBig2_Image.cpp +++ b/core/src/fxcodec/jbig2/JBig2_Image.cpp @@ -36,7 +36,7 @@ CJBig2_Image::CJBig2_Image(int32_t w, m_pData = pBuf; m_bNeedFree = FALSE; } -CJBig2_Image::CJBig2_Image(CJBig2_Image& im) { +CJBig2_Image::CJBig2_Image(const CJBig2_Image& im) { m_nWidth = im.m_nWidth; m_nHeight = im.m_nHeight; m_nStride = im.m_nStride; diff --git a/core/src/fxcodec/jbig2/JBig2_Image.h b/core/src/fxcodec/jbig2/JBig2_Image.h index e77da9059c..c47d275cf7 100644 --- a/core/src/fxcodec/jbig2/JBig2_Image.h +++ b/core/src/fxcodec/jbig2/JBig2_Image.h @@ -4,8 +4,8 @@ // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com -#ifndef _JBIG2_IMAGE_H_ -#define _JBIG2_IMAGE_H_ +#ifndef CORE_SRC_FXCODEC_JBIG2_JBIG2_IMAGE_H_ +#define CORE_SRC_FXCODEC_JBIG2_JBIG2_IMAGE_H_ #include "JBig2_Define.h" @@ -24,7 +24,7 @@ class CJBig2_Image { CJBig2_Image(int32_t w, int32_t h, int32_t stride, uint8_t* pBuf); - CJBig2_Image(CJBig2_Image& im); + CJBig2_Image(const CJBig2_Image& im); ~CJBig2_Image(); @@ -81,4 +81,5 @@ class CJBig2_Image { FX_BOOL m_bNeedFree; }; -#endif + +#endif // CORE_SRC_FXCODEC_JBIG2_JBIG2_IMAGE_H_ diff --git a/core/src/fxcodec/jbig2/JBig2_SddProc.cpp b/core/src/fxcodec/jbig2/JBig2_SddProc.cpp index 52aef2b37f..edfc074003 100644 --- a/core/src/fxcodec/jbig2/JBig2_SddProc.cpp +++ b/core/src/fxcodec/jbig2/JBig2_SddProc.cpp @@ -266,7 +266,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Arith( for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) { if (EXFLAGS[I] && J < SDNUMEXSYMS) { if (I < SDNUMINSYMS) { - pDict->AddImage(new CJBig2_Image(*SDINSYMS[I])); + pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr); } else { pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]); } @@ -604,7 +604,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman( for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) { if (EXFLAGS[I] && J < SDNUMEXSYMS) { if (I < SDNUMINSYMS) { - pDict->AddImage(new CJBig2_Image(*SDINSYMS[I])); + pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr); } else { pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]); } -- cgit v1.2.3