From e9df4cfc3c6a0f28cb0a062d2f22d9123cee5a43 Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Fri, 22 Jan 2016 15:47:06 -0800 Subject: Merge to M49: openjpeg: Set proper upper bound for an array in opj_pi_update_decode_poc(). TBR=tsepez@chromium.org BUG=571480 Original Review URL: https://codereview.chromium.org/1583233008 . (cherry picked from commit 7a0f441e1410b3a0d97374c00c4007552d7dd27a) Review URL: https://codereview.chromium.org/1626693002 . --- third_party/libopenjpeg20/0010-pi_update_decode_poc.patch | 13 +++++++++++++ third_party/libopenjpeg20/README.pdfium | 1 + third_party/libopenjpeg20/pi.c | 2 +- 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 third_party/libopenjpeg20/0010-pi_update_decode_poc.patch diff --git a/third_party/libopenjpeg20/0010-pi_update_decode_poc.patch b/third_party/libopenjpeg20/0010-pi_update_decode_poc.patch new file mode 100644 index 0000000000..d596b76b8f --- /dev/null +++ b/third_party/libopenjpeg20/0010-pi_update_decode_poc.patch @@ -0,0 +1,13 @@ +diff --git a/third_party/libopenjpeg20/pi.c b/third_party/libopenjpeg20/pi.c +index 462e07c..9097e31 100644 +--- a/third_party/libopenjpeg20/pi.c ++++ b/third_party/libopenjpeg20/pi.c +@@ -1028,7 +1028,7 @@ static void opj_pi_update_decode_poc (opj_pi_iterator_t * p_pi, + l_current_pi->poc.precno0 = 0; + l_current_pi->poc.resno1 = l_current_poc->resno1; /* Resolution Level Index #0 (End) */ + l_current_pi->poc.compno1 = l_current_poc->compno1; /* Component Index #0 (End) */ +- l_current_pi->poc.layno1 = l_current_poc->layno1; /* Layer Index #0 (End) */ ++ l_current_pi->poc.layno1 = opj_uint_min(l_current_poc->layno1, p_tcp->numlayers); /* Layer Index #0 (End) */ + l_current_pi->poc.precno1 = p_max_precision; + ++l_current_pi; + ++l_current_poc; diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium index b5c93f8fe3..c4d89769a3 100644 --- a/third_party/libopenjpeg20/README.pdfium +++ b/third_party/libopenjpeg20/README.pdfium @@ -19,4 +19,5 @@ Local Modifications: 0007-jp2_read_cmap.patch: Fix wrong rendering on greyscale images with index colorspace. 0008-jp2_check_color.patch: Replace an assertion with returning false. 0009-opj_pi_next.patch: Fix potential bad precno value in opj_pi_next* functions. +0010-pi_update_decode_poc.patch: Set proper upper bound for an array in opj_pi_update_decode_poc(). TODO(thestig): List all the other patches. diff --git a/third_party/libopenjpeg20/pi.c b/third_party/libopenjpeg20/pi.c index 462e07c836..9097e31a0e 100644 --- a/third_party/libopenjpeg20/pi.c +++ b/third_party/libopenjpeg20/pi.c @@ -1028,7 +1028,7 @@ static void opj_pi_update_decode_poc (opj_pi_iterator_t * p_pi, l_current_pi->poc.precno0 = 0; l_current_pi->poc.resno1 = l_current_poc->resno1; /* Resolution Level Index #0 (End) */ l_current_pi->poc.compno1 = l_current_poc->compno1; /* Component Index #0 (End) */ - l_current_pi->poc.layno1 = l_current_poc->layno1; /* Layer Index #0 (End) */ + l_current_pi->poc.layno1 = opj_uint_min(l_current_poc->layno1, p_tcp->numlayers); /* Layer Index #0 (End) */ l_current_pi->poc.precno1 = p_max_precision; ++l_current_pi; ++l_current_poc; -- cgit v1.2.3