From fd70d79ca67ac87dd95ab23d548b1fcb879ad259 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Wed, 30 Aug 2017 15:50:09 -0400 Subject: Fix undefined shift in CJBig2_Context::decodeSymbolIDHuffmanTable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: chromium:755532 Change-Id: Ib04426fab52d0ca1d2544a21fd2ce4faaa57123f Reviewed-on: https://pdfium-review.googlesource.com/12430 Reviewed-by: Tom Sepez Commit-Queue: Nicolás Peña --- core/fxcodec/jbig2/JBig2_Context.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/fxcodec/jbig2/JBig2_Context.cpp b/core/fxcodec/jbig2/JBig2_Context.cpp index eaaed312d6..778db1c591 100644 --- a/core/fxcodec/jbig2/JBig2_Context.cpp +++ b/core/fxcodec/jbig2/JBig2_Context.cpp @@ -7,6 +7,7 @@ #include "core/fxcodec/jbig2/JBig2_Context.h" #include +#include #include #include #include @@ -1254,8 +1255,10 @@ std::vector CJBig2_Context::decodeSymbolIDHuffmanTable( int32_t nBits = 0; uint32_t nTemp; while (true) { - if (pStream->read1Bit(&nTemp) != 0) + if (nVal > std::numeric_limits::max() / 2 || + pStream->read1Bit(&nTemp) != 0) { return std::vector(); + } nVal = (nVal << 1) | nTemp; ++nBits; -- cgit v1.2.3