From fe5c7c28c2f048eda4aa58cb8932d0d6f3f98114 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Tue, 9 May 2017 14:56:06 -0400 Subject: LibOpenJPEG: restrict l_img_comp->prec to avoid undefined shift MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 38 value seems arbitrary, and the prec is used in OPJ_INT32 with 1 << (prec - 1). So limit it to be at most 31, and avoid undefined shifts. Bug: chromium:698498 Change-Id: I840f2e65231ac7847ed26bcaea36471a53be49e8 Reviewed-on: https://pdfium-review.googlesource.com/5173 Reviewed-by: Tom Sepez Commit-Queue: Nicolás Peña --- .../0032-undefined-shift-opj_j2k_read_siz.patch | 16 ++++++++++++++++ third_party/libopenjpeg20/README.pdfium | 1 + third_party/libopenjpeg20/j2k.c | 4 ++-- 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch diff --git a/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch b/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch new file mode 100644 index 0000000000..f89025fa72 --- /dev/null +++ b/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch @@ -0,0 +1,16 @@ +diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c +index cb5a28373..9e35de186 100644 +--- a/third_party/libopenjpeg20/j2k.c ++++ b/third_party/libopenjpeg20/j2k.c +@@ -2121,9 +2121,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, + i, l_img_comp->dx, l_img_comp->dy); + return OPJ_FALSE; + } +- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ ++ if( l_img_comp->prec > 31) { /* TODO openjpeg won't handle more than ? */ + opj_event_msg(p_manager, EVT_ERROR, +- "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", ++ "Invalid values for comp = %d : prec=%u (should be between 1 and 31 according to the JPEG2000 norm)\n", + i, l_img_comp->prec); + return OPJ_FALSE; + } diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium index d73c72b827..cae9a9a98e 100644 --- a/third_party/libopenjpeg20/README.pdfium +++ b/third_party/libopenjpeg20/README.pdfium @@ -41,4 +41,5 @@ Local Modifications: 0029-avoid-division-by-0: fix some /0 and %0 in pi.c (caused by bad shifts). 0030-undefined-shift-opj_get_all_encoding_parameters.patch: fix undefined shift in pi.c method. 0031-undefined-shift-opj_bio_read.patch: fix undefined shift in bio.c method. +0032-undefined-shift-opj_j2k_read_siz.patch: fix undefined shift in j2k.c method. TODO(thestig): List all the other patches. diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c index cb5a283732..9e35de1861 100644 --- a/third_party/libopenjpeg20/j2k.c +++ b/third_party/libopenjpeg20/j2k.c @@ -2121,9 +2121,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, i, l_img_comp->dx, l_img_comp->dy); return OPJ_FALSE; } - if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ + if( l_img_comp->prec > 31) { /* TODO openjpeg won't handle more than ? */ opj_event_msg(p_manager, EVT_ERROR, - "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", + "Invalid values for comp = %d : prec=%u (should be between 1 and 31 according to the JPEG2000 norm)\n", i, l_img_comp->prec); return OPJ_FALSE; } -- cgit v1.2.3