From eed6421dc45a5cc74986b2ef0870974c829f829e Mon Sep 17 00:00:00 2001
From: Dan Sinclair <dsinclair@chromium.org>
Date: Tue, 28 Mar 2017 12:44:58 -0400
Subject: Add bounds check into JBIG2 Arith decoder.

Currently when the BitStream runs out of bits it pretends that it
still has content and will continue to return the last byte over and
over again. This Cl updates the jbig decoder to detect that the bit
stream is complete and returns a decode error.

Bug: chromium:665056
Change-Id: I61ca75713e677a2c280e80374b8dcfd48bee67d8
Reviewed-on: https://pdfium-review.googlesource.com/3244
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
---
 core/fxcodec/jbig2/JBig2_BitStream.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'core/fxcodec/jbig2/JBig2_BitStream.h')

diff --git a/core/fxcodec/jbig2/JBig2_BitStream.h b/core/fxcodec/jbig2/JBig2_BitStream.h
index aeb2eba693..551b7df9b1 100644
--- a/core/fxcodec/jbig2/JBig2_BitStream.h
+++ b/core/fxcodec/jbig2/JBig2_BitStream.h
@@ -40,9 +40,10 @@ class CJBig2_BitStream {
   uint32_t getByteLeft() const;
   uint32_t getObjNum() const;
 
+  bool IsInBounds() const;
+
  private:
   void AdvanceBit();
-  bool IsInBound() const;
   uint32_t LengthInBits() const;
 
   const uint8_t* m_pBuf;
-- 
cgit v1.2.3