From e21501d9427539828b5d547b9d20a752d06914aa Mon Sep 17 00:00:00 2001
From: tsepez <tsepez@chromium.org>
Date: Tue, 2 Aug 2016 13:36:16 -0700
Subject: Bound total pixels in JBig2 images to avoid overflows later.

Also make these private to ensure they aren't modified so as to
violate the bounds checks applied at creation time.

BUG=633002

Review-Url: https://codereview.chromium.org/2202013002
---
 core/fxcodec/jbig2/JBig2_TrdProc.cpp | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'core/fxcodec/jbig2/JBig2_TrdProc.cpp')

diff --git a/core/fxcodec/jbig2/JBig2_TrdProc.cpp b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
index 177db9dec9..f3dd6be2b3 100644
--- a/core/fxcodec/jbig2/JBig2_TrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
@@ -114,8 +114,8 @@ CJBig2_Image* CJBig2_TRDProc::decode_Huffman(CJBig2_BitStream* pStream,
         if (!IBOI)
           return nullptr;
 
-        uint32_t WOI = IBOI->m_nWidth;
-        uint32_t HOI = IBOI->m_nHeight;
+        uint32_t WOI = IBOI->width();
+        uint32_t HOI = IBOI->height();
         if ((int)(WOI + RDWI) < 0 || (int)(HOI + RDHI) < 0)
           return nullptr;
 
@@ -150,8 +150,8 @@ CJBig2_Image* CJBig2_TRDProc::decode_Huffman(CJBig2_BitStream* pStream,
       if (!IBI) {
         continue;
       }
-      uint32_t WI = IBI->m_nWidth;
-      uint32_t HI = IBI->m_nHeight;
+      uint32_t WI = IBI->width();
+      uint32_t HI = IBI->height();
       if (TRANSPOSED == 0 && ((REFCORNER == JBIG2_CORNER_TOPRIGHT) ||
                               (REFCORNER == JBIG2_CORNER_BOTTOMRIGHT))) {
         CURS = CURS + WI - 1;
@@ -327,8 +327,8 @@ CJBig2_Image* CJBig2_TRDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder,
         if (!IBOI)
           return nullptr;
 
-        uint32_t WOI = IBOI->m_nWidth;
-        uint32_t HOI = IBOI->m_nHeight;
+        uint32_t WOI = IBOI->width();
+        uint32_t HOI = IBOI->height();
         if ((int)(WOI + RDWI) < 0 || (int)(HOI + RDHI) < 0)
           return nullptr;
 
@@ -350,8 +350,8 @@ CJBig2_Image* CJBig2_TRDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder,
       if (!pIBI)
         return nullptr;
 
-      uint32_t WI = pIBI->m_nWidth;
-      uint32_t HI = pIBI->m_nHeight;
+      uint32_t WI = pIBI->width();
+      uint32_t HI = pIBI->height();
       if (TRANSPOSED == 0 && ((REFCORNER == JBIG2_CORNER_TOPRIGHT) ||
                               (REFCORNER == JBIG2_CORNER_BOTTOMRIGHT))) {
         CURS += WI - 1;
-- 
cgit v1.2.3