From 7aed76f53137a71491040c776ab2f8931e91061b Mon Sep 17 00:00:00 2001 From: weili Date: Thu, 26 May 2016 18:13:58 -0700 Subject: Fix a bug which may cause infinite loop When the condition is "status == FXCODEC_STATUS_DECODE_TOBECONTINUE" while |status| never gets updated in the loop, it would enter infinite loop. Also, since Start_decode_MMR() never returns FXCODEC_STATUS_DECODE_TOBECONTINUE, there is no point to check on the return value for that. Review-Url: https://codereview.chromium.org/2013263002 --- core/fxcodec/jbig2/JBig2_Context.cpp | 6 +----- core/fxcodec/jbig2/JBig2_GsidProc.cpp | 14 +++----------- core/fxcodec/jbig2/JBig2_PddProc.cpp | 10 +++------- core/fxcodec/jbig2/JBig2_SddProc.cpp | 5 +---- 4 files changed, 8 insertions(+), 27 deletions(-) (limited to 'core/fxcodec/jbig2') diff --git a/core/fxcodec/jbig2/JBig2_Context.cpp b/core/fxcodec/jbig2/JBig2_Context.cpp index 5a0b2c0d73..a0a411fbcf 100644 --- a/core/fxcodec/jbig2/JBig2_Context.cpp +++ b/core/fxcodec/jbig2/JBig2_Context.cpp @@ -1147,11 +1147,7 @@ int32_t CJBig2_Context::parseGenericRegion(CJBig2_Segment* pSegment, m_pStream->offset(2); } } else { - FXCODEC_STATUS status = m_pGRD->Start_decode_MMR(&pSegment->m_Result.im, - m_pStream.get(), pPause); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) { - m_pGRD->Continue_decode(pPause); - } + m_pGRD->Start_decode_MMR(&pSegment->m_Result.im, m_pStream.get(), pPause); if (!pSegment->m_Result.im) { m_pGRD.reset(); return JBIG2_ERROR_FATAL; diff --git a/core/fxcodec/jbig2/JBig2_GsidProc.cpp b/core/fxcodec/jbig2/JBig2_GsidProc.cpp index 30f95b8200..ee6cd368d5 100644 --- a/core/fxcodec/jbig2/JBig2_GsidProc.cpp +++ b/core/fxcodec/jbig2/JBig2_GsidProc.cpp @@ -46,7 +46,7 @@ uint32_t* CJBig2_GSIDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder, FXCODEC_STATUS status = pGRD->Start_decode_Arith(&pImage, pArithDecoder, gbContext, nullptr); while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) - pGRD->Continue_decode(pPause); + status = pGRD->Continue_decode(pPause); if (!pImage) return nullptr; @@ -78,11 +78,7 @@ uint32_t* CJBig2_GSIDProc::decode_MMR(CJBig2_BitStream* pStream, std::unique_ptr GSPLANES(FX_Alloc(CJBig2_Image*, GSBPP)); JBIG2_memset(GSPLANES.get(), 0, sizeof(CJBig2_Image*) * GSBPP); - FXCODEC_STATUS status = - pGRD->Start_decode_MMR(&GSPLANES.get()[GSBPP - 1], pStream, nullptr); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) { - pGRD->Continue_decode(pPause); - } + pGRD->Start_decode_MMR(&GSPLANES.get()[GSBPP - 1], pStream, nullptr); if (!GSPLANES.get()[GSBPP - 1]) return nullptr; @@ -90,11 +86,7 @@ uint32_t* CJBig2_GSIDProc::decode_MMR(CJBig2_BitStream* pStream, pStream->offset(3); int32_t J = GSBPP - 2; while (J >= 0) { - FXCODEC_STATUS status = - pGRD->Start_decode_MMR(&GSPLANES.get()[J], pStream, nullptr); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) { - pGRD->Continue_decode(pPause); - } + pGRD->Start_decode_MMR(&GSPLANES.get()[J], pStream, nullptr); if (!GSPLANES.get()[J]) { for (int32_t K = GSBPP - 1; K > J; --K) delete GSPLANES.get()[K]; diff --git a/core/fxcodec/jbig2/JBig2_PddProc.cpp b/core/fxcodec/jbig2/JBig2_PddProc.cpp index 12f66c3b7d..679a87a036 100644 --- a/core/fxcodec/jbig2/JBig2_PddProc.cpp +++ b/core/fxcodec/jbig2/JBig2_PddProc.cpp @@ -42,9 +42,8 @@ CJBig2_PatternDict* CJBig2_PDDProc::decode_Arith( } FXCODEC_STATUS status = pGRD->Start_decode_Arith(&BHDC, pArithDecoder, gbContext, nullptr); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) { - pGRD->Continue_decode(pPause); - } + while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) + status = pGRD->Continue_decode(pPause); if (!BHDC) return nullptr; @@ -70,10 +69,7 @@ CJBig2_PatternDict* CJBig2_PDDProc::decode_MMR(CJBig2_BitStream* pStream, pGRD->MMR = HDMMR; pGRD->GBW = (GRAYMAX + 1) * HDPW; pGRD->GBH = HDPH; - FXCODEC_STATUS status = pGRD->Start_decode_MMR(&BHDC, pStream, nullptr); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) { - pGRD->Continue_decode(pPause); - } + pGRD->Start_decode_MMR(&BHDC, pStream, nullptr); if (!BHDC) return nullptr; diff --git a/core/fxcodec/jbig2/JBig2_SddProc.cpp b/core/fxcodec/jbig2/JBig2_SddProc.cpp index 81d7c89270..9ab6cb8a2e 100644 --- a/core/fxcodec/jbig2/JBig2_SddProc.cpp +++ b/core/fxcodec/jbig2/JBig2_SddProc.cpp @@ -535,10 +535,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman( pGRD->MMR = 1; pGRD->GBW = TOTWIDTH; pGRD->GBH = HCHEIGHT; - FXCODEC_STATUS status = pGRD->Start_decode_MMR(&BHC, pStream, nullptr); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) { - pGRD->Continue_decode(pPause); - } + pGRD->Start_decode_MMR(&BHC, pStream, nullptr); pStream->alignByte(); } nTmp = 0; -- cgit v1.2.3