From 63de95b699a4374982c2ddffced89e0da028fe4c Mon Sep 17 00:00:00 2001 From: JUN FANG Date: Mon, 13 Apr 2015 10:34:10 -0700 Subject: Merge to XFA: Fix a heap overflow in CJBig2_Context::parseSymbolDict BUG=476107 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1080893002 --- core/src/fxcodec/jbig2/JBig2_ArithDecoder.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'core/src/fxcodec/jbig2/JBig2_ArithDecoder.h') diff --git a/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h b/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h index 214688d3b2..33bbe39d0d 100644 --- a/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h +++ b/core/src/fxcodec/jbig2/JBig2_ArithDecoder.h @@ -72,6 +72,10 @@ inline void CJBig2_ArithDecoder::BYTEIN() } inline int CJBig2_ArithDecoder::DECODE(JBig2ArithCtx *pCX) { + if (!pCX || pCX->I >= JBIG2_QE_NUM) { + return 0; + } + int D; const JBig2ArithQe * qe = &QeTable[pCX->I]; A = A - qe->Qe; -- cgit v1.2.3