From 2a2ee0f1ca747929acaf1b4f2eadbf7c8e8025e6 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Thu, 11 May 2017 11:12:33 -0400 Subject: LibOpenJPEG: undefined shift in opj_t1_dec_clnpass MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bpno_plus_one is used as a parameter bpno for a bunch of methods that calculate 1 << bpno. Thus, use a reduced value when it's large enough to cause undefined shift. bpno_plus_one itself remains unchanged so that the number of calls remains the same Bug: chromium:698526 Change-Id: I40431d41a04f3e2315bd3c80114cd0fcbd2815b4 Reviewed-on: https://pdfium-review.googlesource.com/5310 Reviewed-by: dsinclair Commit-Queue: Nicolás Peña --- .../0033-undefined-shift-opj_t1_dec_clnpass.patch | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 third_party/libopenjpeg20/0033-undefined-shift-opj_t1_dec_clnpass.patch (limited to 'third_party/libopenjpeg20/0033-undefined-shift-opj_t1_dec_clnpass.patch') diff --git a/third_party/libopenjpeg20/0033-undefined-shift-opj_t1_dec_clnpass.patch b/third_party/libopenjpeg20/0033-undefined-shift-opj_t1_dec_clnpass.patch new file mode 100644 index 0000000000..58f04b0a24 --- /dev/null +++ b/third_party/libopenjpeg20/0033-undefined-shift-opj_t1_dec_clnpass.patch @@ -0,0 +1,14 @@ +diff --git a/third_party/libopenjpeg20/t1.c b/third_party/libopenjpeg20/t1.c +index 1ad850c77..d290c38d5 100644 +--- a/third_party/libopenjpeg20/t1.c ++++ b/third_party/libopenjpeg20/t1.c +@@ -1387,6 +1387,9 @@ static OPJ_BOOL opj_t1_decode_cblk(opj_t1_t *t1, + } + + bpno_plus_one = (OPJ_INT32)(roishift + cblk->numbps); ++ if (bpno_plus_one > 30) { ++ return OPJ_FALSE; ++ } + passtype = 2; + + opj_mqc_resetstates(mqc); -- cgit v1.2.3