From e2eb04f0352d621bc8837217078c23d67044bf38 Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Fri, 11 Dec 2015 15:09:59 -0800 Subject: openjpeg: fix incrementing of "l_tcp->m_nb_mcc_records" in opj_j2k_read_mcc R=tsepez@chromium.org, antonin@gmail.com, mathieu.malaterre@gmail.com BUG=554129 Review URL: https://codereview.chromium.org/1488303004 . --- third_party/libopenjpeg20/0004-j2k_read_mcc.patch | 31 +++++++++++++++++++++++ third_party/libopenjpeg20/README.pdfium | 1 + third_party/libopenjpeg20/j2k.c | 6 ++++- 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 third_party/libopenjpeg20/0004-j2k_read_mcc.patch (limited to 'third_party') diff --git a/third_party/libopenjpeg20/0004-j2k_read_mcc.patch b/third_party/libopenjpeg20/0004-j2k_read_mcc.patch new file mode 100644 index 0000000000..39c847d765 --- /dev/null +++ b/third_party/libopenjpeg20/0004-j2k_read_mcc.patch @@ -0,0 +1,31 @@ +diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c +index 849d0b4..b20f219 100644 +--- a/third_party/libopenjpeg20/j2k.c ++++ b/third_party/libopenjpeg20/j2k.c +@@ -5341,6 +5341,7 @@ static OPJ_BOOL opj_j2k_read_mcc ( opj_j2k_t *p_j2k, + OPJ_UINT32 l_nb_collections; + OPJ_UINT32 l_nb_comps; + OPJ_UINT32 l_nb_bytes_by_comp; ++ OPJ_BOOL new_mcc = OPJ_FALSE; + + /* preconditions */ + assert(p_header_data != 00); +@@ -5402,6 +5403,7 @@ static OPJ_BOOL opj_j2k_read_mcc ( opj_j2k_t *p_j2k, + memset(l_mcc_record,0,(l_tcp->m_nb_max_mcc_records-l_tcp->m_nb_mcc_records) * sizeof(opj_simple_mcc_decorrelation_data_t)); + } + l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records; ++ new_mcc = OPJ_TRUE; + } + l_mcc_record->m_index = l_indix; + +@@ -5537,7 +5539,9 @@ static OPJ_BOOL opj_j2k_read_mcc ( opj_j2k_t *p_j2k, + return OPJ_FALSE; + } + +- ++l_tcp->m_nb_mcc_records; ++ if (new_mcc) { ++ ++l_tcp->m_nb_mcc_records; ++ } + + return OPJ_TRUE; + } diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium index bdb2f62e49..728c0d8b99 100644 --- a/third_party/libopenjpeg20/README.pdfium +++ b/third_party/libopenjpeg20/README.pdfium @@ -13,4 +13,5 @@ Local Modifications: 0001-image-data.patch: Fix a crashier in opj_j2k_update_image_data(). 0002-packet-iterator.patch: Fix integer overflow in opj_pi_create_decode(). 0003-dwt-decode.patch: Check array bounds for opj_dwt_decode_1() and friends. +0004-j2k_read_mcc.patch: Move incrementing of l_tcp->m_nb_mcc_records to the right place. TODO(thestig): List all the other patches. diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c index 849d0b4242..b20f219bf1 100644 --- a/third_party/libopenjpeg20/j2k.c +++ b/third_party/libopenjpeg20/j2k.c @@ -5341,6 +5341,7 @@ static OPJ_BOOL opj_j2k_read_mcc ( opj_j2k_t *p_j2k, OPJ_UINT32 l_nb_collections; OPJ_UINT32 l_nb_comps; OPJ_UINT32 l_nb_bytes_by_comp; + OPJ_BOOL new_mcc = OPJ_FALSE; /* preconditions */ assert(p_header_data != 00); @@ -5402,6 +5403,7 @@ static OPJ_BOOL opj_j2k_read_mcc ( opj_j2k_t *p_j2k, memset(l_mcc_record,0,(l_tcp->m_nb_max_mcc_records-l_tcp->m_nb_mcc_records) * sizeof(opj_simple_mcc_decorrelation_data_t)); } l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records; + new_mcc = OPJ_TRUE; } l_mcc_record->m_index = l_indix; @@ -5537,7 +5539,9 @@ static OPJ_BOOL opj_j2k_read_mcc ( opj_j2k_t *p_j2k, return OPJ_FALSE; } - ++l_tcp->m_nb_mcc_records; + if (new_mcc) { + ++l_tcp->m_nb_mcc_records; + } return OPJ_TRUE; } -- cgit v1.2.3