M105: Fix a malloc size error in OpenJPEG.
Cherrypick the fix [1] from upstream OpenJPEG.
[1] https://github.com/uclouvain/openjpeg/pull/1426
Bug: chromium:1357303
Change-Id: I0b18a896c061485e41eb2890d21d0f6d842bab18
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/97012
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
(cherry picked from commit 340bbcf10b50734dee585b0dae5cf295b835c5c9)
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/97810
Reviewed-by: Nigi <nigi@chromium.org>
diff --git a/third_party/libopenjpeg/0044-opj_t1_allocate_buffers.patch b/third_party/libopenjpeg/0044-opj_t1_allocate_buffers.patch
new file mode 100644
index 0000000..3d77b74
--- /dev/null
+++ b/third_party/libopenjpeg/0044-opj_t1_allocate_buffers.patch
@@ -0,0 +1,28 @@
+commit 0535bfc3b7d5cd6fc73a7d4a6749a338fc5d7703
+Author: Yuan <zodf0055980@gmail.com>
+Date: Tue May 31 17:55:12 2022 +0800
+
+ HT_DEC: Fix opj_t1_allocate_buffers malloc size error (#1426) (fixes #1413)
+
+diff --git a/src/lib/openjp2/ht_dec.c b/src/lib/openjp2/ht_dec.c
+index e2f3afd6..a803d1bb 100644
+--- a/src/lib/openjp2/ht_dec.c
++++ b/src/lib/openjp2/ht_dec.c
+@@ -1063,7 +1063,7 @@ static OPJ_BOOL opj_t1_allocate_buffers(
+ if (flagssize > t1->flagssize) {
+
+ opj_aligned_free(t1->flags);
+- t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize);
++ t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize * sizeof(opj_flag_t));
+ if (!t1->flags) {
+ /* FIXME event manager error callback */
+ return OPJ_FALSE;
+@@ -1071,7 +1071,7 @@ static OPJ_BOOL opj_t1_allocate_buffers(
+ }
+ t1->flagssize = flagssize;
+
+- memset(t1->flags, 0, flagssize);
++ memset(t1->flags, 0, flagssize * sizeof(opj_flag_t));
+ }
+
+ t1->w = w;
diff --git a/third_party/libopenjpeg/README.pdfium b/third_party/libopenjpeg/README.pdfium
index 43692e1..e60ff25 100644
--- a/third_party/libopenjpeg/README.pdfium
+++ b/third_party/libopenjpeg/README.pdfium
@@ -29,3 +29,4 @@
0035-opj_image_data_free.patch: Use the right free function in opj_jp2_apply_pclr.
0039-opj_mqc_renorme.patch: Remove unused opj_mqc_renorme().
0041-remove_opj_clock.patch: Remove unused opj_clock.h include.
+0044-opj_t1_allocate_buffers.patch: Backport fix for malloc size error in opj_t1_allocate_buffers().
diff --git a/third_party/libopenjpeg/ht_dec.c b/third_party/libopenjpeg/ht_dec.c
index 1eb4d52..486bdc5 100644
--- a/third_party/libopenjpeg/ht_dec.c
+++ b/third_party/libopenjpeg/ht_dec.c
@@ -1063,7 +1063,7 @@
if (flagssize > t1->flagssize) {
opj_aligned_free(t1->flags);
- t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize);
+ t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize * sizeof(opj_flag_t));
if (!t1->flags) {
/* FIXME event manager error callback */
return OPJ_FALSE;
@@ -1071,7 +1071,7 @@
}
t1->flagssize = flagssize;
- memset(t1->flags, 0, flagssize);
+ memset(t1->flags, 0, flagssize * sizeof(opj_flag_t));
}
t1->w = w;
