Google Git
Sign in
pdfium/pdfium.git/76c995796f95fd4c54c5f11d2a04392f16478619^!/.
commit
76c995796f95fd4c54c5f11d2a04392f16478619
[log]
author
Oliver Chang <ochang@chromium.org>
Fri Jan 15 14:51:37 2016 -0800
committer
Oliver Chang <ochang@chromium.org>
Fri Jan 15 14:51:37 2016 -0800
tree
f7fd2b10bbe97646fd398e79ff6672c3b3297afe
parent
f30e663cd52e3304dfaea640cb410eeca018ed4f [diff]
Merge to XFA: openjpeg: Set proper upper bound for an array in opj_pi_update_decode_poc().

R=tsepez@chromium.org
TBR=tsepez@chromium.org
BUG=571480

Original Review URL: https://codereview.chromium.org/1583233008 .

(cherry picked from commit 7a0f441e1410b3a0d97374c00c4007552d7dd27a)

Review URL: https://codereview.chromium.org/1594603004 .

diff --git a/third_party/libopenjpeg20/0010-pi_update_decode_poc.patch b/third_party/libopenjpeg20/0010-pi_update_decode_poc.patch
new file mode 100644
index 0000000..d596b76
--- /dev/null
+++ b/third_party/libopenjpeg20/0010-pi_update_decode_poc.patch

@@ -0,0 +1,13 @@
+diff --git a/third_party/libopenjpeg20/pi.c b/third_party/libopenjpeg20/pi.c
+index 462e07c..9097e31 100644
+--- a/third_party/libopenjpeg20/pi.c
++++ b/third_party/libopenjpeg20/pi.c
+@@ -1028,7 +1028,7 @@ static void opj_pi_update_decode_poc (opj_pi_iterator_t * p_pi,
+ 		l_current_pi->poc.precno0 = 0;
+ 		l_current_pi->poc.resno1 = l_current_poc->resno1; /* Resolution Level Index #0 (End) */
+ 		l_current_pi->poc.compno1 = l_current_poc->compno1; /* Component Index #0 (End) */
+-		l_current_pi->poc.layno1 = l_current_poc->layno1; /* Layer Index #0 (End) */
++		l_current_pi->poc.layno1 = opj_uint_min(l_current_poc->layno1, p_tcp->numlayers); /* Layer Index #0 (End) */
+ 		l_current_pi->poc.precno1 = p_max_precision;
+ 		++l_current_pi;
+ 		++l_current_poc;

diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium
index b5c93f8..c4d8976 100644
--- a/third_party/libopenjpeg20/README.pdfium
+++ b/third_party/libopenjpeg20/README.pdfium

@@ -19,4 +19,5 @@
 0007-jp2_read_cmap.patch: Fix wrong rendering on greyscale images with index colorspace.
 0008-jp2_check_color.patch: Replace an assertion with returning false.
 0009-opj_pi_next.patch: Fix potential bad precno value in opj_pi_next* functions.
+0010-pi_update_decode_poc.patch: Set proper upper bound for an array in opj_pi_update_decode_poc().
 TODO(thestig): List all the other patches.

diff --git a/third_party/libopenjpeg20/pi.c b/third_party/libopenjpeg20/pi.c
index 462e07c..9097e31 100644
--- a/third_party/libopenjpeg20/pi.c
+++ b/third_party/libopenjpeg20/pi.c

@@ -1028,7 +1028,7 @@
 		l_current_pi->poc.precno0 = 0;
 		l_current_pi->poc.resno1 = l_current_poc->resno1; /* Resolution Level Index #0 (End) */
 		l_current_pi->poc.compno1 = l_current_poc->compno1; /* Component Index #0 (End) */
-		l_current_pi->poc.layno1 = l_current_poc->layno1; /* Layer Index #0 (End) */
+		l_current_pi->poc.layno1 = opj_uint_min(l_current_poc->layno1, p_tcp->numlayers); /* Layer Index #0 (End) */
 		l_current_pi->poc.precno1 = p_max_precision;
 		++l_current_pi;
 		++l_current_poc;