commit 3f8cb532c93bd2839073ed4949d051245de5a4cb
author npm <npm@chromium.org> Wed Nov 09 17:26:27 2016 -0800
committer Commit bot <commit-bot@chromium.org> Wed Nov 09 17:26:27 2016 -0800
tree 37f246a16a74193c96b8e0892ec0c0640e5a57a3
parent 6173c9d2a3ce717b1ea3bfa12d6d403ee6a543a6

Add early returns in CJBig2_TRDProc::decode_Arith when decode fails.

None of the decodes in the method are currently being checked. This is
causing pdfium to take a long time rendering corrupted files. Thus, I
added a couple of early returns to help prevent this from happening.

BUG=450971

Review-Url: https://codereview.chromium.org/2493633002

core/fxcodec/jbig2/JBig2_TrdProc.cpp

diff --git a/core/fxcodec/jbig2/JBig2_TrdProc.cpp b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
index ccd8ebf..1329cde 100644
--- a/core/fxcodec/jbig2/JBig2_TrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
@@ -266,7 +266,8 @@
   std::unique_ptr<CJBig2_Image> SBREG(new CJBig2_Image(SBW, SBH));
   SBREG->fill(SBDEFPIXEL);
   int32_t STRIPT;
-  pIADT->decode(pArithDecoder, &STRIPT);
+  if (!pIADT->decode(pArithDecoder, &STRIPT))
+    return nullptr;
   STRIPT *= SBSTRIPS;
   STRIPT = -STRIPT;
   int32_t FIRSTS = 0;
@@ -274,7 +275,8 @@
   while (NINSTANCES < SBNUMINSTANCES) {
     int32_t CURS = 0;
     int32_t DT;
-    pIADT->decode(pArithDecoder, &DT);
+    if (!pIADT->decode(pArithDecoder, &DT))
+      return nullptr;
     DT *= SBSTRIPS;
     STRIPT += DT;
     bool bFirst = true;