commit ccc41553b016ec5a9bbc19fdbdf8d7fe8e063dc9
author Tom Sepez <tsepez@chromium.org> Fri Nov 22 02:02:05 2024 +0000
committer Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Nov 22 02:02:05 2024 +0000
tree 968004759a33609ebb4ab855a35d39ed28f42af3
parent 5f77faf2b3b59f7f3aee2ca50d639ab0ea81a878

Consistently store JpegCommon into cinfo.client_data.

Currently, it stores either the address of a jmp_buf, or the address
of a CJpegContext depending on the callers. Make this consistent to
ensure there isn't a possibility of confusion.

Change-Id: I59b2f18501c422e55f4fd9cb8e04a09c37a2a56f
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/126370
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Thomas Sepez <tsepez@google.com>
Reviewed-by: Lei Zhang <thestig@chromium.org>

core/fxcodec/jpeg/jpeg_common.h

diff --git a/core/fxcodec/jpeg/jpeg_common.h b/core/fxcodec/jpeg/jpeg_common.h
index 677e44d..6dda4b9 100644
--- a/core/fxcodec/jpeg/jpeg_common.h
+++ b/core/fxcodec/jpeg/jpeg_common.h
@@ -41,6 +41,7 @@
   struct jpeg_decompress_struct cinfo;
   struct jpeg_error_mgr error_mgr;
   struct jpeg_source_mgr source_mgr;
+  unsigned int skip_size;
 };
 typedef struct JpegCommon JpegCommon;
 

core/fxcodec/jpeg/jpeg_progressive_decoder.cpp

diff --git a/core/fxcodec/jpeg/jpeg_progressive_decoder.cpp b/core/fxcodec/jpeg/jpeg_progressive_decoder.cpp
index 9f6072a..21d7b6e 100644
--- a/core/fxcodec/jpeg/jpeg_progressive_decoder.cpp
+++ b/core/fxcodec/jpeg/jpeg_progressive_decoder.cpp
@@ -27,20 +27,19 @@
   jmp_buf& GetJumpMark() { return m_Common.jmpbuf; }
 
   JpegCommon m_Common = {};
-  unsigned int m_SkipSize = 0;
 };
 
 extern "C" {
 
 static void error_fatal(j_common_ptr cinfo) {
-  auto* pContext = reinterpret_cast<CJpegContext*>(cinfo->client_data);
-  longjmp(pContext->m_Common.jmpbuf, -1);
+  auto* pCommon = reinterpret_cast<JpegCommon*>(cinfo->client_data);
+  longjmp(pCommon->jmpbuf, -1);
 }
 
 static void src_skip_data(jpeg_decompress_struct* cinfo, long num) {
   if (cinfo->src->bytes_in_buffer < static_cast<size_t>(num)) {
-    auto* pContext = reinterpret_cast<CJpegContext*>(cinfo->client_data);
-    pContext->m_SkipSize = (unsigned int)(num - cinfo->src->bytes_in_buffer);
+    auto* pCommon = reinterpret_cast<JpegCommon*>(cinfo->client_data);
+    pCommon->skip_size = (unsigned int)(num - cinfo->src->bytes_in_buffer);
     cinfo->src->bytes_in_buffer = 0;
   } else {
     // SAFETY: required from library during callback.
@@ -60,7 +59,7 @@
 }
 
 CJpegContext::CJpegContext() {
-  m_Common.cinfo.client_data = this;
+  m_Common.cinfo.client_data = &m_Common;
   m_Common.cinfo.err = &m_Common.error_mgr;
 
   m_Common.error_mgr.error_exit = error_fatal;
@@ -113,7 +112,7 @@
     return nullptr;
   }
   pContext->m_Common.cinfo.src = &pContext->m_Common.source_mgr;
-  pContext->m_SkipSize = 0;
+  pContext->m_Common.skip_size = 0;
   return pContext;
 }
 
@@ -168,14 +167,14 @@
                                    RetainPtr<CFX_CodecMemory> codec_memory) {
   pdfium::span<uint8_t> src_buf = codec_memory->GetUnconsumedSpan();
   auto* ctx = static_cast<CJpegContext*>(pContext);
-  if (ctx->m_SkipSize) {
-    if (ctx->m_SkipSize > src_buf.size()) {
+  if (ctx->m_Common.skip_size) {
+    if (ctx->m_Common.skip_size > src_buf.size()) {
       ctx->m_Common.source_mgr.bytes_in_buffer = 0;
-      ctx->m_SkipSize -= src_buf.size();
+      ctx->m_Common.skip_size -= src_buf.size();
       return true;
     }
-    src_buf = src_buf.subspan(ctx->m_SkipSize);
-    ctx->m_SkipSize = 0;
+    src_buf = src_buf.subspan(ctx->m_Common.skip_size);
+    ctx->m_Common.skip_size = 0;
   }
   ctx->m_Common.source_mgr.next_input_byte = src_buf.data();
   ctx->m_Common.source_mgr.bytes_in_buffer = src_buf.size();

core/fxcodec/jpeg/jpegmodule.cpp

diff --git a/core/fxcodec/jpeg/jpegmodule.cpp b/core/fxcodec/jpeg/jpegmodule.cpp
index 664a454..068e99e 100644
--- a/core/fxcodec/jpeg/jpegmodule.cpp
+++ b/core/fxcodec/jpeg/jpegmodule.cpp
@@ -38,7 +38,8 @@
 extern "C" {
 
 static void error_fatal(j_common_ptr cinfo) {
-  longjmp(*(jmp_buf*)cinfo->client_data, -1);
+  auto* pCommon = reinterpret_cast<JpegCommon*>(cinfo->client_data);
+  longjmp(pCommon->jmpbuf, -1);
 }
 
 static void src_skip_data(jpeg_decompress_struct* cinfo, long num) {
@@ -72,7 +73,7 @@
   jpeg_common.error_mgr.reset_error_mgr = jpeg_common_error_do_nothing;
   jpeg_common.error_mgr.trace_level = 0;
   jpeg_common.cinfo.err = &jpeg_common.error_mgr;
-  jpeg_common.cinfo.client_data = &jpeg_common.jmpbuf;
+  jpeg_common.cinfo.client_data = &jpeg_common;
   if (!jpeg_common_create_decompress(&jpeg_common)) {
     return false;
   }
@@ -168,7 +169,7 @@
 
 bool JpegDecoder::InitDecode(bool bAcceptKnownBadHeader) {
   m_Common.cinfo.err = &m_Common.error_mgr;
-  m_Common.cinfo.client_data = &m_Common.jmpbuf;
+  m_Common.cinfo.client_data = &m_Common;
   if (!jpeg_common_create_decompress(&m_Common)) {
     return false;
   }