commit | e9ccc9bc449846107f1c539e25677f4877ddf22f | [log] [tgz] |
---|---|---|
author | JUN FANG <jun_fang@foxitsoftware.com> | Wed May 20 12:25:56 2015 -0700 |
committer | JUN FANG <jun_fang@foxitsoftware.com> | Wed May 20 12:25:56 2015 -0700 |
tree | 95ad9b3d81189bfd211d1c017979db7333428825 | |
parent | 3a251306b0fc80eadbd49a806b27c31e285c3223 [diff] |
Integer overflow in CJBig2_Image::expand 1. New size should be larger than old size in JBig2_Realloc. 2. Arguments are integers but parameters are size_t in JBIG2_memset. After integer overflows, it will be presented as a huge unsigned number on 64 bits system. BUG=483981 R=brucedawson@chromium.org, tsepez@chromium.org Review URL: https://codereview.chromium.org/1148643002