e9ccc9bc449846107f1c539e25677f4877ddf22f - pdfium

commit	e9ccc9bc449846107f1c539e25677f4877ddf22f	[log] [tgz]
author	JUN FANG <jun_fang@foxitsoftware.com>	Wed May 20 12:25:56 2015 -0700
committer	JUN FANG <jun_fang@foxitsoftware.com>	Wed May 20 12:25:56 2015 -0700
tree	95ad9b3d81189bfd211d1c017979db7333428825
parent	3a251306b0fc80eadbd49a806b27c31e285c3223 [diff]

Integer overflow in CJBig2_Image::expand

1. New size should be larger than old size in JBig2_Realloc.
2. Arguments are integers but parameters are size_t in JBIG2_memset.
   After integer overflows, it will be presented as a huge
   unsigned number on 64 bits system.

BUG=483981
R=brucedawson@chromium.org, tsepez@chromium.org

Review URL: https://codereview.chromium.org/1148643002

core/src/fxcodec/jbig2/JBig2_Image.cpp[diff]

1 file changed

tree: 95ad9b3d81189bfd211d1c017979db7333428825

build/
core/
fpdfsdk/
public/
samples/
testing/
third_party/
.gitignore
AUTHORS
BUILD.gn
codereview.settings
DEPS
LICENSE
OWNERS
pdfium.gyp
README