Check CJBig2_Image is valid before filling.
Skip a lot of work that will all fail anyway.
BUG=chromium:838347
Change-Id: Iba45120e436b5547e106feb27dadea92cc948258
Reviewed-on: https://pdfium-review.googlesource.com/32053
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
diff --git a/core/fxcodec/jbig2/JBig2_GrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
index 5343df2..215d6fe 100644
--- a/core/fxcodec/jbig2/JBig2_GrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrdProc.cpp
@@ -166,9 +166,12 @@
std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate0Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext) {
- int LTP = 0;
auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+ if (!GBREG->data())
+ return nullptr;
+
GBREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GBH; h++) {
if (TPGDON) {
if (pArithDecoder->IsComplete())
@@ -314,9 +317,12 @@
std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate1Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext) {
- int LTP = 0;
auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+ if (!GBREG->data())
+ return nullptr;
+
GBREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GBH; h++) {
if (TPGDON) {
if (pArithDecoder->IsComplete())
@@ -460,9 +466,12 @@
std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate2Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext) {
- int LTP = 0;
auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+ if (!GBREG->data())
+ return nullptr;
+
GBREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GBH; h++) {
if (TPGDON) {
if (pArithDecoder->IsComplete())
@@ -592,9 +601,12 @@
std::unique_ptr<CJBig2_Image> CJBig2_GRDProc::DecodeArithTemplate3Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* gbContext) {
- int LTP = 0;
auto GBREG = pdfium::MakeUnique<CJBig2_Image>(GBW, GBH);
+ if (!GBREG->data())
+ return nullptr;
+
GBREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GBH; h++) {
if (TPGDON) {
if (pArithDecoder->IsComplete())
diff --git a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
index fa4d435..8e4d8c0 100644
--- a/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_GrrdProc.cpp
@@ -37,9 +37,12 @@
std::unique_ptr<CJBig2_Image> CJBig2_GRRDProc::DecodeTemplate0Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* grContext) {
- int LTP = 0;
auto GRREG = pdfium::MakeUnique<CJBig2_Image>(GRW, GRH);
+ if (!GRREG->data())
+ return nullptr;
+
GRREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GRH; h++) {
if (TPGRON) {
if (pArithDecoder->IsComplete())
@@ -278,9 +281,12 @@
std::unique_ptr<CJBig2_Image> CJBig2_GRRDProc::DecodeTemplate1Unopt(
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* grContext) {
- int LTP = 0;
auto GRREG = pdfium::MakeUnique<CJBig2_Image>(GRW, GRH);
+ if (!GRREG->data())
+ return nullptr;
+
GRREG->fill(0);
+ int LTP = 0;
for (uint32_t h = 0; h < GRH; h++) {
if (TPGRON) {
if (pArithDecoder->IsComplete())
diff --git a/core/fxcodec/jbig2/JBig2_HtrdProc.cpp b/core/fxcodec/jbig2/JBig2_HtrdProc.cpp
index fb2257e..7d11482 100644
--- a/core/fxcodec/jbig2/JBig2_HtrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_HtrdProc.cpp
@@ -117,6 +117,9 @@
std::unique_ptr<CJBig2_Image> CJBig2_HTRDProc::DecodeImage(
const std::vector<std::unique_ptr<CJBig2_Image>>& GSPLANES) {
auto HTREG = pdfium::MakeUnique<CJBig2_Image>(HBW, HBH);
+ if (!HTREG->data())
+ return nullptr;
+
HTREG->fill(HDEFPIXEL);
std::vector<uint32_t> GSVALS(HGW * HGH);
for (uint32_t y = 0; y < HGH; ++y) {
diff --git a/core/fxcodec/jbig2/JBig2_TrdProc.cpp b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
index ff94309..258014a 100644
--- a/core/fxcodec/jbig2/JBig2_TrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
@@ -23,10 +23,13 @@
std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::DecodeHuffman(
CJBig2_BitStream* pStream,
JBig2ArithCtx* grContext) {
- auto pHuffmanDecoder = pdfium::MakeUnique<CJBig2_HuffmanDecoder>(pStream);
auto SBREG = pdfium::MakeUnique<CJBig2_Image>(SBW, SBH);
+ if (!SBREG->data())
+ return nullptr;
+
SBREG->fill(SBDEFPIXEL);
int32_t INITIAL_STRIPT;
+ auto pHuffmanDecoder = pdfium::MakeUnique<CJBig2_HuffmanDecoder>(pStream);
if (pHuffmanDecoder->DecodeAValue(SBHUFFDT, &INITIAL_STRIPT) != 0)
return nullptr;
@@ -224,7 +227,19 @@
CJBig2_ArithDecoder* pArithDecoder,
JBig2ArithCtx* grContext,
JBig2IntDecoderState* pIDS) {
+ auto SBREG = pdfium::MakeUnique<CJBig2_Image>(SBW, SBH);
+ if (!SBREG->data())
+ return nullptr;
+
MaybeOwned<CJBig2_ArithIntDecoder> pIADT;
+ if (pIDS)
+ pIADT = pIDS->IADT;
+ else
+ pIADT = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
+ int32_t INITIAL_STRIPT;
+ if (!pIADT->Decode(pArithDecoder, &INITIAL_STRIPT))
+ return nullptr;
+
MaybeOwned<CJBig2_ArithIntDecoder> pIAFS;
MaybeOwned<CJBig2_ArithIntDecoder> pIADS;
MaybeOwned<CJBig2_ArithIntDecoder> pIAIT;
@@ -235,7 +250,6 @@
MaybeOwned<CJBig2_ArithIntDecoder> pIARDY;
MaybeOwned<CJBig2_ArithIaidDecoder> pIAID;
if (pIDS) {
- pIADT = pIDS->IADT;
pIAFS = pIDS->IAFS;
pIADS = pIDS->IADS;
pIAIT = pIDS->IAIT;
@@ -246,7 +260,6 @@
pIARDY = pIDS->IARDY;
pIAID = pIDS->IAID;
} else {
- pIADT = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
pIAFS = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
pIADS = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
pIAIT = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
@@ -257,11 +270,8 @@
pIARDY = pdfium::MakeUnique<CJBig2_ArithIntDecoder>();
pIAID = pdfium::MakeUnique<CJBig2_ArithIaidDecoder>(SBSYMCODELEN);
}
- auto SBREG = pdfium::MakeUnique<CJBig2_Image>(SBW, SBH);
+
SBREG->fill(SBDEFPIXEL);
- int32_t INITIAL_STRIPT;
- if (!pIADT->Decode(pArithDecoder, &INITIAL_STRIPT))
- return nullptr;
FX_SAFE_INT32 STRIPT = INITIAL_STRIPT;
STRIPT *= SBSTRIPS;
