Merge to XFA: Integer overflow in CJBig2_Image::expand
authorJUN FANG <jun_fang@foxitsoftware.com>
Wed, 20 May 2015 19:25:56 +0000 (12:25 -0700)
committerJUN FANG <jun_fang@foxitsoftware.com>
Wed, 20 May 2015 20:44:37 +0000 (13:44 -0700)
commit24d24506f7e5f185a8f6577f7ccd59dbbad3eed5
tree8a36e0c42392cce63b33a32fb77f20bb1df5b56c
parent3c3201f333eaf22931fbd4916f2ef0fd0479fead
Merge to XFA: Integer overflow in CJBig2_Image::expand

1. New size should be larger than old size in JBig2_Realloc.
2. Arguments are integers but parameters are size_t in JBIG2_memset.
   After integer overflows, it will be presented as a huge
   unsigned number on 64 bits system.

BUG=483981
R=brucedawson@chromium.org, tsepez@chromium.org

Review URL: https://codereview.chromium.org/1148643002
core/src/fxcodec/jbig2/JBig2_Image.cpp