Prevent divide by zeros in CJBig2_GSIDProc::decode_MMR().
authorLei Zhang <thestig@chromium.org>
Fri, 2 Oct 2015 17:58:42 +0000 (10:58 -0700)
committerLei Zhang <thestig@chromium.org>
Fri, 2 Oct 2015 17:58:42 +0000 (10:58 -0700)
Check the image size before attempting to decode.

BUG=538103
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1377493005 .

core/src/fxcodec/jbig2/JBig2_Context.cpp

index 2e2cf9e..f2c44b7 100644 (file)
@@ -1127,6 +1127,11 @@ int32_t CJBig2_Context::parseHalftoneRegion(CJBig2_Segment* pSegment,
     nRet = JBIG2_ERROR_TOO_SHORT;
     goto failed;
   }
+  if (pHRD->HGW == 0 || pHRD->HGH == 0) {
+    nRet = JBIG2_ERROR_FATAL;
+    goto failed;
+  }
+
   pHRD->HBW = ri.width;
   pHRD->HBH = ri.height;
   pHRD->HMMR = cFlags & 0x01;