M106: Fix a malloc size error in OpenJPEG.

Cherrypick the fix [1] from upstream OpenJPEG. [1] uclouvain/openjpeg#1426 Bug: chromium:1357303 Change-Id: I0b18a896c061485e41eb2890d21d0f6d842bab18 Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/97012 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> (cherry picked from commit 340bbcf) Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/97790
lukas-w · Sep 9, 2022 · c5f6102 · c5f6102
1 parent ad499fd
commit c5f6102
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/third_party/libopenjpeg/0044-opj_t1_allocate_buffers.patch b/third_party/libopenjpeg/0044-opj_t1_allocate_buffers.patch
@@ -0,0 +1,28 @@
+commit 0535bfc3b7d5cd6fc73a7d4a6749a338fc5d7703
+Author: Yuan <zodf0055980@gmail.com>
+Date:   Tue May 31 17:55:12 2022 +0800
+
+    HT_DEC: Fix opj_t1_allocate_buffers malloc size error (#1426) (fixes #1413)
+
+diff --git a/src/lib/openjp2/ht_dec.c b/src/lib/openjp2/ht_dec.c
+index e2f3afd6..a803d1bb 100644
+--- a/src/lib/openjp2/ht_dec.c
++++ b/src/lib/openjp2/ht_dec.c
+@@ -1063,7 +1063,7 @@ static OPJ_BOOL opj_t1_allocate_buffers(
+         if (flagssize > t1->flagssize) {
+
+             opj_aligned_free(t1->flags);
+-            t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize);
++            t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize * sizeof(opj_flag_t));
+             if (!t1->flags) {
+                 /* FIXME event manager error callback */
+                 return OPJ_FALSE;
+@@ -1071,7 +1071,7 @@ static OPJ_BOOL opj_t1_allocate_buffers(
+         }
+         t1->flagssize = flagssize;
+
+-        memset(t1->flags, 0, flagssize);
++        memset(t1->flags, 0, flagssize * sizeof(opj_flag_t));
+     }
+
+     t1->w = w;
diff --git a/third_party/libopenjpeg/README.pdfium b/third_party/libopenjpeg/README.pdfium
@@ -31,3 +31,4 @@ Local Modifications:
 0041-remove_opj_clock.patch: Remove unused opj_clock.h include.
 0042-popcnt-windows-arm64.patch: Backport to fix Windows arm64 build.
 0043-mel_init.patch: Backport fix for assertion failure in mel_init().
+0044-opj_t1_allocate_buffers.patch: Backport fix for malloc size error in opj_t1_allocate_buffers().
diff --git a/third_party/libopenjpeg/ht_dec.c b/third_party/libopenjpeg/ht_dec.c
@@ -1066,15 +1066,15 @@ static OPJ_BOOL opj_t1_allocate_buffers(
         if (flagssize > t1->flagssize) {
 
             opj_aligned_free(t1->flags);
-            t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize);
+            t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize * sizeof(opj_flag_t));
             if (!t1->flags) {
                 /* FIXME event manager error callback */
                 return OPJ_FALSE;
             }
         }
         t1->flagssize = flagssize;
 
-        memset(t1->flags, 0, flagssize);
+        memset(t1->flags, 0, flagssize * sizeof(opj_flag_t));
     }
 
     t1->w = w;