shithub: jbig2

Download patch

ref: 56e2b41c18cccc6ed7eff3f0f5a769b19fb946a8
parent: 9607332ea3d0d609324d5e6c02fd00700456ca06
author: Sebastian Rasmussen <[email protected]>
date: Fri Jul 13 08:49:36 EDT 2018

jbig2dec: Limit scanline index in MMR coded data.

According to the T.6 specification the pixel references, e.g. a0,
may point to any of the pixels (indices 0 through N-1) on a
scanline, one pixel to the left of a scanline (index MINUS1) or
one pixel beyond the scanline (index N). These indicies are all
positive (despite its name MINUS1 is defined to UINT32_MAX).

This commit changes the index type from signed to unsigned to
reflect this. Moreover, when looking for changing elements,
make sure to limit the returned index to N.

--- a/jbig2_mmr.c
+++ b/jbig2_mmr.c
@@ -735,20 +735,22 @@
 
 #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 )
 
-static int
+static uint32_t
 jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
 {
     int a, b;
 
-    if (line == 0)
-        return (int)w;
+    if (line == NULL)
+        return w;
 
     if (x == MINUS1) {
         a = 0;
         x = 0;
-    } else {
+    } else if (x < w) {
         a = getbit(line, x);
         x++;
+    } else {
+        return x;
     }
 
     while (x < w) {
@@ -761,10 +763,10 @@
     return x;
 }
 
-static int
+static uint32_t
 jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color)
 {
-    if (line == 0)
+    if (line == NULL)
         return w;
     x = jbig2_find_changing_element(line, x, w);
     if (x < w && getbit(line, x) != color)