shithub: jbig2

Download patch

ref: 3e832349644ca131104aaa78b2f8c25d6583edc0
parent: 77ff23aa10115588a03dc689a75c8a0bd20ae526
author: Sebastian Rasmussen <sebras@gmail.com>
date: Sun Jul 1 13:25:48 EDT 2018 

jbig2dec: Limit region height to page/stripe height.

Make sure to ignore regions outside of stripe/page.


--- a/jbig2_generic.c
+++ b/jbig2_generic.c
@@ -800,6 +800,7 @@
     Jbig2ArithState *as = NULL;
     Jbig2ArithCx *GB_stats = NULL;
     uint32_t height;
+    Jbig2Page *page = &ctx->pages[ctx->current_page];
 
     /* 7.4.6 */
     if (segment->data_length < 18)
@@ -843,6 +844,28 @@
     params.TPGDON = (seg_flags & 8) >> 3;
     params.USESKIP = 0;
     memcpy(params.gbat, gbat, gbat_bytes);
+
+    if (page->height == 0xffffffff && page->striped && page->stripe_size > 0) {
+        if (rsi.y >= page->end_row + page->stripe_size) {
+            jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "ignoring %u x %u region at (%u, %u) outside of stripe at row %u covering %u rows, on page of height %u", rsi.width, rsi.height, rsi.x, rsi.y, page->end_row, page->stripe_size, page->image->height);
+            return 0;
+        }
+        if (height > page->end_row + page->stripe_size) {
+            height = page->end_row + page->stripe_size;
+        }
+    } else {
+        if (rsi.y >= page->height) {
+            jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "ignoring %u x %u region at (%u, %u) outside of page of height %u", rsi.width, rsi.height, rsi.x, rsi.y, page->height);
+            return 0;
+        }
+        if (height > page->height - rsi .y) {
+            height = page->height - rsi.y;
+        }
+    }
+    if (height == 0) {
+        jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "nothing remains of region, ignoring");
+        return 0;
+    }
 
     image = jbig2_image_new(ctx, rsi.width, height);
     if (image == NULL)
--- a/jbig2_page.c
+++ b/jbig2_page.c
@@ -172,7 +172,7 @@
         jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
                     "end of stripe segment with non-positive end row advance (new end row %d vs current end row %d)", end_row, page.end_row);
     } else {
-        jbig2_error(ctx, JBIG2_SEVERITY_INFO, segment->number, "end of stripe: advancing end row to %d", end_row);
+        jbig2_error(ctx, JBIG2_SEVERITY_INFO, segment->number, "end of stripe: advancing end row from %u to %u", page.end_row, end_row);
     }
 
     page.end_row = end_row;
@@ -268,11 +268,10 @@
     /* grow the page to accommodate a new stripe if necessary */
     if (page->striped && page->height == 0xFFFFFFFF) {
         uint32_t new_height = y + image->height;
-
         if (page->image->height < new_height) {
             Jbig2Image *resized_image = NULL;
 
-            jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows to accommodate new stripe", new_height);
+            jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %u rows to accommodate new stripe", new_height);
             resized_image = jbig2_image_resize(ctx, page->image, page->image->width, new_height, page->flags & 4);
             if (resized_image == NULL) {
                 return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to resize image to accommodate new stripe");