diff options
author | Lei Zhang <thestig@chromium.org> | 2020-02-07 21:19:48 +0000 |
---|---|---|
committer | Michael Brüning <michael.bruning@qt.io> | 2020-03-10 15:48:58 +0000 |
commit | edd82d1d7ced0744c5086cfbe0cff4051dc5fee5 (patch) | |
tree | b813aae14dd7e0e72db08345e6f23a3c9ff2a696 /chromium/third_party/pdfium/third_party/libopenjpeg20/README.pdfium | |
parent | 5043a049628bbc0c28e00e40e87744efc96a8472 (diff) | |
download | qtwebengine-chromium-edd82d1d7ced0744c5086cfbe0cff4051dc5fee5.tar.gz |
[Backport] Security bug 1047097
Cherry-pick of patch originally reviewed on
https://pdfium-review.googlesource.com/c/pdfium/+/65830
https://pdfium-review.googlesource.com/c/pdfium/+/66290:
M80: Avoid an integer overflow in OpenJPEG.
Patch in upstream commit 05f9b91e60debda0e83977e5e63b2e66486f7074.
TBR=tsepez@chromium.org
Bug: chromium:1047097
Change-Id: Ia9c3c9f3b130f87f47c5aaf5c3640c8008900ce4
Auto-Submit: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
(cherry picked from commit 65137d177ac2f6c1591a1f6e8b8809936bfd088d)
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
Diffstat (limited to 'chromium/third_party/pdfium/third_party/libopenjpeg20/README.pdfium')
-rw-r--r-- | chromium/third_party/pdfium/third_party/libopenjpeg20/README.pdfium | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/chromium/third_party/pdfium/third_party/libopenjpeg20/README.pdfium b/chromium/third_party/pdfium/third_party/libopenjpeg20/README.pdfium index 45d8bec44e6..8fc5d4be278 100644 --- a/chromium/third_party/pdfium/third_party/libopenjpeg20/README.pdfium +++ b/chromium/third_party/pdfium/third_party/libopenjpeg20/README.pdfium @@ -29,3 +29,4 @@ Local Modifications: 0034-opj_malloc.patch: PDFium changes in opj_malloc. 0035-opj_image_data_free.patch: Use the right free function in opj_jp2_apply_pclr. 0036-opj_j2k_update_image_dimensions.patch: fix integer overflow. +0037-tcd_init_tile.patch: Avoid integer overflow in opj_tcd_init_tile(). |