Verify value of prec before using The fx_codec_jpx_opj code will attempt to do a 1 << (prec - 1). If the prec value is >=32 then that shift will overflow the int value. This CL adds a check that prec is < 32 before attempting the shift. BUG=chromium:633208 Review-Url: https://codereview.chromium.org/2334823002

commit: db319ec6a9330e75276b873f6027caddf2a15ec0 [log] [tgz]
author: dsinclair <dsinclair@chromium.org> Mon Sep 12 14:04:08 2016 -0700
committer: Commit bot <commit-bot@chromium.org> Mon Sep 12 14:04:08 2016 -0700
tree: 846a18c97bdd9f2649c7bc868ab37cde591ec3d4
parent: 01b67ed9b441cd485997bc08482def1f2ab265db [diff]
diff --git a/core/fxcodec/codec/fx_codec_jpx_opj.cpp b/core/fxcodec/codec/fx_codec_jpx_opj.cpp
index ed93319..a1c38d0 100644
--- a/core/fxcodec/codec/fx_codec_jpx_opj.cpp
+++ b/core/fxcodec/codec/fx_codec_jpx_opj.cpp

@@ -231,6 +231,9 @@
     return;
 
   int prec = img->comps[0].prec;
+  if (prec <= 0 || prec >= 32)
+    return;
+
   int offset = 1 << (prec - 1);
   int upb = (1 << prec) - 1;
commit	db319ec6a9330e75276b873f6027caddf2a15ec0	[log] [tgz]
author	dsinclair <dsinclair@chromium.org>	Mon Sep 12 14:04:08 2016 -0700
committer	Commit bot <commit-bot@chromium.org>	Mon Sep 12 14:04:08 2016 -0700
tree	846a18c97bdd9f2649c7bc868ab37cde591ec3d4
parent	01b67ed9b441cd485997bc08482def1f2ab265db [diff]