summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorochang <ochang@chromium.org>2016-04-12 13:31:34 -0700
committerCommit bot <commit-bot@chromium.org>2016-04-12 13:31:34 -0700
commit6a3521f049b35c801f124f1573718021a785ff6b (patch)
treeef823e9dd39b4e615ba02d4ac0390a92a024599b
parenta5c1323ae6a2379fb5fe3ddea4c223fccd0c41b0 (diff)
downloadpdfium-6a3521f049b35c801f124f1573718021a785ff6b.tar.xz
Prevent an OOB access in CPDF_DIBSource::TranslateScanline24bpp
if |m_Family| was RGB, the code assumed there were 3 components, which may not be the case. BUG=chromium:602046 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1877033003
-rw-r--r--core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp3
1 files changed, 3 insertions, 0 deletions
diff --git a/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp b/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
index 350c8b85d6..951d38359f 100644
--- a/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
+++ b/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
@@ -918,6 +918,9 @@ void CPDF_DIBSource::TranslateScanline24bpp(uint8_t* dest_scan,
unsigned int max_data = (1 << m_bpc) - 1;
if (m_bDefaultDecode) {
if (m_Family == PDFCS_DEVICERGB || m_Family == PDFCS_CALRGB) {
+ if (m_nComponents != 3)
+ return;
+
const uint8_t* src_pos = src_scan;
switch (m_bpc) {
case 16: