summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorstackexploit <stackexploit@gmail.com>2016-09-19 07:05:50 -0700
committerCommit bot <commit-bot@chromium.org>2016-09-19 07:05:50 -0700
commit2f8568ef91156d2deb8411c427fbb52f880ccc34 (patch)
treefa686c7944fc9719249c6cc2a434a55325000ee2
parenta0ff010a380c98d2092ff849ffc2f672e87fc799 (diff)
downloadpdfium-2f8568ef91156d2deb8411c427fbb52f880ccc34.tar.xz
Fix compare between signed and unsigned values in CPDF_ImageRenderer::StartDIBSource.
Correct the compare logic in CPDF_ImageRenderer::StartDIBSource() by using size_t instead of int. BUG=chromium:645036 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2323663002
-rw-r--r--core/fpdfapi/fpdf_render/fpdf_render_image.cpp12
1 files changed, 9 insertions, 3 deletions
diff --git a/core/fpdfapi/fpdf_render/fpdf_render_image.cpp b/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
index 6b842198ed..7ac5210291 100644
--- a/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
+++ b/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
@@ -762,9 +762,15 @@ FX_BOOL CPDF_ImageRenderer::DrawMaskedImage() {
FX_BOOL CPDF_ImageRenderer::StartDIBSource() {
if (!(m_Flags & RENDER_FORCE_DOWNSAMPLE) && m_pDIBSource->GetBPP() > 1) {
- int image_size = m_pDIBSource->GetBPP() / 8 * m_pDIBSource->GetWidth() *
- m_pDIBSource->GetHeight();
- if (image_size > FPDF_HUGE_IMAGE_SIZE &&
+ FX_SAFE_SIZE_T image_size = m_pDIBSource->GetBPP();
+ image_size /= 8;
+ image_size *= m_pDIBSource->GetWidth();
+ image_size *= m_pDIBSource->GetHeight();
+ if (!image_size.IsValid()) {
+ return FALSE;
+ }
+
+ if (image_size.ValueOrDie() > FPDF_HUGE_IMAGE_SIZE &&
!(m_Flags & RENDER_FORCE_HALFTONE)) {
m_Flags |= RENDER_FORCE_DOWNSAMPLE;
}