diff options
author | Nicolas Pena <npm@chromium.org> | 2017-01-16 13:09:41 -0500 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-01-16 21:56:56 +0000 |
commit | ff920ae3e181de9275f1d4c9b4b54fe2a7a54560 (patch) | |
tree | f19c447001295300d6af2928b32c18d6dc1045e0 | |
parent | 6efd0d7464e1f02ef3cd4f1abe5c6f8e5283fbbb (diff) | |
download | pdfium-ff920ae3e181de9275f1d4c9b4b54fe2a7a54560.tar.xz |
Check blue,green,red bit count in bmp_decode_rgb
If the values are going to overflow, return error code, which seems to
be 2.
BUG=668822
Change-Id: I89b3fcf277e98d65b8c3438e6d9bb84fe62a8de9
Reviewed-on: https://pdfium-review.googlesource.com/2213
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
-rw-r--r-- | core/fxcodec/lbmp/fx_bmp.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/fxcodec/lbmp/fx_bmp.cpp b/core/fxcodec/lbmp/fx_bmp.cpp index fb64b36560..2b072a4a0c 100644 --- a/core/fxcodec/lbmp/fx_bmp.cpp +++ b/core/fxcodec/lbmp/fx_bmp.cpp @@ -358,6 +358,8 @@ int32_t bmp_decode_rgb(bmp_decompress_struct_p bmp_ptr) { } green_bits += blue_bits; red_bits += green_bits; + if (blue_bits > 8 || green_bits < 8 || red_bits < 8) + return 2; blue_bits = 8 - blue_bits; green_bits -= 8; red_bits -= 8; |