diff options
| author | Lei Zhang <thestig@chromium.org> | 2015-10-02 10:27:44 -0700 |
|---|---|---|
| committer | Lei Zhang <thestig@chromium.org> | 2015-10-02 10:27:44 -0700 |
| commit | 095a83c59120c108d9ac6f0ab71fd3faa5eea810 (patch) | |
| tree | 1914d952be63cbd8dc0f05d3eadcdf44486219b9 | |
| parent | ccc8b21622a7d6a7723bc04e065e0ec3666dab64 (diff) | |
| download | pdfium-095a83c59120c108d9ac6f0ab71fd3faa5eea810.tar.xz | |
Fix PNG decoding divide by zero error due to zero row count.
BUG=537790
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1379243002 .
| -rw-r--r-- | core/src/fxcodec/codec/fx_codec_flate.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/src/fxcodec/codec/fx_codec_flate.cpp b/core/src/fxcodec/codec/fx_codec_flate.cpp index e8878e4535..37aecf106d 100644 --- a/core/src/fxcodec/codec/fx_codec_flate.cpp +++ b/core/src/fxcodec/codec/fx_codec_flate.cpp @@ -400,6 +400,8 @@ static FX_BOOL PNG_Predictor(uint8_t*& data_buf, if (row_size <= 0) return FALSE; const int row_count = (data_size + row_size) / (row_size + 1); + if (row_count <= 0) + return FALSE; const int last_row_size = data_size % (row_size + 1); uint8_t* dest_buf = FX_Alloc2D(uint8_t, row_size, row_count); int byte_cnt = 0; |