Merge to M51: Prevent an OOB access in CPDF_DIBSource::TranslateScanline24bpp

if |m_Family| was RGB, the code assumed there were 3 components, which may not be the case. BUG=chromium:602046 TBR=tsepez@chromium.org Original Review URL: https://codereview.chromium.org/1877033003 (cherry picked from commit 6a3521f049b35c801f124f1573718021a785ff6b) Review URL: https://codereview.chromium.org/1895033004 .
author: Oliver Chang <ochang@chromium.org> 2016-04-18 12:45:52 -0700
committer: Oliver Chang <ochang@chromium.org> 2016-04-18 12:45:52 -0700
commit: a57e3e13c1c0ea8e47746f5622f299bd3150eb48 (patch)
tree: c07c10b37facfd3bf8600d213f5a579e6603019c
parent: 0b1e15bc24261aff413578571dd04cd18f502f31 (diff)
download: pdfium-a57e3e13c1c0ea8e47746f5622f299bd3150eb48.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp b/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
index 144de779e9..97f625f29f 100644
--- a/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
+++ b/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
@@ -918,6 +918,9 @@ void CPDF_DIBSource::TranslateScanline24bpp(uint8_t* dest_scan,
   unsigned int max_data = (1 << m_bpc) - 1;
   if (m_bDefaultDecode) {
     if (m_Family == PDFCS_DEVICERGB || m_Family == PDFCS_CALRGB) {
+      if (m_nComponents != 3)
+        return;
+
       const uint8_t* src_pos = src_scan;
       switch (m_bpc) {
         case 16:
author	Oliver Chang <ochang@chromium.org>	2016-04-18 12:45:52 -0700
committer	Oliver Chang <ochang@chromium.org>	2016-04-18 12:45:52 -0700
commit	a57e3e13c1c0ea8e47746f5622f299bd3150eb48 (patch)
tree	c07c10b37facfd3bf8600d213f5a579e6603019c
parent	0b1e15bc24261aff413578571dd04cd18f502f31 (diff)
download	pdfium-a57e3e13c1c0ea8e47746f5622f299bd3150eb48.tar.xz