Fix compare between signed and unsigned values in CPDF_ImageRenderer::StartDIBSource.

Correct the compare logic in CPDF_ImageRenderer::StartDIBSource() by using size_t instead of int.

BUG=chromium:645036
R=ochang@chromium.org

Review-Url: https://codereview.chromium.org/2323663002

1 files changed, 9 insertions, 3 deletions

diff --git a/core/fpdfapi/fpdf_render/fpdf_render_image.cpp b/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
index 6b842198ed..7ac5210291 100644
--- a/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
+++ b/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
@@ -762,9 +762,15 @@ FX_BOOL CPDF_ImageRenderer::DrawMaskedImage() {
 
 FX_BOOL CPDF_ImageRenderer::StartDIBSource() {
   if (!(m_Flags & RENDER_FORCE_DOWNSAMPLE) && m_pDIBSource->GetBPP() > 1) {
-    int image_size = m_pDIBSource->GetBPP() / 8 * m_pDIBSource->GetWidth() *
-                     m_pDIBSource->GetHeight();
-    if (image_size > FPDF_HUGE_IMAGE_SIZE &&
+    FX_SAFE_SIZE_T image_size = m_pDIBSource->GetBPP();
+    image_size /= 8;
+    image_size *= m_pDIBSource->GetWidth();
+    image_size *= m_pDIBSource->GetHeight();
+    if (!image_size.IsValid()) {
+      return FALSE;
+    }
+
+    if (image_size.ValueOrDie() > FPDF_HUGE_IMAGE_SIZE &&
         !(m_Flags & RENDER_FORCE_HALFTONE)) {
       m_Flags |= RENDER_FORCE_DOWNSAMPLE;
     }