diff options
| author | Lei Zhang <thestig@chromium.org> | 2016-10-24 13:39:02 -0700 |
|---|---|---|
| committer | Lei Zhang <thestig@chromium.org> | 2016-10-24 13:39:02 -0700 |
| commit | ed6485f1aa4ce9de8b5cab86cc844df4f4bd0b52 (patch) | |
| tree | 9fbf83a82203b0902ded96559711c3809678bca5 | |
| parent | af56b8b61b32099e60c79c6e3e8d4375dcc24ab5 (diff) | |
| download | pdfium-ed6485f1aa4ce9de8b5cab86cc844df4f4bd0b52.tar.xz | |
M55: Strengthen bounds check in CWeightTable::Calc * part II
This CL implemented a better version of CWeightTable::GetPixelWeightSize(), which will calculate the size of array PixelWeight.m_Weights correctly to prevent potential heap buffer overflow conditions.
BUG=chromium:654183
TBR=tsepez@chromium.org
Review-Url: https://codereview.chromium.org/2404453003
(cherry picked from commit 05923132ae08d45fbe957219775a48c55ee57aef)
Review URL: https://codereview.chromium.org/2448613002 .
| -rw-r--r-- | core/fxge/dib/fx_dib_engine.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fxge/dib/fx_dib_engine.cpp b/core/fxge/dib/fx_dib_engine.cpp index 389cf23909..47dcf03259 100644 --- a/core/fxge/dib/fx_dib_engine.cpp +++ b/core/fxge/dib/fx_dib_engine.cpp @@ -43,7 +43,7 @@ CWeightTable::~CWeightTable() { } size_t CWeightTable::GetPixelWeightSize() const { - return m_dwWeightTablesSize / sizeof(int); + return m_ItemSize / sizeof(int) - 2; } bool CWeightTable::Calc(int dest_len, |