Check that the request was satisfied in ReadData

Currently the BMP decompressor doesn't verify the returned data length was the amount requested. This means we may end up with part of our structure uninitialized if we didn't copy in enough data. This CL verifies the length of data copied is the size we require. BUG=chromium:811853 Change-Id: I20e0e9b3ff1176a620fcb38c3c7e585848b7e428 Reviewed-on: https://pdfium-review.googlesource.com/26850 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
author: Ryan Harrison <rharrison@chromium.org> 2018-02-14 18:57:20 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-02-14 18:57:20 +0000
commit: a9eabe43437871b7b5f5569f0e3e1b9b3e01cedf (patch)
tree: bad10c9b0fe186e138bac671ada813c6d1ac7a27
parent: 785d126bd57abebc208a3e971ba26cc29bef59ce (diff)
download: pdfium-a9eabe43437871b7b5f5569f0e3e1b9b3e01cedf.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
index 71909d2732..d8f2b8d70b 100644
--- a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
+++ b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
@@ -637,7 +637,7 @@ int32_t CFX_BmpDecompressor::DecodeRLE4() {
 }
 
 bool CFX_BmpDecompressor::ReadData(uint8_t* destination, uint32_t size) {
-  return input_buffer_ && input_buffer_->ReadBlock(destination, size);
+  return input_buffer_ && input_buffer_->ReadBlock(destination, size) == size;
 }
 
 void CFX_BmpDecompressor::SaveDecodingStatus(int32_t status) {
author	Ryan Harrison <rharrison@chromium.org>	2018-02-14 18:57:20 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-02-14 18:57:20 +0000
commit	a9eabe43437871b7b5f5569f0e3e1b9b3e01cedf (patch)
tree	bad10c9b0fe186e138bac671ada813c6d1ac7a27
parent	785d126bd57abebc208a3e971ba26cc29bef59ce (diff)
download	pdfium-a9eabe43437871b7b5f5569f0e3e1b9b3e01cedf.tar.xz