summaryrefslogtreecommitdiff
path: root/core/fpdfapi/page/cpdf_sampledfunc.cpp
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2018-04-19 16:46:42 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-04-19 16:46:42 +0000
commit54e6da1ee793f436341dfcdc4e0c26b0658d1928 (patch)
tree482c5554c4c2d9f9f1ef31d7b1bf21316487baa0 /core/fpdfapi/page/cpdf_sampledfunc.cpp
parentc0043a8ccdf0768c2bd285f90e730645cb38a0c7 (diff)
downloadpdfium-54e6da1ee793f436341dfcdc4e0c26b0658d1928.tar.xz
Do validation earlier in CPDF_SampledFunc::v_Init().
Change-Id: Ib44b39aea419230f73583caf69313a2f92557397 Reviewed-on: https://pdfium-review.googlesource.com/30932 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Diffstat (limited to 'core/fpdfapi/page/cpdf_sampledfunc.cpp')
-rw-r--r--core/fpdfapi/page/cpdf_sampledfunc.cpp22
1 files changed, 12 insertions, 10 deletions
diff --git a/core/fpdfapi/page/cpdf_sampledfunc.cpp b/core/fpdfapi/page/cpdf_sampledfunc.cpp
index cdedc862bb..21a1db4a97 100644
--- a/core/fpdfapi/page/cpdf_sampledfunc.cpp
+++ b/core/fpdfapi/page/cpdf_sampledfunc.cpp
@@ -50,10 +50,21 @@ bool CPDF_SampledFunc::v_Init(CPDF_Object* pObj,
if (!IsValidBitsPerSample(m_nBitsPerSample))
return false;
+ FX_SAFE_UINT32 nTotalSampleBits = 1;
+ nTotalSampleBits *= m_nBitsPerSample;
+ nTotalSampleBits *= m_nOutputs;
+ FX_SAFE_UINT32 nTotalSampleBytes = nTotalSampleBits;
+ nTotalSampleBytes += 7;
+ nTotalSampleBytes /= 8;
+ if (!nTotalSampleBytes.IsValid() || nTotalSampleBytes.ValueOrDie() == 0)
+ return false;
+
m_SampleMax = 0xffffffff >> (32 - m_nBitsPerSample);
m_pSampleStream = pdfium::MakeRetain<CPDF_StreamAcc>(pStream);
m_pSampleStream->LoadAllDataFiltered();
- FX_SAFE_UINT32 nTotalSampleBits = 1;
+ if (nTotalSampleBytes.ValueOrDie() > m_pSampleStream->GetSize())
+ return false;
+
m_EncodeInfo.resize(m_nInputs);
for (uint32_t i = 0; i < m_nInputs; i++) {
m_EncodeInfo[i].sizes = pSize ? pSize->GetIntegerAt(i) : 0;
@@ -69,15 +80,6 @@ bool CPDF_SampledFunc::v_Init(CPDF_Object* pObj,
m_EncodeInfo[i].sizes == 1 ? 1 : (float)m_EncodeInfo[i].sizes - 1;
}
}
- nTotalSampleBits *= m_nBitsPerSample;
- nTotalSampleBits *= m_nOutputs;
- FX_SAFE_UINT32 nTotalSampleBytes = nTotalSampleBits;
- nTotalSampleBytes += 7;
- nTotalSampleBytes /= 8;
- if (!nTotalSampleBytes.IsValid() || nTotalSampleBytes.ValueOrDie() == 0 ||
- nTotalSampleBytes.ValueOrDie() > m_pSampleStream->GetSize()) {
- return false;
- }
m_DecodeInfo.resize(m_nOutputs);
for (uint32_t i = 0; i < m_nOutputs; i++) {
if (pDecode) {