diff options
author | Ryan Harrison <rharrison@chromium.org> | 2018-05-07 15:39:45 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-05-07 15:39:45 +0000 |
commit | cb391259aefd52f09352d35a1bb5b56c0db6db11 (patch) | |
tree | 478239bf85fabd43e37715729e39b6ba6cc29ceb /core/fpdfapi/parser/cpdf_number.cpp | |
parent | 15406fb41d7aa5ab685005e51ff3cf54acb9a15e (diff) | |
download | pdfium-chromium/3424.tar.xz |
Use checked large integer in ContinueQuickStretchchromium/3424
This existing code has the potential for an integer overflow in it.
When overflow occurs in this function scaling may partially succeed.
This is due to how out of range values are being clamped, which
implicitly swallows the overflow.
This CL changes the calculation to be performed in a 64-bit space and
then attempts to down cast it back to 32-bit space at the end. Because
there are multiple steps it is possible for an intermediate value to
cause an overflow in 32 bit space, but the final value to be valid. If
the downcast is not possible then the stretch operation is failed.
An existing test case has been updated, since it encoded an incorrect
result.
BUG=chromium:839245
Change-Id: I637cc1e2d6c6c2d5394599104f76352c20ead021
Reviewed-on: https://pdfium-review.googlesource.com/32056
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'core/fpdfapi/parser/cpdf_number.cpp')
0 files changed, 0 insertions, 0 deletions