summaryrefslogtreecommitdiff
path: root/core/fpdfapi/parser/cpdf_page_object_avail.h
diff options
context:
space:
mode:
authorRyan Harrison <rharrison@chromium.org>2018-05-07 15:39:45 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-05-07 15:39:45 +0000
commitcb391259aefd52f09352d35a1bb5b56c0db6db11 (patch)
tree478239bf85fabd43e37715729e39b6ba6cc29ceb /core/fpdfapi/parser/cpdf_page_object_avail.h
parent15406fb41d7aa5ab685005e51ff3cf54acb9a15e (diff)
downloadpdfium-chromium/3424.tar.xz
Use checked large integer in ContinueQuickStretchchromium/3424
This existing code has the potential for an integer overflow in it. When overflow occurs in this function scaling may partially succeed. This is due to how out of range values are being clamped, which implicitly swallows the overflow. This CL changes the calculation to be performed in a 64-bit space and then attempts to down cast it back to 32-bit space at the end. Because there are multiple steps it is possible for an intermediate value to cause an overflow in 32 bit space, but the final value to be valid. If the downcast is not possible then the stretch operation is failed. An existing test case has been updated, since it encoded an incorrect result. BUG=chromium:839245 Change-Id: I637cc1e2d6c6c2d5394599104f76352c20ead021 Reviewed-on: https://pdfium-review.googlesource.com/32056 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'core/fpdfapi/parser/cpdf_page_object_avail.h')
0 files changed, 0 insertions, 0 deletions