diff options
author | Ryan Harrison <rharrison@chromium.org> | 2018-02-06 16:58:55 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-02-06 16:58:55 +0000 |
commit | cdaf802ceafcfb2e547ffe96729445c0f1c6154a (patch) | |
tree | 8961b826c483b83bd80426cc90548f2615ae31ed /core/fxcodec/bmp | |
parent | b5a2d14e21c0f149be49e06141549b185a5c7993 (diff) | |
download | pdfium-cdaf802ceafcfb2e547ffe96729445c0f1c6154a.tar.xz |
Account for skip size before getting image ifh size
BUG=chromium:808336
Change-Id: I84443a00e2ebaf0a1e8590464486ec92bcb0e3b5
Reviewed-on: https://pdfium-review.googlesource.com/25690
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'core/fxcodec/bmp')
-rw-r--r-- | core/fxcodec/bmp/cfx_bmpdecompressor.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp index b97dab18ce..d5d96de65d 100644 --- a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp +++ b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp @@ -91,7 +91,7 @@ int32_t CFX_BmpDecompressor::ReadHeader() { Error(); NOTREACHED(); } - if (avail_in_ < sizeof(uint32_t)) { + if (avail_in_ < skip_size_ + sizeof(uint32_t)) { skip_size_ = skip_size_org; return 2; } |