summaryrefslogtreecommitdiff
path: root/core/fxcodec/bmp
diff options
context:
space:
mode:
authorRyan Harrison <rharrison@chromium.org>2018-02-06 16:58:55 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-02-06 16:58:55 +0000
commitcdaf802ceafcfb2e547ffe96729445c0f1c6154a (patch)
tree8961b826c483b83bd80426cc90548f2615ae31ed /core/fxcodec/bmp
parentb5a2d14e21c0f149be49e06141549b185a5c7993 (diff)
downloadpdfium-cdaf802ceafcfb2e547ffe96729445c0f1c6154a.tar.xz
Account for skip size before getting image ifh size
BUG=chromium:808336 Change-Id: I84443a00e2ebaf0a1e8590464486ec92bcb0e3b5 Reviewed-on: https://pdfium-review.googlesource.com/25690 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'core/fxcodec/bmp')
-rw-r--r--core/fxcodec/bmp/cfx_bmpdecompressor.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
index b97dab18ce..d5d96de65d 100644
--- a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
+++ b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
@@ -91,7 +91,7 @@ int32_t CFX_BmpDecompressor::ReadHeader() {
Error();
NOTREACHED();
}
- if (avail_in_ < sizeof(uint32_t)) {
+ if (avail_in_ < skip_size_ + sizeof(uint32_t)) {
skip_size_ = skip_size_org;
return 2;
}