diff options
author | Ryan Harrison <rharrison@chromium.org> | 2018-02-13 22:11:43 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-02-13 22:11:43 +0000 |
commit | dab8649b70284a3f0e109510996c35c7882cbd87 (patch) | |
tree | d133a06761c5a51d93f5e548163333756f06bac4 /core/fxcodec/codec/fx_codec_progress.cpp | |
parent | 9bf1a5efde45cd99be11c530232df349c3eb5295 (diff) | |
download | pdfium-dab8649b70284a3f0e109510996c35c7882cbd87.tar.xz |
Change return value of GetAvailInput
This changes the return value from uint32_t to FX_FILESIZE, which is
the type the methods is uses return. The existing code does an
unguarded static cast, so something like -1 could cause a very large
value being returned.
This change has a cascading impact up to the top of the progressive
codec, which now has to handle negative values gracefully.
Change-Id: I813fb71e932dd5da014dbaed0dbf3bb28f8d4e9f
Reviewed-on: https://pdfium-review.googlesource.com/26450
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'core/fxcodec/codec/fx_codec_progress.cpp')
-rw-r--r-- | core/fxcodec/codec/fx_codec_progress.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/core/fxcodec/codec/fx_codec_progress.cpp b/core/fxcodec/codec/fx_codec_progress.cpp index 82b0168f6e..7e29524b2f 100644 --- a/core/fxcodec/codec/fx_codec_progress.cpp +++ b/core/fxcodec/codec/fx_codec_progress.cpp @@ -836,7 +836,12 @@ bool CCodec_ProgressiveDecoder::BmpReadMoreData(CCodec_BmpModule* pBmpModule, return false; dwSize = dwSize - m_offSet; - uint32_t dwAvail = pBmpModule->GetAvailInput(m_pBmpContext.get(), nullptr); + FX_SAFE_UINT32 avail_input = + pBmpModule->GetAvailInput(m_pBmpContext.get(), nullptr); + if (!avail_input.IsValid()) + return false; + + uint32_t dwAvail = avail_input.ValueOrDie(); if (dwAvail == m_SrcSize) { if (dwSize > FXCODEC_BLOCK_SIZE) { dwSize = FXCODEC_BLOCK_SIZE; |