summaryrefslogtreecommitdiff
path: root/core/fxcodec/codec
diff options
context:
space:
mode:
authorkcwu <kcwu@chromium.org>2016-10-06 12:29:17 -0700
committerCommit bot <commit-bot@chromium.org>2016-10-06 12:29:17 -0700
commit3a0a808ff546b5633a2384f4ed156b7ced605c90 (patch)
tree952915b8caab0d74812573d2cbd03cf38404a709 /core/fxcodec/codec
parent587ec1975017ecbf13c1c3faf64c1008a95846f2 (diff)
downloadpdfium-3a0a808ff546b5633a2384f4ed156b7ced605c90.tar.xz
Fix assertion failure when decoding malform G4 fax imagechromium/2886chromium/2885chromium/2884
The position indexes of color elements must be monotonic increasing. Bail out if the decoded index is less or equal to the previous index. BUG=pdfium:615 Review-Url: https://codereview.chromium.org/2398033002
Diffstat (limited to 'core/fxcodec/codec')
-rw-r--r--core/fxcodec/codec/fx_codec_fax.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/core/fxcodec/codec/fx_codec_fax.cpp b/core/fxcodec/codec/fx_codec_fax.cpp
index 336c35b8d4..c121478c3c 100644
--- a/core/fxcodec/codec/fx_codec_fax.cpp
+++ b/core/fxcodec/codec/fx_codec_fax.cpp
@@ -390,6 +390,10 @@ FX_BOOL FaxG4GetRow(const uint8_t* src_buf,
if (a1 >= columns)
return TRUE;
+ // The position of picture element must be monotonic increasing.
+ if (a0 >= a1)
+ return FALSE;
+
a0 = a1;
a0color = !a0color;
}