Strengthen bounds check in CWeightTable::Calc.

The buffer PixelWeight.m_Weights was allocated by calling FX_TryAlloc(uint8_t, m_dwWeightTablesSize), but PixelWeight.m_Weights was an int array. Thus bounds check such as |if (idx >= m_dwWeightTablesSize)| in function CWeightTable::Calc() and |idx < m_dwWeightTablesSize ? &pWeight->m_Weights[idx] : nullptr| in function CWeightTable::GetValueFromPixelWeight() were insufficient. This CL strengthens bounds check for accessing int type array PixelWeight.m_Weights. BUG=chromium:619398 R=ochang@chromium.org, thestig@chromium.org Review-Url: https://codereview.chromium.org/2322903002
author: stackexploit <stackexploit@gmail.com> 2016-09-26 13:54:55 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-09-26 13:54:56 -0700
commit: 5aed0216ad6574944e76a95ef0dbbc910bab4a1a (patch)
tree: 9b01025004edc0a10f9c750cc53d69f0d72691c9 /core/fxge/dib/dib_int.h
parent: 9c33e89a43fd316fb42a7134d34585eb04c60416 (diff)
download: pdfium-5aed0216ad6574944e76a95ef0dbbc910bab4a1a.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/core/fxge/dib/dib_int.h b/core/fxge/dib/dib_int.h
index aa4a7927fb..31ccc8d371 100644
--- a/core/fxge/dib/dib_int.h
+++ b/core/fxge/dib/dib_int.h
@@ -55,6 +55,7 @@ class CWeightTable {
             int flags);
   PixelWeight* GetPixelWeight(int pixel) const;
   int* GetValueFromPixelWeight(PixelWeight* pWeight, int index) const;
+  size_t GetPixelWeightSize() const;
 
  private:
   int m_DestMin;
author	stackexploit <stackexploit@gmail.com>	2016-09-26 13:54:55 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-09-26 13:54:56 -0700
commit	5aed0216ad6574944e76a95ef0dbbc910bab4a1a (patch)
tree	9b01025004edc0a10f9c750cc53d69f0d72691c9 /core/fxge/dib/dib_int.h
parent	9c33e89a43fd316fb42a7134d34585eb04c60416 (diff)
download	pdfium-5aed0216ad6574944e76a95ef0dbbc910bab4a1a.tar.xz