diff options
author | Nicolas Pena <npm@chromium.org> | 2017-02-14 11:56:37 -0500 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-02-14 18:28:22 +0000 |
commit | 7d4ccd7b5dd9ebb14e97ad35fb3bc093225b939a (patch) | |
tree | 9641facfa872657211574ed6ccd6dad0645fff53 /core/fxge | |
parent | 940f559b985d4a742c21b21cb077a232e44dd289 (diff) | |
download | pdfium-7d4ccd7b5dd9ebb14e97ad35fb3bc093225b939a.tar.xz |
Prevent heap-buffer-overflow in CCodec_ProgressiveDecoder
In CCodec_ProgressiveDecoder::GifInputRecordPositionBufCallback, m_pSrcPalette
can be allocated size pal_num. So if pal_index >= pal_num, then bail out.
BUG=691278
Change-Id: Ib0157cf51cbf52ecd5d60b027e5fc32898a906ed
Reviewed-on: https://pdfium-review.googlesource.com/2699
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxge')
0 files changed, 0 insertions, 0 deletions