Add safe FX_Alloc2D() macro

This avoids unchecked multiplications when computing a size argument to malloc(). Such an overflow is very scary, and can result in exploitable bugs. Along the way, kill off some return checks, since we know this can't return NULL. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1143663004
author: Tom Sepez <tsepez@chromium.org> 2015-05-18 14:18:08 -0700
committer: Tom Sepez <tsepez@chromium.org> 2015-05-18 14:18:08 -0700
commit: 31b3a2b31a50f83ed100e01485013fd871399f45 (patch)
tree: aeece5130880a698b56eec044d73925e7e5ae7f3 /core/src/fpdfapi/fpdf_edit
parent: a88e3a16ae711f6523ad3a40a08d774b72adc9eb (diff)
download: pdfium-31b3a2b31a50f83ed100e01485013fd871399f45.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/core/src/fpdfapi/fpdf_edit/fpdf_edit_image.cpp b/core/src/fpdfapi/fpdf_edit/fpdf_edit_image.cpp
index 3a3756de5d..1328fcdf96 100644
--- a/core/src/fpdfapi/fpdf_edit/fpdf_edit_image.cpp
+++ b/core/src/fpdfapi/fpdf_edit/fpdf_edit_image.cpp
@@ -162,7 +162,7 @@ void CPDF_Image::SetImage(const CFX_DIBitmap* pBitmap, FX_INT32 iCompress, IFX_F
             pCS->AddName(FX_BSTRC("Indexed"));
             pCS->AddName(FX_BSTRC("DeviceRGB"));
             pCS->AddInteger(iPalette - 1);
-            FX_LPBYTE pColorTable = FX_Alloc(FX_BYTE, iPalette * 3);
+            FX_LPBYTE pColorTable = FX_Alloc2D(FX_BYTE, iPalette, 3);
             FX_LPBYTE ptr = pColorTable;
             for (FX_INT32 i = 0; i < iPalette; i ++) {
                 FX_DWORD argb = pBitmap->GetPaletteArgb(i);
author	Tom Sepez <tsepez@chromium.org>	2015-05-18 14:18:08 -0700
committer	Tom Sepez <tsepez@chromium.org>	2015-05-18 14:18:08 -0700
commit	31b3a2b31a50f83ed100e01485013fd871399f45 (patch)
tree	aeece5130880a698b56eec044d73925e7e5ae7f3 /core/src/fpdfapi/fpdf_edit
parent	a88e3a16ae711f6523ad3a40a08d774b72adc9eb (diff)
download	pdfium-31b3a2b31a50f83ed100e01485013fd871399f45.tar.xz