diff options
| author | Oliver Chang <ochang@chromium.org> | 2015-11-20 09:53:08 -0800 |
|---|---|---|
| committer | Oliver Chang <ochang@chromium.org> | 2015-11-20 09:53:08 -0800 |
| commit | e7950df70a2fd658f466751b29483436cb31e829 (patch) | |
| tree | 117ff5fae2f38d9a97f2767a65eac8ed6a492069 /core/src/fpdfapi | |
| parent | bd716fcf89f38bb82eb97ae73e9af60c2232328e (diff) | |
| download | pdfium-e7950df70a2fd658f466751b29483436cb31e829.tar.xz | |
Change |CCodec_ScanlineDecoder::m_Pitch| to FX_DWORD
This matches the type of the corresponding |CFX_DIBSource::m_Pitch|,
where integer overflow is checked for FX_DWORD. This change is
propagated to many other places.
Also, check for integer overflow in |CCodec_RLScanlineDecoder::Create|
during the calculation of |m_Pitch| since it aligns to 4 bytes while
overflow was was previously checked without this alignment.
R=tsepez@chromium.org, thestig@chromium.org
BUG=555784
Review URL: https://codereview.chromium.org/1460033002 .
Diffstat (limited to 'core/src/fpdfapi')
| -rw-r--r-- | core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp index a5a198e7b2..c80770366b 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp @@ -105,4 +105,14 @@ TEST_F(FPDFParserDecodeEmbeddertest, Bug_552046) { UnloadPage(page); } +TEST_F(FPDFParserDecodeEmbeddertest, Bug_555784) { + // Tests bad input to the run length decoder that caused a heap overflow. + // Should not cause a crash when rendered. + EXPECT_TRUE(OpenDocument("bug_555784.pdf")); + FPDF_PAGE page = LoadPage(0); + FPDF_BITMAP bitmap = RenderPage(page); + FPDFBitmap_Destroy(bitmap); + UnloadPage(page); +} + #undef TEST_CASE |