diff options
author | Oliver Chang <ochang@chromium.org> | 2015-11-20 10:01:48 -0800 |
---|---|---|
committer | Oliver Chang <ochang@chromium.org> | 2015-11-20 10:01:48 -0800 |
commit | 0afbad0509578a5fee6fec4394d6b3c55425cf28 (patch) | |
tree | 2257aa12c0d9103ab9b1d83fb573dace3f5e218a /core/src/fpdfapi | |
parent | c7e4c4fe17f5c05671183a47541ea17f3dce75b5 (diff) | |
download | pdfium-0afbad0509578a5fee6fec4394d6b3c55425cf28.tar.xz |
Merge to XFA: Change |CCodec_ScanlineDecoder::m_Pitch| to FX_DWORD
This matches the type of the corresponding |CFX_DIBSource::m_Pitch|,
where integer overflow is checked for FX_DWORD. This change is
propagated to many other places.
Also, check for integer overflow in |CCodec_RLScanlineDecoder::Create|
during the calculation of |m_Pitch| since it aligns to 4 bytes while
overflow was was previously checked without this alignment.
TBR=tsepez@chromium.org
BUG=555784
Review URL: https://codereview.chromium.org/1460033002 .
(cherry picked from commit e7950df70a2fd658f466751b29483436cb31e829)
Review URL: https://codereview.chromium.org/1461363002 .
Diffstat (limited to 'core/src/fpdfapi')
-rw-r--r-- | core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp index a5a198e7b2..c80770366b 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp @@ -105,4 +105,14 @@ TEST_F(FPDFParserDecodeEmbeddertest, Bug_552046) { UnloadPage(page); } +TEST_F(FPDFParserDecodeEmbeddertest, Bug_555784) { + // Tests bad input to the run length decoder that caused a heap overflow. + // Should not cause a crash when rendered. + EXPECT_TRUE(OpenDocument("bug_555784.pdf")); + FPDF_PAGE page = LoadPage(0); + FPDF_BITMAP bitmap = RenderPage(page); + FPDFBitmap_Destroy(bitmap); + UnloadPage(page); +} + #undef TEST_CASE |