diff options
author | Lei Zhang <thestig@chromium.org> | 2015-10-02 11:10:17 -0700 |
---|---|---|
committer | Lei Zhang <thestig@chromium.org> | 2015-10-02 11:10:17 -0700 |
commit | 9dd3dc19a1ddb6c0a6fc61ee185363591a571b98 (patch) | |
tree | 2da3cdb4189429a51e06cb7d6cd9a192c6a2ad7a /core/src/fxcodec/codec | |
parent | db12c167d3613c9a73b28cac75e37779dbc680e0 (diff) | |
download | pdfium-9dd3dc19a1ddb6c0a6fc61ee185363591a571b98.tar.xz |
Merge to XFA: Fix PNG decoding divide by zero error due to zero row count.
BUG=537790
TBR=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1379243002 .
(cherry picked from commit 095a83c59120c108d9ac6f0ab71fd3faa5eea810)
Review URL: https://codereview.chromium.org/1380563003 .
Diffstat (limited to 'core/src/fxcodec/codec')
-rw-r--r-- | core/src/fxcodec/codec/fx_codec_flate.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/src/fxcodec/codec/fx_codec_flate.cpp b/core/src/fxcodec/codec/fx_codec_flate.cpp index e8878e4535..37aecf106d 100644 --- a/core/src/fxcodec/codec/fx_codec_flate.cpp +++ b/core/src/fxcodec/codec/fx_codec_flate.cpp @@ -400,6 +400,8 @@ static FX_BOOL PNG_Predictor(uint8_t*& data_buf, if (row_size <= 0) return FALSE; const int row_count = (data_size + row_size) / (row_size + 1); + if (row_count <= 0) + return FALSE; const int last_row_size = data_size % (row_size + 1); uint8_t* dest_buf = FX_Alloc2D(uint8_t, row_size, row_count); int byte_cnt = 0; |