summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorstackexploit <stackexploit@gmail.com>2016-10-17 00:16:23 -0700
committerCommit bot <commit-bot@chromium.org>2016-10-17 00:16:23 -0700
commit05923132ae08d45fbe957219775a48c55ee57aef (patch)
tree0be67d246a0733788cc3f5b31edb967ac3e73267 /core
parent4dc112664e9d87c0d450ee3349a5091c624a3363 (diff)
downloadpdfium-05923132ae08d45fbe957219775a48c55ee57aef.tar.xz
Strengthen bounds check in CWeightTable::Calc * part II
This CL implemented a better version of CWeightTable::GetPixelWeightSize(), which will calculate the size of array PixelWeight.m_Weights correctly to prevent potential heap buffer overflow conditions. BUG=chromium:654183 R=ochang@chromium.org, thestig@chromium.org, dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2404453003
Diffstat (limited to 'core')
-rw-r--r--core/fxge/dib/fx_dib_engine.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fxge/dib/fx_dib_engine.cpp b/core/fxge/dib/fx_dib_engine.cpp
index 389cf23909..47dcf03259 100644
--- a/core/fxge/dib/fx_dib_engine.cpp
+++ b/core/fxge/dib/fx_dib_engine.cpp
@@ -43,7 +43,7 @@ CWeightTable::~CWeightTable() {
}
size_t CWeightTable::GetPixelWeightSize() const {
- return m_dwWeightTablesSize / sizeof(int);
+ return m_ItemSize / sizeof(int) - 2;
}
bool CWeightTable::Calc(int dest_len,