summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2018-04-27 18:52:47 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-04-27 18:52:47 +0000
commit5a2114eced31ce389ede4486d492faf6db4d7a04 (patch)
tree55beb054a77a546ab47d50c1e543fe1227a848a6 /core
parent3241bb3e98c0b327bbd5b0dc02621e6105cf37a9 (diff)
downloadpdfium-5a2114eced31ce389ede4486d492faf6db4d7a04.tar.xz
Do validation earlier in CPDF_SampledFunc::v_Init(). (try 2)
This time, correctly multiply |nTotalSampleBits| before checking it. Change-Id: I68befeedb54626314f7bb00a35e567d2cbf1cc10 Reviewed-on: https://pdfium-review.googlesource.com/31152 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'core')
-rw-r--r--core/fpdfapi/page/cpdf_sampledfunc.cpp27
1 files changed, 13 insertions, 14 deletions
diff --git a/core/fpdfapi/page/cpdf_sampledfunc.cpp b/core/fpdfapi/page/cpdf_sampledfunc.cpp
index 6039d630ef..3777254f34 100644
--- a/core/fpdfapi/page/cpdf_sampledfunc.cpp
+++ b/core/fpdfapi/page/cpdf_sampledfunc.cpp
@@ -47,16 +47,13 @@ bool CPDF_SampledFunc::v_Init(CPDF_Object* pObj,
if (!pSize || pSize->IsEmpty())
return false;
- const CPDF_Array* pEncode = pDict->GetArrayFor("Encode");
- const CPDF_Array* pDecode = pDict->GetArrayFor("Decode");
m_nBitsPerSample = pDict->GetIntegerFor("BitsPerSample");
if (!IsValidBitsPerSample(m_nBitsPerSample))
return false;
- m_SampleMax = 0xffffffff >> (32 - m_nBitsPerSample);
- m_pSampleStream = pdfium::MakeRetain<CPDF_StreamAcc>(pStream);
- m_pSampleStream->LoadAllDataFiltered();
- FX_SAFE_UINT32 nTotalSampleBits = 1;
+ FX_SAFE_UINT32 nTotalSampleBits = m_nBitsPerSample;
+ nTotalSampleBits *= m_nOutputs;
+ const CPDF_Array* pEncode = pDict->GetArrayFor("Encode");
m_EncodeInfo.resize(m_nInputs);
for (uint32_t i = 0; i < m_nInputs; i++) {
int size = pSize->GetIntegerAt(i);
@@ -74,15 +71,17 @@ bool CPDF_SampledFunc::v_Init(CPDF_Object* pObj,
m_EncodeInfo[i].sizes == 1 ? 1 : m_EncodeInfo[i].sizes - 1;
}
}
- nTotalSampleBits *= m_nBitsPerSample;
- nTotalSampleBits *= m_nOutputs;
- FX_SAFE_UINT32 nTotalSampleBytes = nTotalSampleBits;
- nTotalSampleBytes += 7;
- nTotalSampleBytes /= 8;
- if (!nTotalSampleBytes.IsValid() || nTotalSampleBytes.ValueOrDie() == 0 ||
- nTotalSampleBytes.ValueOrDie() > m_pSampleStream->GetSize()) {
+ FX_SAFE_UINT32 nTotalSampleBytes = (nTotalSampleBits + 7) / 8;
+ if (!nTotalSampleBytes.IsValid() || nTotalSampleBytes.ValueOrDie() == 0)
return false;
- }
+
+ m_SampleMax = 0xffffffff >> (32 - m_nBitsPerSample);
+ m_pSampleStream = pdfium::MakeRetain<CPDF_StreamAcc>(pStream);
+ m_pSampleStream->LoadAllDataFiltered();
+ if (nTotalSampleBytes.ValueOrDie() > m_pSampleStream->GetSize())
+ return false;
+
+ const CPDF_Array* pDecode = pDict->GetArrayFor("Decode");
m_DecodeInfo.resize(m_nOutputs);
for (uint32_t i = 0; i < m_nOutputs; i++) {
if (pDecode) {