diff options
author | Nicolas Pena <npm@chromium.org> | 2017-06-13 12:14:11 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-06-13 16:50:49 +0000 |
commit | 6500c6faf82f636d55c9ca5682711022890bef1d (patch) | |
tree | ac688a6fd0571c4afe0aba43004c48c516ea830f /fxjs/cfxjse_class.h | |
parent | 3516256c28c29d13e9092e7bb3ea3b417d3bb6df (diff) | |
download | pdfium-6500c6faf82f636d55c9ca5682711022890bef1d.tar.xz |
Check validity of color indices in bmp_decode_rgb
The pal_num member of bmp_ptr indicates the number of color indices
used by the bitmap. This CL returns an error when an invalid index is
found, since otherwise a heap-buffer-overflow can occur since the size
of m_pSrcPalette is calculated based on pal_num.
Bug: chromium:616670
Change-Id: I397958704bed1aa1ae259016ffd5033c07a801ee
Reviewed-on: https://pdfium-review.googlesource.com/6470
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'fxjs/cfxjse_class.h')
0 files changed, 0 insertions, 0 deletions