From 095a83c59120c108d9ac6f0ab71fd3faa5eea810 Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Fri, 2 Oct 2015 10:27:44 -0700 Subject: Fix PNG decoding divide by zero error due to zero row count. BUG=537790 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1379243002 . --- core/src/fxcodec/codec/fx_codec_flate.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/src/fxcodec/codec/fx_codec_flate.cpp b/core/src/fxcodec/codec/fx_codec_flate.cpp index e8878e4535..37aecf106d 100644 --- a/core/src/fxcodec/codec/fx_codec_flate.cpp +++ b/core/src/fxcodec/codec/fx_codec_flate.cpp @@ -400,6 +400,8 @@ static FX_BOOL PNG_Predictor(uint8_t*& data_buf, if (row_size <= 0) return FALSE; const int row_count = (data_size + row_size) / (row_size + 1); + if (row_count <= 0) + return FALSE; const int last_row_size = data_size % (row_size + 1); uint8_t* dest_buf = FX_Alloc2D(uint8_t, row_size, row_count); int byte_cnt = 0; -- cgit v1.2.3