From 5048731cf0b1221a81e76d7f6e95f24159bb87e2 Mon Sep 17 00:00:00 2001
From: npm <npm@chromium.org>
Date: Tue, 22 Nov 2016 13:15:20 -0800
Subject: Multiply safely in CCodec_TiffContext::Decode

BUG=667074

Review-Url: https://codereview.chromium.org/2520253003
---
 core/fxcodec/codec/fx_codec_tiff.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/core/fxcodec/codec/fx_codec_tiff.cpp b/core/fxcodec/codec/fx_codec_tiff.cpp
index c4c745587f..8046f1cc39 100644
--- a/core/fxcodec/codec/fx_codec_tiff.cpp
+++ b/core/fxcodec/codec/fx_codec_tiff.cpp
@@ -447,7 +447,11 @@ bool CCodec_TiffContext::Decode(CFX_DIBitmap* pDIBitmap) {
   uint16_t bps = 0;
   TIFFGetField(m_tif_ctx, TIFFTAG_SAMPLESPERPIXEL, &spp);
   TIFFGetField(m_tif_ctx, TIFFTAG_BITSPERSAMPLE, &bps);
-  uint32_t bpp = bps * spp;
+  FX_SAFE_UINT32 safe_bpp = bps;
+  safe_bpp *= spp;
+  if (!safe_bpp.IsValid())
+    return false;
+  uint32_t bpp = safe_bpp.ValueOrDie();
   if (bpp == 1)
     return Decode1bppRGB(pDIBitmap, height, width, bps, spp);
   if (bpp <= 8)
-- 
cgit v1.2.3