From 54e6da1ee793f436341dfcdc4e0c26b0658d1928 Mon Sep 17 00:00:00 2001
From: Lei Zhang <thestig@chromium.org>
Date: Thu, 19 Apr 2018 16:46:42 +0000
Subject: Do validation earlier in CPDF_SampledFunc::v_Init().

Change-Id: Ib44b39aea419230f73583caf69313a2f92557397
Reviewed-on: https://pdfium-review.googlesource.com/30932
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
---
 core/fpdfapi/page/cpdf_sampledfunc.cpp | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/core/fpdfapi/page/cpdf_sampledfunc.cpp b/core/fpdfapi/page/cpdf_sampledfunc.cpp
index cdedc862bb..21a1db4a97 100644
--- a/core/fpdfapi/page/cpdf_sampledfunc.cpp
+++ b/core/fpdfapi/page/cpdf_sampledfunc.cpp
@@ -50,10 +50,21 @@ bool CPDF_SampledFunc::v_Init(CPDF_Object* pObj,
   if (!IsValidBitsPerSample(m_nBitsPerSample))
     return false;
 
+  FX_SAFE_UINT32 nTotalSampleBits = 1;
+  nTotalSampleBits *= m_nBitsPerSample;
+  nTotalSampleBits *= m_nOutputs;
+  FX_SAFE_UINT32 nTotalSampleBytes = nTotalSampleBits;
+  nTotalSampleBytes += 7;
+  nTotalSampleBytes /= 8;
+  if (!nTotalSampleBytes.IsValid() || nTotalSampleBytes.ValueOrDie() == 0)
+    return false;
+
   m_SampleMax = 0xffffffff >> (32 - m_nBitsPerSample);
   m_pSampleStream = pdfium::MakeRetain<CPDF_StreamAcc>(pStream);
   m_pSampleStream->LoadAllDataFiltered();
-  FX_SAFE_UINT32 nTotalSampleBits = 1;
+  if (nTotalSampleBytes.ValueOrDie() > m_pSampleStream->GetSize())
+    return false;
+
   m_EncodeInfo.resize(m_nInputs);
   for (uint32_t i = 0; i < m_nInputs; i++) {
     m_EncodeInfo[i].sizes = pSize ? pSize->GetIntegerAt(i) : 0;
@@ -69,15 +80,6 @@ bool CPDF_SampledFunc::v_Init(CPDF_Object* pObj,
           m_EncodeInfo[i].sizes == 1 ? 1 : (float)m_EncodeInfo[i].sizes - 1;
     }
   }
-  nTotalSampleBits *= m_nBitsPerSample;
-  nTotalSampleBits *= m_nOutputs;
-  FX_SAFE_UINT32 nTotalSampleBytes = nTotalSampleBits;
-  nTotalSampleBytes += 7;
-  nTotalSampleBytes /= 8;
-  if (!nTotalSampleBytes.IsValid() || nTotalSampleBytes.ValueOrDie() == 0 ||
-      nTotalSampleBytes.ValueOrDie() > m_pSampleStream->GetSize()) {
-    return false;
-  }
   m_DecodeInfo.resize(m_nOutputs);
   for (uint32_t i = 0; i < m_nOutputs; i++) {
     if (pDecode) {
-- 
cgit v1.2.3