From 83a01491dbd91e31c9d9417b8b975259a0fb3aec Mon Sep 17 00:00:00 2001
From: Henrique Nakashima <hnakashima@chromium.org>
Date: Mon, 12 Mar 2018 17:18:14 +0000
Subject: Fix crash when creating a CFX_DIBitmap with FXDIB_Invalid.

Bug: chromium:820885
Change-Id: I3886c636b91a8499924d95ad47f4c832db9f9754
Reviewed-on: https://pdfium-review.googlesource.com/28491
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
---
 BUILD.gn                                |  1 +
 core/fxge/dib/cfx_dibitmap.cpp          |  5 ++++-
 core/fxge/dib/cfx_dibitmap_unittest.cpp | 15 +++++++++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 core/fxge/dib/cfx_dibitmap_unittest.cpp

diff --git a/BUILD.gn b/BUILD.gn
index d4e2d46a31..479971db85 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -2903,6 +2903,7 @@ test("pdfium_unittests") {
     "core/fxcrt/unowned_ptr_unittest.cpp",
     "core/fxcrt/weak_ptr_unittest.cpp",
     "core/fxcrt/widestring_unittest.cpp",
+    "core/fxge/dib/cfx_dibitmap_unittest.cpp",
     "core/fxge/dib/cstretchengine_unittest.cpp",
     "fpdfsdk/fpdfcatalog_unittest.cpp",
     "fpdfsdk/fpdfdoc_unittest.cpp",
diff --git a/core/fxge/dib/cfx_dibitmap.cpp b/core/fxge/dib/cfx_dibitmap.cpp
index 857ca9a3ce..a9764e7550 100644
--- a/core/fxge/dib/cfx_dibitmap.cpp
+++ b/core/fxge/dib/cfx_dibitmap.cpp
@@ -819,7 +819,10 @@ bool CFX_DIBitmap::CalculatePitchAndSize(int height,
   if (width <= 0 || height <= 0)
     return false;
 
-  if ((INT_MAX - 31) / width < (format & 0xFF))
+  if (!(format & 0xff))
+    return false;
+
+  if ((INT_MAX - 31) / width < (format & 0xff))
     return false;
 
   if (!*pitch)
diff --git a/core/fxge/dib/cfx_dibitmap_unittest.cpp b/core/fxge/dib/cfx_dibitmap_unittest.cpp
new file mode 100644
index 0000000000..67ca7055a3
--- /dev/null
+++ b/core/fxge/dib/cfx_dibitmap_unittest.cpp
@@ -0,0 +1,15 @@
+// Copyright 2018 PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "core/fxge/dib/cfx_dibitmap.h"
+
+#include "testing/gtest/include/gtest/gtest.h"
+
+TEST(CFX_DIBitmap, Create) {
+  auto pBitmap = pdfium::MakeRetain<CFX_DIBitmap>();
+  EXPECT_FALSE(pBitmap->Create(400, 300, FXDIB_Invalid));
+
+  pBitmap = pdfium::MakeRetain<CFX_DIBitmap>();
+  EXPECT_TRUE(pBitmap->Create(400, 300, FXDIB_1bppRgb));
+}
-- 
cgit v1.2.3