From cdaf802ceafcfb2e547ffe96729445c0f1c6154a Mon Sep 17 00:00:00 2001
From: Ryan Harrison <rharrison@chromium.org>
Date: Tue, 6 Feb 2018 16:58:55 +0000
Subject: Account for skip size before getting image ifh size

BUG=chromium:808336

Change-Id: I84443a00e2ebaf0a1e8590464486ec92bcb0e3b5
Reviewed-on: https://pdfium-review.googlesource.com/25690
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
---
 core/fxcodec/bmp/cfx_bmpdecompressor.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
index b97dab18ce..d5d96de65d 100644
--- a/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
+++ b/core/fxcodec/bmp/cfx_bmpdecompressor.cpp
@@ -91,7 +91,7 @@ int32_t CFX_BmpDecompressor::ReadHeader() {
       Error();
       NOTREACHED();
     }
-    if (avail_in_ < sizeof(uint32_t)) {
+    if (avail_in_ < skip_size_ + sizeof(uint32_t)) {
       skip_size_ = skip_size_org;
       return 2;
     }
-- 
cgit v1.2.3