From f56d93f8ea1c2145401e99e61cefdbfcb7341229 Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Wed, 7 Sep 2016 13:54:01 -0700
Subject: Verify image dimentions before using

Verify the provided image size is within bounds before loading.

BUG=chromium:639160

Review-Url: https://codereview.chromium.org/2323473002
---
 core/fpdfapi/fpdf_render/fpdf_render_image.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/fpdfapi/fpdf_render/fpdf_render_image.cpp b/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
index e7e9682322..e23cab3546 100644
--- a/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
+++ b/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
@@ -366,6 +366,9 @@ CPDF_ImageRenderer::~CPDF_ImageRenderer() {
 FX_BOOL CPDF_ImageRenderer::StartLoadDIBSource() {
   CFX_FloatRect image_rect_f = m_ImageMatrix.GetUnitRect();
   FX_RECT image_rect = image_rect_f.GetOuterRect();
+  if (!image_rect.Valid())
+    return FALSE;
+
   int dest_width = image_rect.Width();
   int dest_height = image_rect.Height();
   if (m_ImageMatrix.a < 0) {
-- 
cgit v1.2.3