From 59d21660a3d91d9b340fdb0211e20358806590e1 Mon Sep 17 00:00:00 2001
From: Henrique Nakashima <hnakashima@chromium.org>
Date: Thu, 6 Sep 2018 17:30:56 +0000
Subject: Fix integer overflow in LoadCryptInfo.

Bug: 847283
Change-Id: I7951103a5a425407b5375460a5556e8765430740
Reviewed-on: https://pdfium-review.googlesource.com/42090
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
---
 core/fpdfapi/parser/cpdf_security_handler.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'core/fpdfapi/parser/cpdf_security_handler.cpp')

diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp
index bc72ad3b33..f3d9201cbf 100644
--- a/core/fpdfapi/parser/cpdf_security_handler.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler.cpp
@@ -157,6 +157,9 @@ static bool LoadCryptInfo(const CPDF_Dictionary* pEncryptDict,
       } else {
         nKeyBits = pEncryptDict->GetIntegerFor("Length", 256);
       }
+      if (nKeyBits < 0)
+        return false;
+
       if (nKeyBits < 40) {
         nKeyBits *= 8;
       }
-- 
cgit v1.2.3