From 6a3521f049b35c801f124f1573718021a785ff6b Mon Sep 17 00:00:00 2001
From: ochang <ochang@chromium.org>
Date: Tue, 12 Apr 2016 13:31:34 -0700
Subject: Prevent an OOB access in CPDF_DIBSource::TranslateScanline24bpp

if |m_Family| was RGB, the code assumed there were 3 components, which
may not be the case.

BUG=chromium:602046
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1877033003
---
 core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'core/fpdfapi')

diff --git a/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp b/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
index 350c8b85d6..951d38359f 100644
--- a/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
+++ b/core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp
@@ -918,6 +918,9 @@ void CPDF_DIBSource::TranslateScanline24bpp(uint8_t* dest_scan,
   unsigned int max_data = (1 << m_bpc) - 1;
   if (m_bDefaultDecode) {
     if (m_Family == PDFCS_DEVICERGB || m_Family == PDFCS_CALRGB) {
+      if (m_nComponents != 3)
+        return;
+
       const uint8_t* src_pos = src_scan;
       switch (m_bpc) {
         case 16:
-- 
cgit v1.2.3