From cb391259aefd52f09352d35a1bb5b56c0db6db11 Mon Sep 17 00:00:00 2001 From: Ryan Harrison Date: Mon, 7 May 2018 15:39:45 +0000 Subject: Use checked large integer in ContinueQuickStretch This existing code has the potential for an integer overflow in it. When overflow occurs in this function scaling may partially succeed. This is due to how out of range values are being clamped, which implicitly swallows the overflow. This CL changes the calculation to be performed in a 64-bit space and then attempts to down cast it back to 32-bit space at the end. Because there are multiple steps it is possible for an intermediate value to cause an overflow in 32 bit space, but the final value to be valid. If the downcast is not possible then the stretch operation is failed. An existing test case has been updated, since it encoded an incorrect result. BUG=chromium:839245 Change-Id: I637cc1e2d6c6c2d5394599104f76352c20ead021 Reviewed-on: https://pdfium-review.googlesource.com/32056 Reviewed-by: Henrique Nakashima Commit-Queue: Ryan Harrison --- core/fpdfapi/render/fpdf_render_loadimage_embeddertest.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core/fpdfapi') diff --git a/core/fpdfapi/render/fpdf_render_loadimage_embeddertest.cpp b/core/fpdfapi/render/fpdf_render_loadimage_embeddertest.cpp index 48d7ea3399..5103d787bd 100644 --- a/core/fpdfapi/render/fpdf_render_loadimage_embeddertest.cpp +++ b/core/fpdfapi/render/fpdf_render_loadimage_embeddertest.cpp @@ -17,7 +17,7 @@ TEST_F(FPDFRenderLoadImageEmbeddertest, Bug_554151) { FPDF_PAGE page = LoadPage(0); ASSERT_TRUE(page); ScopedFPDFBitmap bitmap = RenderLoadedPage(page); - CompareBitmap(bitmap.get(), 612, 792, "a14d7ee573c1b2456d7bf6b7762823cf"); + CompareBitmap(bitmap.get(), 612, 792, "1940568c9ba33bac5d0b1ee9558c76b3"); UnloadPage(page); } -- cgit v1.2.3