Index: Source/platform/image-decoders/bmp/BMPImageReader.cpp |
diff --git a/Source/platform/image-decoders/bmp/BMPImageReader.cpp b/Source/platform/image-decoders/bmp/BMPImageReader.cpp |
index 8cbd07bf04386c7ebe77a3d325aec33f459e93c1..340c32c96f0f4dd69ab46d318df4b4ff50159931 100644 |
--- a/Source/platform/image-decoders/bmp/BMPImageReader.cpp |
+++ b/Source/platform/image-decoders/bmp/BMPImageReader.cpp |
@@ -69,6 +69,7 @@ namespace blink { |
BMPImageReader::BMPImageReader(ImageDecoder* parent, size_t decodedAndHeaderOffset, size_t imgDataOffset, bool isInICO) |
: m_parent(parent) |
, m_buffer(0) |
+ , m_fastReader(nullptr) |
, m_decodedOffset(decodedAndHeaderOffset) |
, m_headerOffset(decodedAndHeaderOffset) |
, m_imgDataOffset(imgDataOffset) |
@@ -166,6 +167,7 @@ bool BMPImageReader::readInfoHeaderSize() |
ASSERT(m_decodedOffset == m_headerOffset); |
if ((m_decodedOffset > m_data->size()) || ((m_data->size() - m_decodedOffset) < 4)) |
return false; |
+ |
m_infoHeader.biSize = readUint32(0); |
// Don't increment m_decodedOffset here, it just makes the code in |
// processInfoHeader() more confusing. |
@@ -541,13 +543,14 @@ bool BMPImageReader::processColorTable() |
if ((m_decodedOffset > m_data->size()) || ((m_data->size() - m_decodedOffset) < tableSizeInBytes)) |
return false; |
m_colorTable.resize(m_infoHeader.biClrUsed); |
+ |
+ // On non-OS/2 1.x, an extra padding byte is present, which we need to skip. |
+ const size_t bytesPerColor = m_isOS21x ? 3 : 4; |
for (size_t i = 0; i < m_infoHeader.biClrUsed; ++i) { |
- m_colorTable[i].rgbBlue = m_data->data()[m_decodedOffset++]; |
- m_colorTable[i].rgbGreen = m_data->data()[m_decodedOffset++]; |
- m_colorTable[i].rgbRed = m_data->data()[m_decodedOffset++]; |
- // Skip padding byte (not present on OS/2 1.x). |
- if (!m_isOS21x) |
- ++m_decodedOffset; |
+ m_colorTable[i].rgbBlue = readUint8(0); |
+ m_colorTable[i].rgbGreen = readUint8(1); |
+ m_colorTable[i].rgbRed = readUint8(2); |
+ m_decodedOffset += bytesPerColor; |
} |
// We've now decoded all the non-image data we care about. Skip anything |
@@ -594,8 +597,8 @@ BMPImageReader::ProcessingResult BMPImageReader::processRLEData() |
// For every entry except EOF, we'd better not have reached the end of |
// the image. |
- const uint8_t count = m_data->data()[m_decodedOffset]; |
- const uint8_t code = m_data->data()[m_decodedOffset + 1]; |
+ const uint8_t count = readUint8(0); |
+ const uint8_t code = readUint8(1); |
if ((count || (code != 1)) && pastEndOfImage(0)) |
return Failure; |
@@ -629,8 +632,8 @@ BMPImageReader::ProcessingResult BMPImageReader::processRLEData() |
// Fail if this takes us past the end of the desired row or |
// past the end of the image. |
- const uint8_t dx = m_data->data()[m_decodedOffset + 2]; |
- const uint8_t dy = m_data->data()[m_decodedOffset + 3]; |
+ const uint8_t dx = readUint8(2); |
+ const uint8_t dy = readUint8(3); |
if (dx || dy) |
m_buffer->setHasAlpha(true); |
if (((m_coord.x() + dx) > m_parent->size().width()) || pastEndOfImage(dy)) |
@@ -670,7 +673,7 @@ BMPImageReader::ProcessingResult BMPImageReader::processRLEData() |
return InsufficientData; |
// One BGR triple that we copy |count| times. |
- fillRGBA(endX, m_data->data()[m_decodedOffset + 3], m_data->data()[m_decodedOffset + 2], code, 0xff); |
+ fillRGBA(endX, readUint8(3), readUint8(2), code, 0xff); |
m_decodedOffset += 4; |
} else { |
// RLE8 has one color index that gets repeated; RLE4 has two |
@@ -733,7 +736,7 @@ BMPImageReader::ProcessingResult BMPImageReader::processNonRLEData(bool inRLE, i |
// the most significant bits in the byte). |
const uint8_t mask = (1 << m_infoHeader.biBitCount) - 1; |
for (size_t byte = 0; byte < unpaddedNumBytes; ++byte) { |
- uint8_t pixelData = m_data->data()[m_decodedOffset + byte]; |
+ uint8_t pixelData = readUint8(byte); |
for (size_t pixel = 0; (pixel < pixelsPerByte) && (m_coord.x() < endX); ++pixel) { |
const size_t colorIndex = (pixelData >> (8 - m_infoHeader.biBitCount)) & mask; |
if (m_decodingAndMask) { |