Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp

Issue 1877033003: Prevent an OOB access in CPDF_DIBSource::TranslateScanline24bpp (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "core/fpdfapi/fpdf_render/render_int.h" 7 #include "core/fpdfapi/fpdf_render/render_int.h"
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <memory> 10 #include <memory>
(...skipping 899 matching lines...) Expand 10 before | Expand all | Expand 10 after
910 m_bpc = 0; 910 m_bpc = 0;
911 } 911 }
912 912
913 void CPDF_DIBSource::TranslateScanline24bpp(uint8_t* dest_scan, 913 void CPDF_DIBSource::TranslateScanline24bpp(uint8_t* dest_scan,
914 const uint8_t* src_scan) const { 914 const uint8_t* src_scan) const {
915 if (m_bpc == 0) { 915 if (m_bpc == 0) {
916 return; 916 return;
917 } 917 }
918 unsigned int max_data = (1 << m_bpc) - 1; 918 unsigned int max_data = (1 << m_bpc) - 1;
919 if (m_bDefaultDecode) { 919 if (m_bDefaultDecode) {
920 if (m_Family == PDFCS_DEVICERGB || m_Family == PDFCS_CALRGB) { 920 if ((m_Family == PDFCS_DEVICERGB || m_Family == PDFCS_CALRGB) &&
921 m_nComponents == 3) {
Tom Sepez 2016/04/12 00:39:27 Do we just want to return in error if m_nComponent
Oliver Chang 2016/04/12 00:48:59 I'm not sure if we get good output, but it doesn't
Oliver Chang 2016/04/12 16:36:22 Done.
921 const uint8_t* src_pos = src_scan; 922 const uint8_t* src_pos = src_scan;
922 switch (m_bpc) { 923 switch (m_bpc) {
923 case 16: 924 case 16:
924 for (int col = 0; col < m_Width; col++) { 925 for (int col = 0; col < m_Width; col++) {
925 *dest_scan++ = src_pos[4]; 926 *dest_scan++ = src_pos[4];
926 *dest_scan++ = src_pos[2]; 927 *dest_scan++ = src_pos[2];
927 *dest_scan++ = *src_pos; 928 *dest_scan++ = *src_pos;
928 src_pos += 6; 929 src_pos += 6;
929 } 930 }
930 break; 931 break;
(...skipping 637 matching lines...) Expand 10 before | Expand all | Expand 10 after
1568 IFX_Pause* pPause) { 1569 IFX_Pause* pPause) {
1569 return LoadHandle->Continue(pPause); 1570 return LoadHandle->Continue(pPause);
1570 } 1571 }
1571 1572
1572 CPDF_ImageLoader::~CPDF_ImageLoader() { 1573 CPDF_ImageLoader::~CPDF_ImageLoader() {
1573 if (!m_bCached) { 1574 if (!m_bCached) {
1574 delete m_pBitmap; 1575 delete m_pBitmap;
1575 delete m_pMask; 1576 delete m_pMask;
1576 } 1577 }
1577 } 1578 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698