Chromium Code Reviews Chromium Code Reviews
Issue 1892143003:
Prevent a potential OOB read in TranslateImageLine. (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "core/fpdfapi/fpdf_render/render_int.h" | 7 #include "core/fpdfapi/fpdf_render/render_int.h" |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 552 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 563 pParams ? pParams->GetIntegerBy("ColorTransform", 1) : 1)); | 563 pParams ? pParams->GetIntegerBy("ColorTransform", 1) : 1)); |
| 564 if (!m_pDecoder) { | 564 if (!m_pDecoder) { |
| 565 FX_BOOL bTransform = FALSE; | 565 FX_BOOL bTransform = FALSE; |
| 566 int comps; | 566 int comps; |
| 567 int bpc; | 567 int bpc; |
| 568 CCodec_JpegModule* pJpegModule = CPDF_ModuleMgr::Get()->GetJpegModule(); | 568 CCodec_JpegModule* pJpegModule = CPDF_ModuleMgr::Get()->GetJpegModule(); |
| 569 if (pJpegModule->LoadInfo(src_data, src_size, m_Width, m_Height, comps, | 569 if (pJpegModule->LoadInfo(src_data, src_size, m_Width, m_Height, comps, |
| 570 bpc, bTransform)) { | 570 bpc, bTransform)) { |
| 571 if (m_nComponents != static_cast<uint32_t>(comps)) { | 571 if (m_nComponents != static_cast<uint32_t>(comps)) { |
| 572 FX_Free(m_pCompData); | 572 FX_Free(m_pCompData); |
| 573 m_pCompData = nullptr; | |
| 573 m_nComponents = static_cast<uint32_t>(comps); | 574 m_nComponents = static_cast<uint32_t>(comps); |
| 575 if (m_pColorSpace && | |
| 576 m_pColorSpace->CountComponents() != m_nComponents) | |
| 577 return 0; | |
| 574 if (m_Family == PDFCS_LAB && m_nComponents != 3) { | 578 if (m_Family == PDFCS_LAB && m_nComponents != 3) { |
|
Tom Sepez
2016/04/15 20:14:49
nit: no {}
Oliver Chang
2016/04/15 20:40:26
Done.
| |
| 575 m_pCompData = nullptr; | |
| 576 return 0; | 579 return 0; |
| 577 } | 580 } |
| 578 m_pCompData = GetDecodeAndMaskArray(m_bDefaultDecode, m_bColorKey); | 581 m_pCompData = GetDecodeAndMaskArray(m_bDefaultDecode, m_bColorKey); |
| 579 if (!m_pCompData) { | 582 if (!m_pCompData) { |
|
Tom Sepez
2016/04/15 20:14:49
here too
Oliver Chang
2016/04/15 20:40:26
Done.
| |
| 580 return 0; | 583 return 0; |
| 581 } | 584 } |
| 582 } | 585 } |
| 583 m_bpc = bpc; | 586 m_bpc = bpc; |
| 584 m_pDecoder.reset(CPDF_ModuleMgr::Get()->GetJpegModule()->CreateDecoder( | 587 m_pDecoder.reset(CPDF_ModuleMgr::Get()->GetJpegModule()->CreateDecoder( |
| 585 src_data, src_size, m_Width, m_Height, m_nComponents, bTransform)); | 588 src_data, src_size, m_Width, m_Height, m_nComponents, bTransform)); |
| 586 } | 589 } |
| 587 } | 590 } |
| 588 } else if (decoder == "FlateDecode") { | 591 } else if (decoder == "FlateDecode") { |
| 589 m_pDecoder.reset(FPDFAPI_CreateFlateDecoder( | 592 m_pDecoder.reset(FPDFAPI_CreateFlateDecoder( |
| (...skipping 981 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1571 IFX_Pause* pPause) { | 1574 IFX_Pause* pPause) { |
| 1572 return LoadHandle->Continue(pPause); | 1575 return LoadHandle->Continue(pPause); |
| 1573 } | 1576 } |
| 1574 | 1577 |
| 1575 CPDF_ImageLoader::~CPDF_ImageLoader() { | 1578 CPDF_ImageLoader::~CPDF_ImageLoader() { |
| 1576 if (!m_bCached) { | 1579 if (!m_bCached) { |
| 1577 delete m_pBitmap; | 1580 delete m_pBitmap; |
| 1578 delete m_pMask; | 1581 delete m_pMask; |
| 1579 } | 1582 } |
| 1580 } | 1583 } |
| OLD | NEW |
