core/fxge/ge/fx_ge_device.cpp - Issue 2226023002: Fixup various overflow conditions - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(1784)

My Issues | Starred Open | Closed | All

Unified Diff: core/fxge/ge/fx_ge_device.cpp

Issue 2226023002: Fixup various overflow conditions (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: Review cleanup Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « core/fxcrt/include/fx_coordinates.h ('k') | third_party/agg23/0002-ubsan-error-fixes.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: core/fxge/ge/fx_ge_device.cpp

diff --git a/core/fxge/ge/fx_ge_device.cpp b/core/fxge/ge/fx_ge_device.cpp

index 36d2920b49d24e2cff902240dd7d40539ff04984..7cf11e7a1f4e494acdf34c1b8853f9efd98de9c4 100644

--- a/core/fxge/ge/fx_ge_device.cpp

+++ b/core/fxge/ge/fx_ge_device.cpp

@@ -170,6 +170,13 @@ FX_BOOL CFX_RenderDevice::DrawPathWithBlend(

if (!(fill_mode & FXFILL_RECT_AA) &&

pPathData->IsRect(pObject2Device, &rect_f)) {

FX_RECT rect_i = rect_f.GetOutterRect();

+

+ // Depending on the top/bottom, left/right values of the rect it's

+ // possible to overflow the Width() and Height() calculations. Check that

+ // the rect will have valid dimension before continuing.

+ if (!rect_i.Valid())

+ return FALSE;

+

int width = (int)FXSYS_ceil(rect_f.right - rect_f.left);

if (width < 1) {

width = 1;

« no previous file with comments | « core/fxcrt/include/fx_coordinates.h ('k') | third_party/agg23/0002-ubsan-error-fixes.patch » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698