Fix compare between signed and unsigned values in CPDF_ImageRenderer::StartDIBSource.

core/fpdfapi/fpdf_render/fpdf_render_image.cpp

Index: core/fpdfapi/fpdf_render/fpdf_render_image.cpp
diff --git a/core/fpdfapi/fpdf_render/fpdf_render_image.cpp b/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
index e23cab3546c57eaa5076d292ea01db2b8b3ba97a..d0da0bed5e30902a7e6e3da8091a16348e24ccdd 100644
--- a/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
+++ b/core/fpdfapi/fpdf_render/fpdf_render_image.cpp
@@ -762,9 +762,9 @@ FX_BOOL CPDF_ImageRenderer::DrawMaskedImage() {
 
 FX_BOOL CPDF_ImageRenderer::StartDIBSource() {
   if (!(m_Flags & RENDER_FORCE_DOWNSAMPLE) && m_pDIBSource->GetBPP() > 1) {
-    int image_size = m_pDIBSource->GetBPP() / 8 * m_pDIBSource->GetWidth() *
-                     m_pDIBSource->GetHeight();
-    if (image_size > FPDF_HUGE_IMAGE_SIZE &&
+    FX_SAFE_SIZE_T image_size = m_pDIBSource->GetBPP() / 8 * m_pDIBSource->GetWidth() *

[Oliver Chang, 2016/09/12 16:21:33]

This is incorrect, as any integer errors would've already occurred by the time
you assign to image_size.

You need to do something like:

FX_SAFE_SIZE_T image_size = m_pDIBSource->GetBPP();
image_size /= 8;
image_size *= m_pDIBSource->GetWidth();
...

+        m_pDIBSource->GetHeight();
+    if (image_size.ValueOrDie() > FPDF_HUGE_IMAGE_SIZE &&

[Oliver Chang, 2016/09/12 16:21:33]

Usually we don't want to crash if image_size is not valid. The convention is to
do something like:

if (!image_size.IsValid())
  return FALSE;

         !(m_Flags & RENDER_FORCE_HALFTONE)) {
       m_Flags |= RENDER_FORCE_DOWNSAMPLE;
     }