Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(504)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2404453003: Strengthen bounds check in CWeightTable::Calc * part II (Closed)

Created:
4 years, 2 months ago by Ke Liu
Modified:
4 years, 2 months ago
CC:
pdfium-reviews_googlegroups.com
Target Ref:
refs/heads/master
Project:
pdfium
Visibility:
Public.

Description

Strengthen bounds check in CWeightTable::Calc * part II This CL implemented a better version of CWeightTable::GetPixelWeightSize(), which will calculate the size of array PixelWeight.m_Weights correctly to prevent potential heap buffer overflow conditions. BUG=chromium:654183 R=ochang@chromium.org, thestig@chromium.org, dsinclair@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/05923132ae08d45fbe957219775a48c55ee57aef

Patch Set 1 #

Total comments: 1

Patch Set 2 : A better implementation of GetPixelWeightSize #

Total comments: 1

Patch Set 3 : Simplify the expression #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -1 line) Patch
M core/fxge/dib/fx_dib_engine.cpp View 1 2 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 13 (4 generated)
Ke Liu
The beginning address of array |PixelWeight.m_Weights| can be changed dynamically. So we must calculate the ...
4 years, 2 months ago (2016-10-08 07:51:21 UTC) #1
Lei Zhang
https://codereview.chromium.org/2404453003/diff/1/core/fxge/dib/fx_dib_engine.cpp File core/fxge/dib/fx_dib_engine.cpp (left): https://codereview.chromium.org/2404453003/diff/1/core/fxge/dib/fx_dib_engine.cpp#oldcode46 core/fxge/dib/fx_dib_engine.cpp:46: return m_dwWeightTablesSize / sizeof(int); Should we instead just check ...
4 years, 2 months ago (2016-10-10 18:30:51 UTC) #3
Ke Liu
On 2016/10/10 18:30:51, Lei Zhang wrote: > https://codereview.chromium.org/2404453003/diff/1/core/fxge/dib/fx_dib_engine.cpp > File core/fxge/dib/fx_dib_engine.cpp (left): > > https://codereview.chromium.org/2404453003/diff/1/core/fxge/dib/fx_dib_engine.cpp#oldcode46 ...
4 years, 2 months ago (2016-10-11 03:31:17 UTC) #4
Ke Liu
On 2016/10/11 03:31:17, Ke Liu wrote: > On 2016/10/10 18:30:51, Lei Zhang wrote: > > ...
4 years, 2 months ago (2016-10-14 01:53:24 UTC) #6
Lei Zhang
https://codereview.chromium.org/2404453003/diff/20001/core/fxge/dib/fx_dib_engine.cpp File core/fxge/dib/fx_dib_engine.cpp (right): https://codereview.chromium.org/2404453003/diff/20001/core/fxge/dib/fx_dib_engine.cpp#newcode46 core/fxge/dib/fx_dib_engine.cpp:46: return (m_ItemSize - sizeof(int) * 2) / sizeof(int); How ...
4 years, 2 months ago (2016-10-14 23:51:54 UTC) #7
Ke Liu
On 2016/10/14 23:51:54, Lei Zhang wrote: > https://codereview.chromium.org/2404453003/diff/20001/core/fxge/dib/fx_dib_engine.cpp > File core/fxge/dib/fx_dib_engine.cpp (right): > > https://codereview.chromium.org/2404453003/diff/20001/core/fxge/dib/fx_dib_engine.cpp#newcode46 ...
4 years, 2 months ago (2016-10-17 01:54:25 UTC) #8
Lei Zhang
lgtm
4 years, 2 months ago (2016-10-17 06:29:57 UTC) #10
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2404453003/40001
4 years, 2 months ago (2016-10-17 06:30:00 UTC) #11
commit-bot: I haz the power
4 years, 2 months ago (2016-10-17 07:16:26 UTC) #13
Message was sent while issue was closed. 
Committed patchset #3 (id:40001) as
https://pdfium.googlesource.com/pdfium/+/05923132ae08d45fbe957219775a48c55ee5...

Powered by Google App Engine
This is Rietveld 408576698