Strengthen bounds check in CWeightTable::Calc * part II

core/fxge/dib/fx_dib_engine.cpp

Index: core/fxge/dib/fx_dib_engine.cpp
diff --git a/core/fxge/dib/fx_dib_engine.cpp b/core/fxge/dib/fx_dib_engine.cpp
index 389cf239098f5a467dc20d5baabb255acf495b9b..4923237c7885b55a0454f6dde66581c3b982b032 100644
--- a/core/fxge/dib/fx_dib_engine.cpp
+++ b/core/fxge/dib/fx_dib_engine.cpp
@@ -42,8 +42,10 @@ CWeightTable::~CWeightTable() {
   FX_Free(m_pWeightTables);
 }
 
-size_t CWeightTable::GetPixelWeightSize() const {
-  return m_dwWeightTablesSize / sizeof(int);

[Lei Zhang, 2016/10/10 18:30:51]

Should we instead just check for:

return m_ItemSize / sizeof(int);

??

+size_t CWeightTable::GetMaximumPixelWeightSize(PixelWeight* pWeight) const {
+  uint8_t* end_addr = m_pWeightTables + m_dwWeightTablesSize;
+  uint8_t* begin_addr = reinterpret_cast<uint8_t*>(&pWeight->m_Weights);
+  return (end_addr - begin_addr) / sizeof(pWeight->m_Weights[0]);
 }
 
 bool CWeightTable::Calc(int dest_len,
@@ -240,7 +242,7 @@ bool CWeightTable::Calc(int dest_len,
         break;
       }
       size_t idx = j - start_i;
-      if (idx >= GetPixelWeightSize())
+      if (idx >= GetMaximumPixelWeightSize(&pixel_weights))
         return false;
       pixel_weights.m_Weights[idx] = FXSYS_round((FX_FLOAT)(weight * 65536));
     }
@@ -260,7 +262,7 @@ int* CWeightTable::GetValueFromPixelWeight(PixelWeight* pWeight,
     return nullptr;
 
   size_t idx = index - pWeight->m_SrcStart;
-  return idx < GetPixelWeightSize() ? &pWeight->m_Weights[idx] : nullptr;
+  return idx < GetMaximumPixelWeightSize(pWeight) ? &pWeight->m_Weights[idx] : nullptr;
 }
 
 CStretchEngine::CStretchEngine(IFX_ScanlineComposer* pDestBitmap,