pdf/draw_utils.cc - Issue 519873002: Avoid OOB memcpy in chrome_pdf::CopyImage. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(608)

My Issues | Starred Open | Closed | All

Unified Diff: pdf/draw_utils.cc

Issue 519873002: Avoid OOB memcpy in chrome_pdf::CopyImage. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix underlying math bug. Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « pdf/control.cc ('k') | ppapi/cpp/image_data.h » ('j') | ppapi/cpp/image_data.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: pdf/draw_utils.cc

diff --git a/pdf/draw_utils.cc b/pdf/draw_utils.cc

index 8bc3ac3ae1e6b12c9ceac5a0079980f7d363aef3..cd4ab607956b9aa1e633d52ca13bcc52197b804f 100644

--- a/pdf/draw_utils.cc

+++ b/pdf/draw_utils.cc

@@ -145,9 +145,12 @@ void GradientFill(pp::Instance* instance,

void CopyImage(const pp::ImageData& src, const pp::Rect& src_rc,

pp::ImageData* dest, const pp::Rect& dest_rc,

bool stretch) {

- DCHECK(src_rc.width() <= dest_rc.width() &&

- src_rc.height() <= dest_rc.height());

- if (src_rc.IsEmpty())

+ if (src_rc.IsEmpty() || !src.Contains(src_rc))

+ return;

+

+ pp::Rect stretched_rc(dest_rc.point(),

+ stretch ? dest_rc.size() : src_rc.size());

+ if (stretched_rc.IsEmpty() || !dest->Contains(stretched_rc))

return;

const uint32_t* src_origin_pixel = src.GetAddr32(src_rc.point());

« no previous file with comments | « pdf/control.cc ('k') | ppapi/cpp/image_data.h » ('j') | ppapi/cpp/image_data.h » ('J')

Powered by Google App Engine

This is Rietveld 408576698