Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(775)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: core/src/fxcodec/codec/fx_codec_png.cpp

Issue 997273002: XFA: bound memcpy length in _png_load_bmp_attribute() (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@xfa
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: core/src/fxcodec/codec/fx_codec_png.cpp
diff --git a/core/src/fxcodec/codec/fx_codec_png.cpp b/core/src/fxcodec/codec/fx_codec_png.cpp
index 8c26381514834392d9b85e3f7c440154b3b4e5fd..ea5ffaf68ab16462bb81042d06a9276ba4c75ad3 100644
--- a/core/src/fxcodec/codec/fx_codec_png.cpp
+++ b/core/src/fxcodec/codec/fx_codec_png.cpp
@@ -69,8 +69,9 @@ static void _png_load_bmp_attribute(png_structp png_ptr, png_infop info_ptr, CFX
buf = "Time";
if (!FXSYS_memcmp32(buf, text[i].key, FX_MIN(len, FXSYS_strlen(buf)))) {
if (!bTime) {
- FXSYS_memset32(pAttribute->m_strTime, 0, 20);
- FXSYS_memcpy32(pAttribute->m_strTime, text[i].text, text[i].text_length);
+ FXSYS_memset32(pAttribute->m_strTime, 0, sizeof(pAttribute->m_strTime));
+ FXSYS_memcpy32(pAttribute->m_strTime, text[i].text,
+ FX_MIN(sizeof(pAttribute->m_strTime) - 1, text[i].text_length));
}
} else {
buf = "Author";
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698