Strengthen bounds check in CWeightTable::Calc * part II
This CL implemented a better version of CWeightTable::GetPixelWeightSize(), which will calculate the size of array PixelWeight.m_Weights correctly to prevent potential heap buffer overflow conditions.
BUG=chromium:654183
R=ochang@chromium.org, thestig@chromium.org, dsinclair@chromium.org
Review-Url: https://codereview.chromium.org/2404453003
diff --git a/core/fxge/dib/fx_dib_engine.cpp b/core/fxge/dib/fx_dib_engine.cpp
index 389cf23..47dcf03 100644
--- a/core/fxge/dib/fx_dib_engine.cpp
+++ b/core/fxge/dib/fx_dib_engine.cpp
@@ -43,7 +43,7 @@
}
size_t CWeightTable::GetPixelWeightSize() const {
- return m_dwWeightTablesSize / sizeof(int);
+ return m_ItemSize / sizeof(int) - 2;
}
bool CWeightTable::Calc(int dest_len,