Google Git
Sign in
pdfium/pdfium.git/b1b8668ef12ae4e7fcb5fbf3f01fa623a319a092^!/.
commit
b1b8668ef12ae4e7fcb5fbf3f01fa623a319a092
[log]
author
dsinclair <dsinclair@chromium.org>
Mon Aug 08 11:10:48 2016 -0700
committer
Commit bot <commit-bot@chromium.org>
Mon Aug 08 11:10:48 2016 -0700
tree
061370a217f3563a50391421e4884e09dab7d754
parent
33c4cdb4efbacb73151c982549151ea4e545eff8 [diff]
Check if image width or height are zero before proceeding.

If the width of the CJBig2_Image is set to 0 then the stride_pixels will be
zero and when we divide we'll get a floating point exception.

If the width or height are zero then we can exit early without proceeding with
the rest of the constructor.

BUG=chromium:635008

Review-Url: https://codereview.chromium.org/2222843004

diff --git a/core/fxcodec/jbig2/JBig2_Image.cpp b/core/fxcodec/jbig2/JBig2_Image.cpp
index b8cb211..2071221 100644
--- a/core/fxcodec/jbig2/JBig2_Image.cpp
+++ b/core/fxcodec/jbig2/JBig2_Image.cpp

@@ -23,7 +23,7 @@
       m_nHeight(0),
       m_nStride(0),
       m_bOwnsBuffer(true) {
-  if (w < 0 || h < 0 || w > kMaxImagePixels)
+  if (w <= 0 || h <= 0 || w > kMaxImagePixels)
     return;
 
   int32_t stride_pixels = (w + 31) & ~31;