Check CFX_DIBitmap::Create() result in ProgressiveDecoder
- In one case, check the Create() result, which indicates whether the
buffer got created or not, instead of separately calling GetBuffer().
- In another group of cases, check to Create() result to detect an
allocation error, as a null check on the bitmap pointer is
insufficient. Also do the error check before writing into the bitmap's
buffer, not after.
Bug: pdfium:2047
Change-Id: I9da35f35cd6784593dfc60b7faf17fbf163ba783
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/111991
Reviewed-by: Nigi <nigi@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
diff --git a/core/fxcodec/progressive_decoder.cpp b/core/fxcodec/progressive_decoder.cpp
index 8e84500..c6e77e3 100644
--- a/core/fxcodec/progressive_decoder.cpp
+++ b/core/fxcodec/progressive_decoder.cpp
@@ -1273,8 +1273,7 @@
}
auto pDIBitmap = pdfium::MakeRetain<CFX_DIBitmap>();
- pDIBitmap->Create(m_SrcWidth, m_SrcHeight, FXDIB_Format::kArgb);
- if (pDIBitmap->GetBuffer().empty()) {
+ if (!pDIBitmap->Create(m_SrcWidth, m_SrcHeight, FXDIB_Format::kArgb)) {
m_pDeviceBitmap = nullptr;
m_pFile = nullptr;
m_status = FXCODEC_STATUS::kError;
@@ -1299,33 +1298,46 @@
return m_status;
}
RetainPtr<CFX_DIBitmap> pFormatBitmap;
+ bool created_format_bitmap = false;
switch (m_pDeviceBitmap->GetFormat()) {
case FXDIB_Format::k8bppRgb:
pFormatBitmap = pdfium::MakeRetain<CFX_DIBitmap>();
- pFormatBitmap->Create(pClipBitmap->GetWidth(), pClipBitmap->GetHeight(),
- FXDIB_Format::k8bppRgb);
+ created_format_bitmap = pFormatBitmap->Create(pClipBitmap->GetWidth(),
+ pClipBitmap->GetHeight(),
+ FXDIB_Format::k8bppRgb);
break;
case FXDIB_Format::k8bppMask:
pFormatBitmap = pdfium::MakeRetain<CFX_DIBitmap>();
- pFormatBitmap->Create(pClipBitmap->GetWidth(), pClipBitmap->GetHeight(),
- FXDIB_Format::k8bppMask);
+ created_format_bitmap = pFormatBitmap->Create(pClipBitmap->GetWidth(),
+ pClipBitmap->GetHeight(),
+ FXDIB_Format::k8bppMask);
break;
case FXDIB_Format::kRgb:
pFormatBitmap = pdfium::MakeRetain<CFX_DIBitmap>();
- pFormatBitmap->Create(pClipBitmap->GetWidth(), pClipBitmap->GetHeight(),
- FXDIB_Format::kRgb);
+ created_format_bitmap =
+ pFormatBitmap->Create(pClipBitmap->GetWidth(),
+ pClipBitmap->GetHeight(), FXDIB_Format::kRgb);
break;
case FXDIB_Format::kRgb32:
pFormatBitmap = pdfium::MakeRetain<CFX_DIBitmap>();
- pFormatBitmap->Create(pClipBitmap->GetWidth(), pClipBitmap->GetHeight(),
- FXDIB_Format::kRgb32);
+ created_format_bitmap =
+ pFormatBitmap->Create(pClipBitmap->GetWidth(),
+ pClipBitmap->GetHeight(), FXDIB_Format::kRgb32);
break;
case FXDIB_Format::kArgb:
pFormatBitmap = pClipBitmap;
+ created_format_bitmap = true;
break;
default:
break;
}
+ if (!created_format_bitmap) {
+ m_pDeviceBitmap = nullptr;
+ m_pFile = nullptr;
+ m_status = FXCODEC_STATUS::kError;
+ return m_status;
+ }
+
switch (m_pDeviceBitmap->GetFormat()) {
case FXDIB_Format::k8bppRgb:
case FXDIB_Format::k8bppMask: {
@@ -1365,12 +1377,6 @@
default:
break;
}
- if (!pFormatBitmap) {
- m_pDeviceBitmap = nullptr;
- m_pFile = nullptr;
- m_status = FXCODEC_STATUS::kError;
- return m_status;
- }
FXDIB_ResampleOptions options;
options.bInterpolateBilinear = true;
